Eliminating technical barriers for secure wide area micro-segmentation

By
Jeff Hussey

On July 4, 1776, our founding fathers officially adopted the Declaration of Independence for the United States of America. Some of the most influential and remarkable words in the history of written communication were endorsed that day. They read as follows:

“We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.”

Those words, particularly “life, liberty, and the pursuit of happiness” spoke rather poignantly to the quest for freedom from the rule of King George III. Freedom has always been an ideal ingrained deep within human nature. Ironically, IT professionals of today in any country still seek freedom—a freedom from overly complex—yet still predominantly insecure—networks that bog down our productivity and reduce innovation. The tyranny we face in this battle, however, comes not from a crown, but from hackers and cybercriminals around the world, taking advantage of the foundation the Internet was built upon.

The Internet Protocol was built as a collaborative effort in multiple research centers between 1978-1983, but its limitations from a security standpoint almost make it seem like something that was ratified in 1776 with a quill pen and a trusty musket resting at the side of Thomas Jefferson.

The founding fathers of TCP/IP, the architecture that supports the Internet, (most often credited to Vinton Cerf and Bob Kahn) chose a model where everything can see everything. They had little to no idea back then of the perils that could occur from such an open concept of networking.

Yes; a trusty musket was all that was needed to defend our freedom in 1776, but as time passed, much stricter and tremendously more sophisticated measures of security have been required to defend our land. Similarly, in 1978, perhaps the only network security we needed was to physically look over our shoulder, and make sure nobody was spying on your computer activity. Today, however, computing is infinitely more sophisticated and requires much higher levels of security. Therefore, an unruly tangle of extra layers have created an entirely unmanageable network environment going forward. Consider the following truths, which are indeed, self-evident:

  • Enterprises are creating hybrid IT architectures that combine on premise and cloud-based systems, applications, and information stores.
  • Employees can collaborate and get work done anytime, anywhere.
  • Simultaneously, cyber attackers grow more sophisticated and difficult to detect.

As a result, IT security has never been more complex. A recent ZK Research survey revealed that large enterprises have an average of 32 security vendors deployed! Networking and security sprawl is out of control and IT complexity has become unsustainable, no matter how large or seasoned your IT staff is.

Identity-based micro-segmentation flips that model by assigning a unique identity to each device or network. This enables you to create and apply rules that permit a device to only “see” other devices you select.

The primary advantage is the ability to hide whitelisted devices from anything (and anybody) that doesn’t need to see them. For example, a policy can dictate that medical devices can only talk to other medical devices. A policy can apply to all physical, software, embedded, virtual and cloud form factors. You have the flexibility to create networks across its hybrid network. You effectively create a secure software-defined network (SDN), and go a step further by supporting east-west and north-south traffic.

Micro-segmentation is part of an identity-based solution that seamlessly drops into your network and eliminates technical barriers to reduce complexity and provide better security. By implementing such a technology gives you the freedom to:

  • Stop using internal firewalls and VPNs.
  • Improve IDS/IPS performance by reducing attack vectors and the number of false positives. 
  • Achieve better malware mitigation and control breaches.
  • Have global IP mobility to move machines anywhere, without having to re-IP the machine.

As we look forward to the dawning of a new era in the virtual revolution of modern networking, we should all consider a Declaration of Independence from complexity in our network security. Now, only if Thomas Jefferson were here to write something about “micro-segmentation, identity-based solutions, and the pursuit of simple and secure computing.”