Enter a major warehouse club such as Costco and its not too hard to navigate through the aisles. Our brains like it when things are organized and orderly. The shopping warehouse structure is understandable and when everything has its place and every place has its thing, it makes sense to us. Even if things get to massive sizes, as long as a structure and some level of organization is in place, it’s easy to stay organized. Now when it comes to IoT and security, things are not always as tidy or so orderly. If anything, we’ve become accustomed to a flat network where traffic goes all over the place creating violations and constant alerts. Sometimes these alerts can reach 10,000 per week for large organizations. Sure we have tools to automate and remediate these alerts but fundamentally we think there is a better approach.
Asides from reducing network congestion, segmentation has the added advantage of improving security as the attack surface can be smaller and breaches if they occur can be readily contained, limiting the damage and any further potential movement. Rudimentary ways to segment networks can be performed by usage such as web servers in one area, and database servers in another. Segmentation can also be performed via department such as sales/finance/engineering and even guest access. Managing the segments and having policies on what can move from one segment to another is important for the sake of control and keeping things tidy at a corporate network.
Our take on micro-segmentation
Today, one has the assumption that the traditional firewall has been breached and the bad guys are already inside a major hospital, financial institution, or government network. If segmenting a network is good, micro-segmentation must be better since during a breach an attacker can quickly be isolated within the smaller zone limiting the access to information in different areas. Managing such a network, however, can get increasingly complicated as segments become increasingly granular.
Micro-segmentation divides networks down to the workload level and then defines specific security controls and policies for these specific segments and workloads. It’s a more granular and logical approach than physical segmentation via physical firewalls making it easier for network and security administrators. With micro-segmentation, communications can be monitored and controlled and device traffic and requests will stay in their respective “warehouse aisle.” If there is any deviation from the desired protocol, or some random communication that should not be occurring, remedial action should be immediately taken and you just need to clean up one aisle and not close the entire warehouse.
Take it a step further
When micro-segmentation is combined with automated security policy generation, the enterprise customer can see a sharp decrease in the number of alerts or alarms. Other benefits include faster remedial action and damage containment if something bad does occur. Signaling an alarm is one thing, doing something and learning from the breach is another. At Ordr, we proactively protect the enterprise network and traffic is analyzed at multiple layers. Our SCE system creates a conversation map called the flow genome for every connected device. We identify all communications between the various segment and VLANS. We automate device identification, leverage AI to baseline normal communication behavior and then translates these behaviors into a device-specific security policy.
Cyber attacks are too lucrative for the bad guys and if anything we’re seeing a step up in the incidence of ransomware attacks. Micro-segmentation, when combined with proactive protection, creates a safe environment for network devices and prevents an attacker from moving around causing havoc and our system continuously learns and adapts. With Ordr you are in control. Valuable assets are locked up and safe behind the display case, and the aisles are nice and clean.