Segmentation Done Right – Part 3 of 3
Segmentation is a good thing and we understand the benefits and we also know that segmentation needs to be done right. Doing it right means segmenting in a non-rigid manner and having a clear goal in mind before VLANs are deployed randomly or likeminded devices are just lumped together. In our concluding series, we discuss our take on flexible segmentation and how to generate policies using the observed behaviors of devices.
At Ordr we can granularly group devices by type or even group the same type of devices across an enterprise. For example, if you want to see all your cameras across your entire enterprise we can do that. Want to see cameras only used by the surveillance security department? Or cameras just in the manufacturing line? We can slice it or dice it any way you like in ways that fit your business requirements.
One popular starting point that we see with some customers is segmentation by vulnerabilities. This process entails segmenting by the most vulnerable devices in your network. For example, think about all the cameras that come with a default password which is oftentimes just “password”. We can help segment these vulnerable cameras from the rest of the network to reduce their attack surface if they get hacked. Later on, we can help a hospital segment another group of precious devices such as CT scanners and patient monitoring devices which are often vulnerable since they run older operating systems. Older operating systems can be an issue since they can be susceptible to malware attacks, oftentimes inadvertently introduced by a healthcare worker who worked remotely, visited a bad site, and then came back to the hospital.
With the Ordr system, you can work through the device population one group at a time, based on your specific business criticality requirements. This is a very granular configurable method vs the traditional way of segmenting …the all or nothing approach of traditional VLANs. Think of it rather as a personal VLAN per device. We can help security personnel maintain good network hygiene by segmenting rogue access points, preventing devices from guest networks accessing clinical resources, and even help identify and remove outlier devices from incorrect segments.
With our approach, there is no need to declare a zero-trust day plan, and then execute to that milestone only to realize that the business requirements have changed, the device population has increased, or the network footprint evolved. With Ordr, you can start the segmentation journey now with a logical device-centric approach vs. big rigid boxes of categories. Our micro-segmentation approach is easier to execute, flexible and changes as your business requirements change, equipment is moved around due to utilization adjustments, or whatever the case may be.
We add insights into understanding the behaviors of devices. Once Ordr has baselined all the traffic, the system can report any time a device attempts to communicate outside its defined network behavior. This will be alerted on the main dashboard and as a device security incident. We can further show you the flows of traffic per device and how it interacts with every other device in your network. We can tell you what’s “normal” as we have intelligently mapped and baselined the traffic. Our system can subsequently report any time a device attempts to communicate outside its defined network behavior. This deviation from a device’s normal behavior will be alerted on the main dashboard as a device security incident.
At Ordr, you can group and segment however you prefer, the choice is yours. Whether it is creating network segments for medical vs. facilities vs. a contractor vs. the Emergency room, even subsegment the pharmacy if you like. And within each segment, you can selectively allow access by various groups. With granular flexible micro-segmentation from Ordr, you can contain any potential breaches and damage. Whitelist internal flows for your business needs flexibly. Blacklist with micro-segmentation, we do that too. We give you the tools to do segmentation right and we give you the smarts to take control.
Pandian has more than 20 years of product and engineering leadership experience and is also a serial entrepreneur. Before founding Ordr, he was the Chief Development Officer at Aruba, responsible for all of engineering and product management functions. Aruba, an enterprise mobile wireless company, was acquired by HPE for $3 Billion in March 2015. Before Aruba, Pandian served as the head of engineering for Cisco’s multi-billion-dollar Wi-Fi business unit and before that as VP of engineering for low-end switching product lines. He graduated with a master’s degree in Electrical Engineering from IIT, Chennai, India and holds several patents to his credit in various networking technologies.
Follow by Author