The digital business era has brought with it a number of new tools and technologies, such as software-defined networking (SDN), Internet of Things (IoT), mobility and the cloud. These innovations enable businesses to increase their level of dynamism and be more distributed, but they also increase the complexity of securing the business. Old-school security methods and tools do not work in an environment where the perimeter is eroding and resources are becoming more virtual and cloud-centric.
+ Also on Network World: Always be prepared: Monitor, analyze and test your security +
To combat this, security professionals have embraced the concept of segmentation. The number of segmentation providers has exploded over the past few years, including VMware repositioning its NSX network virtualization product as a micro-segmentation solution.
Whether it’s called micro-, hyper- or nano-segmentation, the concept is the same—create secure “zones” for connected endpoints. If one of the endpoints is breached, the malware won’t spread laterally across the data center.
There has been tremendous innovation in the ease of implementing segmentation over the past few years. It used to be if a company wanted to segment its network, it would have had to manually program VLANs and ACLs one device at a time, which isn’t scalable in large or even medium networks. Today’s segmentation solutions are dynamic and agile, so they meet the requirements of modern data centers.
However, applying segmentation policies assumes there’s an understanding of what to segment. Some things might be obvious, such as “all IoT devices” or “guest network,” but after the low-hanging fruit, the process of figuring out what to segment becomes more difficult. It’s been my experience that 99 percent of companies aren’t even fully aware of what open connections there are between the servers, workloads, applications and cloud resources. Now toss in dynamic infrastructure such as virtual machines and containers, and the process becomes exponentially more difficult.
Any organization considering implementing a segmentation solution should deploy a tool that provides the necessary visibility to understand how things are connected.
GuardiCore provides visibility into application and network layers
GuardiCore is a data center security company that, as part of its Centra security platform, addresses the application visibility gap that most companies have today. While some vendors offer visibility tools as part of their suite of products, many of them are limited to Layer 4 visibility, which, although useful, does not provide granular visibility into applications.
The strength of GuardiCore is that it provides visibility of both network and application layers. It works in multi-vendor environments with support for all the major data center vendors, including Cisco, VMware, OpenStack, CheckPoint, RedHat and Docker. The product also extends to the public cloud with support for Microsoft Azure and Amazon Web Services.
GuardiCore Reveal, a core component of the GuardiCore Centra security platform, provides granular process -level visibility into workloads and applications to give security teams the ability to discover, monitor and visualize activity inside the data center, as well as control the traffic through the use of micro-segmentation policies. The Reveal dashboard shows all open communications between workloads, which helps understand the relationship between the workloads and associated risks.
Another strength of GuardiCore Reveal is the automation capabilities. Once the software is installed, it scans all of the process-level activity and network events, correlates the information and builds the visual map. At this point, administrators can easily drill down into individual applications and workloads using a dynamically generated list of attributes discovered in the environment. Attributes include information not only from the guest operating systems and hypervisors, but also from orchestration that manages the data center. This makes it easy to define applications and security groups that are essential components for a holistic and granular segmentation plan.
If implemented correctly, segmentation tools do a great job preventing breaches from spreading laterally but won’t actually find the breach. GuardiCore maps out “normal” operating flows. Any anomalistic traffic can indicate a breach, and the security team can begin the remediation process.
GuardiCore plus a segmentation tool such as NSX provide a strong security one-two punch where the visibility map is used as the input mechanism to segment the data center. If the environment is breached, the secure zone controls the “blast radius,” giving the security team ample time to use GuardiCore to find and eliminate the threat