Briefing Update

360in180: Taking Microsegmentation to the Next Level

Security is top of mind for many an organization today as new attack vectors are devised and executed on every day.  Keeping up with the sheer diversity of potential areas of vulnerability is a primary concern as companies seek to stay out of the news and in business.

The security market itself has fragmented into dozens of submarkets with different companies seeking to help customers secure their organizations in different ways.  From this sprawling market has come a number of newer terms in the IT lexicon, including microsegmentation.

There was a day when application documentation shipped with port maps that administrators used to dutifully configure firewalls to restrict communication to only the ports identified in this documentation.

There was also a day when VLANs alone were sufficient to protect organizations since attacks were few and far between.  In fact, this was the original form of network segmentation, but it relies on humans acting proactively and is also somewhat reliant on static conditions.

Today, with applications increasingly interconnected and dynamic, it’s all but impossible to keep track of all of the various communications flows manually, let alone in real-time.  Moreover, application span on-premises and cloud-based environments, making traditional approaches to security difficult and, often, impossible to carry out.

Why is segmentation important? It’s a known fact that hackers, once inside the network perimeter, look for opportunities to jump between systems to locate high-value targets. Although the original system that a hacker compromised may not be that important, the fact that the hacker was able to jump to your customer database turned what might have been a low impact event into something that impacts the business.

Hence, the introduction of microsegmentation.

In simple terms, microsegmentation refers to what are essentially massively distributed rulesets that run on hosts or on endpoints, or combinations of the two.  In its original form, microsegmentation services built comprehensive network maps that tracked network communications traffic to help administrators gain awareness of how their applications interact and to identify traffic patterns that were needed so that rules could be implemented to block anomalous traffic.

But there’s still a problem with microsegmentation.  The technology does a fantastic job at blocking traffic based on address and port combinations, but that doesn’t mean that a pathway from an external person to a high-value internal resource doesn’t exist.

In fact, it’s this pathway concern that is driving the next iteration of microsegmentation.

In a conversation I had recently with Edgewise Networks, Peter Smith, the company’s founder, discussed with me the ways by which Edgewise is taking microsegmentation to the next level by inserting itself deep into the network stack on every host and learning about application-to-application – not device-to-device – communication patterns.  Whereas an address/port-centric microsegmentation or even application firewall solution might not always be able to block a telnet connection being made over an unauthorized port, Edgewise’s machine learning algorithm will block such access because it’s not characteristic of the unique baseline operational state of that specific customer environment.  It knows exactly which specific executables on Windows hosts, for example, are supposed to be communicating with which processes on other Linux hosts.  The granularity and dynamic nature of what Edgewise is doing is something that humans simply can’t replicate, hence its machine learning-centric architecture.

You’ll be learning more about Edgewise Networks from James Green during an upcoming 10onTech podcast and a demo of the platform with David Davis, so keep watch.  In the meantime, to learn more about Edgewise, visit www.edgewise.net.