Enterprises worldwide continue to reap the benefits of big data and big data analytics within their respective fields. As growth continues and technology expands its capacities and abilities, so will the amount of information shared and stored by businesses. Keeping this data secure remains a primary goal for network administrators tasked with maintaining the security of their infrastructures.
Data breaches continue to wreak havoc across companies in various global industries that can cost millions of dollars in damage. With the severity of the cost resulting from compromised data, innovative and practical security solutions are often sought after to mitigate, and ideally prevent, the level of harm caused by a breach.
In a study released by the Ponemon Institute, IBM’s Cost of a Data Breach, information was collected from 15 regions of the globe covering 17 business industries to interview IT and security specialists from 477 companies. With a strong baseline established, the extrapolated data revealed the average cost of a data breach in 2018 as $3.86 million(!). In contrast to the amount from 2017, this figure is up 6.4% showing the increased success of intrusion attempts along with bigger financial losses. Dependent upon the number of files compromised, a single record can cause a loss of under $150 while a mega breach of a million files can net losses of $40 million. This doesn’t include the additional losses from residual damage; upgraded security measures to prevent repeat attacks, drops in stock value, and most importantly the loss of consumer trust. These numbers only reflect the critical need for concentrated focus of data security at all levels of business regardless of industry.
In an effort to mitigate their exposure to and collateral damage from data breaches, many organizations have turned to micro segmentation. This leads to the important “what is micro segmentation?question and further exploration of the topic this article will dive into.
To understand the answer to this question, it is first important to understand a bit about the need for segmentation in general, and another form of segmentation known as application segmentation. With businesses being one of the primary targets for attacks, hackers are showing dedicated interest in corporate applications to access sensitive information. Avoiding detection is still an important factor in intrusion defense, but the inclusion of segmenting security measures across an infrastructure is a proven method of lessening the severity of an attack. Application segmentation involves the use of Layer 4 controls to create isolation for an application’s service levels individually and also generates a boundary around the application to moderate exposure from other intrusion origin points. This method helps to designate division of access levels for an application, limiting accessibility between each other. Additionally, the separation from other applications reduces the lateral damage an attack can cause.
However, micro-segmentation, an improved form of app segmentation, is quickly becoming an essential component of infrastructure data security. Its features and functions allow organizations to have considerably enhanced segmentation abilities while adding improved visibility over their entire system. First, security specialists within an organization analyze and record available resources and processes within their networked systems to develop a baseline of expected behavior within the network. Often this happens by way of host and network sensors seeking Layer 4 and Layer 7 data. Advanced setups can automate the evaluation process as well for enterprise level applications while also having the ability to seamlessly integrate between datacenter, cloud, and hybrid environments. Once the information has been compiled, it provides security teams with complete visibility of the environment and its protection policies thus allowing for granular vulnerability and exploit inspection.
While Layer 4 controls are relied upon by app segmentation, advanced micro-segmentation solutions employ Layer 7 operations, which is the highest layer of OSI. This benefits enterprises by providing a view of specific processes and their related data paths to be monitored and reviewed in a practical format to better allow for isolation of resources and operations.
Lateral movement security
Having a strong perimeter around the network infrastructure of a system is commonly where an organization’s security teams place their primary focus. The monitoring and management of direct communication in a north south view between a client and host has also been a traditional practice of data protection. As computing technology has evolved to allow data traffic from server to server within a datacenter, this lateral movement creates an attack surface that malicious applications will exploit given the opportunity. Once an intruder has gained access to a “secure” environment, the attacker will attempt to identify additional vulnerable resources and trusted systems to spread and gain access to additional critical systems and processes.
As the intrusion continues to probe the infrastructure, higher levels of access can be obtained, and less secure internal policies can be exploited causing further breaches in more areas of the network. With this east west movement, the intruder can remain undetected for longer periods of time, dramatically increasing the scope of damage inflicted. This creates a difficult problem for IT teams to detect intrusions as they can camouflage themselves within normal data traffic. Remember the average cost of corrupted files? The longer the attack remains in a system, the more severe cost ramifications are left for a business.
Micro segmentation allows for full visualization of east west traffic, thus greatly reducing the amount of lateral access an intruder can accomplish after a breach. Processing and workload security controls can be implemented to datacenter and cloud environments so any attempts for lateral movement that do not match the baseline operation can be flagged to alert security teams for review and action. Having the ability to detect this movement early on in an attack indefinitely isolates attack points to prevent further harm. Supplemental counter measures in advanced configurations can also redirect failed or unauthorized access attempts to a deception engine where attackers are given data showing successful admission to their target. In this isolated environment, security teams can analyze the attack, eliminate further access, and create preventive measures for future attempts.
Micro-segmentation helps better secure enterprise networks
As data breaches continue to rise, it’s important to move beyond traditional network security practices and remain a step ahead of intruders. Preventing lateral movement is an enormous step towards stopping the next mega breach, and micro-segmentation has proven to be a valuable resource for the IT industry as a dynamic and adaptable defense.