Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Technology Trends Shaping the Future of Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Technology Trends Shaping the Future of Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Cybersecurity

Identity as the New Perimeter: The Promise of Micro-segmentation

by Nate Rushfinn Crocker
November 8, 2016
in Cybersecurity
Reading Time: 5 mins read
A A
Identity as the New Perimeter: The Promise of Micro-segmentation
Share on FacebookShare on Twitter

400 billion dollars! That’s what Lloyd’s of London calculates as the cost of network breaches last year.

Experts agree that a strong perimeter defense is no longer enough. Threat actors can bypass firewalls and evade intrusion detection systems. Once inside they are free to roam, undetected for days, weeks or even months, while they search for vulnerabilities to exploit, gaining escalated privileges so they can abscond with valuable data. What we need is a new strategy!

Segmentation

Savvy network engineers and security experts have used segmentation since the early 1980s to partition networks using vLANS and extensive use of ACLS (Access Control Lists). If done correctly, segmentation is a powerful way to isolate traffic and slow down or stop infiltrators. But experts say that traditional segmentation is not granular or scalable enough to keep up with today’s workflows.

Micro-segmentation

Software defined networking (SDN) is a new paradigm that gives us the flexibility to segment networks more than we ever thought possible. Using micro-segmentation, we can dynamically isolate individual workloads as granular as a specific virtual machine or even applications. All without having to create VLANs or ACLs.

There is a central tenet in micro-segmentation that bucks conventional wisdom. It’s called ubiquity. Traditionally, we created different security levels of authorization (LOA) for different applications. Meaning someone with a library card doesn’t need the same security as someone getting Medicaid. But conventional wisdom no longer holds true in a world where threat actors are on the inside and can easily escalate their privileges. Ubiquity means that you always start with the highest level of security possible and apply that to everything.

Exponentially Increasing End-Points

Segmentation is a good thing if properly applied, but micro-segmentation is more granular, dynamic, and leverages SDN to segment east-west traffic without being tedious and error prone. Micro-segmentation is designed to handle today’s dynamic data centers and internet at scale. The only problem is that end-points are increasing exponentially and threat actors use malware, phishing and every trick imaginable to gain control of them. It’s no longer just desktops and laptops that are vulnerabilities; BYOD smart phones and tablets are everywhere.

Hyper-segmentation

I asked Randy Cross, product manager at Avaya to tell me about their Hyper-segmentation. He explained that it works from the edge in. Rather than creating network segments for specific applications or servers, their solution automatically creates new segments for each endpoint. Every device has its own fully isolated path to a specific application or server.

Public or private, the only thing that a user sees is their own individual traffic to that specific application. Everything else on the network is invisible to that user. If an attacker were to compromise the session, they would only see what that user sees on that completely isolated segment.

Flying First Class

Randy explained to me that hyper-segmentation was like having your own private Learjet. Rather than taking multiple hops across the country, you get on your own plane and fly direct to your destination. No one can see where you are going, and you see no one else on your way.

microsegmentation

Image courtesy of Avaya

Every time a device attaches to the network, a profile tells the fabric how to connect it. A dedicated pathway is setup from the device to the destination application. This pathway is a fully isolated segment. When the session is done, the pathway is automatically torn down, but the profile of the device is retained. When the device reconnects from the same or a different location, a new segment is automatically created.

Open Network Adapter (ONA)

Avaya automatically connects desktop, laptops, tablets and smart phones, but to provide total protection they created a special adapter for unique endpoints. Randy explained that a small adapter (about the size of a deck of cards) allows special devices like medical imaging equipment to work automatically with an Open vSwitch. Once a device is fitted with an ONA adapter, a session can be setup, torn-down, and re-stablished automatically even when moved to a new location.

Conclusion

Network breaches have become the greatest threat against our nation. Since a strong perimeter is no longer effective at keeping out cyber attackers, we need a new approach to further secure our networks. New segmentation tools and SDN give network administrators a lot of options to choose from. Micro-segmentation is a great option to better segment your data center, and hyper-segmentation provides options to isolate traffic down to the end-point. These new tools are our best bet for delivering on the promise of ‘identity as the new perimeter.’

Tags: Cost of Network BreachesLevels of AuthorizationMicro-segmentationOpen Network AdapterSDNSoftware Defined Networking

RELATED POSTS

networking evolution
Operations

Networking Evolution: Preparing for 2020

April 19, 2017
When it Comes to IT Modernization and Transformation, Experience Counts
Digital Transformation

When it Comes to IT Modernization and Transformation, Experience Counts

September 27, 2016
5 Hot Trends to Watch in Government IT
Digital Transformation

5 Hot Trends to Watch in Government IT

September 22, 2016

TRENDING NOW

  • Advana

    Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    10416 shares
    Share 4166 Tweet 2604
  • Do More with Less: Leveraging Automation Technology to Improve Customer Experiences and Service Delivery

    18 shares
    Share 7 Tweet 5
  • The Five Pillars of Zero Trust Architecture

    532 shares
    Share 213 Tweet 133

CONNECT WITH US

Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Customer Experience
    • Cybersecurity
    • Digital Transformation
    • Hybrid Work
    • Public Safety
  • Contact Us