Micro-segmentation 101 is a network security method to manage access and authorization between workloads. It is used to dictate security policies to restrict network traffic based on the principle of “least privilege” and “Zero Trust”.
A Zero Trust framework is a cybersecurity strategy that follows the belief of “never trust, always verify.” It is used to secure the cloud and mobile world, which claims that no user or application should be trusted by default.
Another aspect of micro-segmentation is workload. The workload is the collection of processes and resources required to run an application in the Organization. Hosts, virtual machines, and containers are examples of workload. Micro-segmentation reduces the attack surface, improves breach containment, and strengthens regulatory compliance.
Micro segmentation can also be defined as the network security technique that enables security architects. It logically divides a data center into distinct security segments down to the level of individual workloads. It then defines security controls and provides services for the unique segments.
Why is Micro-segmentation important?
A vulnerable system is most likely to get infiltrated, resulting in high-profile attacks and security incidents. The attacker uses the compromised system to jump on other systems that contain sensitive information. The initial system paves way for the ransomware to spread across the network to other machines.
Most organizations use “Perimeter Defense” across their network, which is also called the “perimeter approach”. This leaves internal controls and defenses incapable to shield the system. Today’s enterprise perimeter is easily defeated by malware. Therefore, internal controls that are built on micro-segmentation can minimize the damage and the risk that an attacker can cause after barging in.
Working of Micro-segmentation
Micro-segmentation divides large applications, processes, and resources into small segments based on the communication requirements of each application. This will enable applications to communicate within their segment only and not make unauthorized communications to applications outside their segment.
Micro-segmentation is a core component of a Zero Trust security model. It starts working from where the perimeter security ends. It ensures policy across the entire organization’s internal network as it is applied at either the host or network levels.
Micro-segmentation is also referred to as identity-based segmentation. It meets the segmentation requirements without the need for re-engineering. Security teams isolate network workloads to limit the impact of malicious lateral movement. There are three categories to assimilate micro-segmentation:
1- Agent or host-based segmentation:
Agent-based control uses a software agent on the processes and resources. This approach assumes that genuine real-time protection requires control of the workload itself. In this method, the software is deployed on the workload.
Host-based micro-segmentation relies on software agents installed on endpoint devices. The agents provide much more visibility and granular control. It also provides a path towards identity-based micro-segmentation for easy management.
For instance, an identity-based policy allows a legitimate file to communicate on the network, but a malicious file on the same virtual machine is not allowed to have access to the network. With the help of an agent, segmentation takes place based on dynamic, human-understandable policies than static network-level rules.
2- Network-based segmentation:
This type of segmentation relies on the network infrastructure. This segmentation influences devices like load-balancers, switches, software-defined networks (SDN), and overlay networks to enforce the policy.
This segmentation performs at the network level by modifying access control lists (ACLs) or firewall rules. As it is present at the network layer, there are no agents to deploy on workloads.
Network-based micro-segmentation has several major drawbacks. First, it can only enforce one policy for each endpoint. This means that if there is legitimate software on the same endpoint where malicious software is present, firewalls that are typically used as enforcement devices cannot distinguish between the two. Both parts of the software will be either blocked or enabled.
These policies are static in nature because they are based on a network port and IP address. Policies must be dynamic in today’s cloud-centric environments, or they will slow things down and create problems.
3- Native cloud segmentation:
This type of segmentation controls influence capabilities embedded in the cloud service provider, such as Amazon, security group, Azure firewall, or Google Cloud firewall.
How to prepare a micro-segmentation project
Following are the steps to preparing a micro-segmentation project:
- Define organizational stakeholders.
- Define segmentation goals such as environment segmentation, application isolation, and application micro-segmentation.
- Understand current and future infrastructure plans.
- Consider tagging strategy for application identification.
- Identify necessary integrations such as existing FW policies, SIEM (security information and event management) solutions, ticketing systems, CMDB (configuration management database) inventories, and tagging capabilities.
Requirements for Micro-segmentation
These are the requirements for implementing micro-segmentation.
- There should be support for all environments and platforms.
- There should be application-centric visibility.
- There should be centralized policy creation and management.
- It should be adaptive and automated.
- It must have customizable granularity.
5 step strategy to Implement Micro-segmentation
Following is the 5 step strategy to implement Micro-segmentation:
- Selection of the right tools
- Mapping the application environment
- Prioritizing segmentation area
- Testing and imposing the policy
- Deciding the next segmentation area.
Benefits of Micro-segmentation
Micro-segmentation divides the network into multiple smaller units or segments. This leads to enhancing the performance and security of the network.
1- Performance enhancement:
Division of the network into smaller subnets and VLANs reduces the scope of broadcast packets and improves network performance.
2- Security enhancement:
Network security teams use an access control list (ACLs) on VLANs and subnets to isolate computers on different network segments. The access control list prevents the threat from reaching other network segments if data is breached.
Micro-segmentation divides the network into smaller units or segments to reduce the intruders’ attack surface and restrict traffic based on the least privilege. Implementing this strategy is necessary for network security because a critical or compromised device can lead to malware across the entire network. It works based on host, network, and native cloud segmentation. Overall, this strategy improves network performance and security.