Don’t Let Micro-segmentation Spook You

By
Erik Giesa, VP of Products

In the tech industry, many of the words and terms that get thrown around might not seem the most accessible or simple to define, and some of them might even seem downright intimidating. These complex-sounding terms can scare people away from even asking questions.

But fear not. In an ever-evolving field like secure networking, some of the terms that are commonly used become a lot less scary with a little bit of explanation. Let’s unpack one of these spookier terms: Micro-segmentation.

Micro-segmentation is a process of breaking down a data center into smaller, logical elements that are then managed by high-level IT security policies.

So how is this helpful networking? While IT systems used to be physically separated, often referred to as air-gapped, from OT systems like manufacturing, BACnet, and other industrial control systems, IT and OT often share the same underlay network. This vastly increases the attack surface of an organization’s critical infrastructure. In other words, a hacker has even more points of entry into an organization’s most sensitive information – once they access either an IT or OT infrastructure, they can move East-West through a network until they find the information that they want.

Micro-segmentation allows an organization to isolate their IT and OT networks into separate pieces of the shared network. So, minimizing damage if a breech occurs. In a malware attack, infected devices are used as pivot points to the rest of the network, resulting in costly breaches. Command-and-control (C&C) servers issue instructions to compromised systems, where techniques are becoming much more difficult to uncover—until it’s too late. That’s why, in addition to micro-segmentation, Tempered Networks also allows you to cloak and protect critical and vulnerable endpoints to prevent reconnaissance. With cloaking, your protected devices and networks have no visible IP footprint and will not respond to any untrusted device or system—meaning those that haven’t been whitelisted onto your IDN overlay network. Even if one of your devices was compromised, IDN eliminates its ability to communicate out to a C&C server, reducing your attack surface by as much as 90%.

 

What’s the trick?

When you apply micro-segmentation to a network, it adds virtualization and control that results in better network performance and an architecture that is much easier to organize and manage. The trick is, how do you manage all these segments so your access and security doesn’t break?  Thankfully, today, seamless policy-based orchestration based on verifiable cryptographic identities is available and actually makes network segmentation simple. Just when you thought micro-segmentation was foul language, you’re in for a treat with Identity-Defined Networking that makes it point-n-click simple.

The real scary part of micro-segmentation is when organizations don’t use it, leaving their networks exposed to attacks and lateral movement across the enterprise. Don’t be the next victim. Contact us today and we’ll demonstrate how we can take the spook out of micro-segmentation.