The modern threat landscape is almost
incomprehensibly complex. Each day, security and operations teams fend off
attacks via spear phishing, viruses, worms, and ransomware. Keeping on top of
the hundreds of thousands of new pieces of malware created daily only adds to
the difficulty of defense.But even though there’s a never-ending
stream of new threats and vulnerabilities, current security approaches focus
primarily on threat detection and vulnerability management. Modern CIOs and
CISOs want “provable security.” They want to see that their security strategy
is stopping threats from causing a compromise, but there’s simply no way any
security solution can possibly detect and thwart 100% of the multitude of
threats they face.That said, there is a different way to go
about security that can ensure threats cannot exploit a vulnerability:
controlling system access. While threats and vulnerabilities are virtually
infinite, access is finite, measurable, and most of all, provable. Therefore,
by controlling access, security can, in fact, be proven.Restricting the access that threats have to
your systems begins with implementing a zero trust environment with
microsegmentation. This method has been recognized by analysts at Gartner as a
“core workload protection strategy,” but what, exactly, does it involve?Zero trustWith all the threats in existence today,
and more coming online every day, an intrusion into your network isn’t an “if”
— it’s “when.” There’s simply no way to prevent every single attack from penetrating
your organization’s security perimeter.Historically, organizations have leaned on
traditional approaches like firewalls and other perimeter defenses to keep
threats at bay. Firewalls rely on identifying potentially malicious traffic and
keeping it from accessing your network. Complete reliance on this model is
outdated and downright dangerous. While certainly a part of a comprehensive
security strategy, no firewall can protect all your enterprise assets from bad
actors.Provable security requires a new way of
thinking. Zero trust is built on the premise that all traffic is potentially
harmful and nothing should be inherently trusted — “trust no one,” as Fox
Mulder might say.Take the example of software that carries a
verified signature. Even then, it could still be concealing malware, and
therefore, it shouldn’t be blindly trusted with the keys to your network
castle. With zero trust, every
application is authenticated for access, not just once, but continuously.MicrosegmentationThe zero trust model is the key to
microsegmentation. As the name suggests, microsegmentation creates small zones
by which organizations can separate applications and workloads from each other
to secure each one individually. At its core, microsegmentation makes network
security more granular.This gives IT the ability to not only
restrict north-south traffic at the network perimeter as firewalls do, but to
also control east-west traffic inside your network environment. Controlling
east-west movement is critical because when a piece of malware is able to get
past a firewall, which it was likely allowed to do because it carried the right
signature, despite its dangerous payload, the places it can travel and damage
it can cause become drastically limited.One challenge created by this approach is
gaining transparency into just how many available pathways exist (it’s usually
in the thousands), but advances in machine learning have given us the ability
to quickly and accurately map out networks of virtually any size and
complexity. These maps reveal thousands upon thousands of potential paths
between applications, workloads, and data sources. Each one of these has the
potential to be a point of exploitation.Having this information also lets your
security team identify and leave open only the paths that are critical to your
network operation. By reducing the number of open paths, you restrict access
and reduce the potential avenues of attack to a manageable volume. Threats have
much fewer places to go.There are zero trust microsegmentation
software solutions available now that make microsegmentation easier to achieve.
They automatically create detailed network maps and let you visualize how
applications communicate in real time. They then help you monitor your
environment to identify unexpected or unusual traffic patterns that may
indicate a threat. At this level of detail, you can see all the applications
that are accessing resources in your network and understand how. This
transparency allows you to learn the potential risk of communicating
applications on your network and serves as the foundation for the security
policies that give you enhanced control of your environment.Now, you’re not just trying to identify
known threats and keep them out of your network. You’re analyzing every
application that tries to communicate across your network, monitoring all
traffic inside, and limiting the pathways potential threats can travel. This
provides security at a much more granular, manageable level, while increasing
the complexity involved for any attacker trying to exploit your network. This
analysis, and the resulting control that can be applied, provides quantifiable,
provable security.Provable security that is easily managed is
pretty close to the Holy Grail for CIOs and CISOs. We all know IT budgets are
notoriously tight, and investments simply don’t happen without measurable ROI.
This is why provable security is such a key metric. It allows both operations
and security teams to know their solutions are effective and document the
threats that are detected and denied access before they affect the network.This shows real ROI on security spending -
ROI and security that’s provable to your board.Peter Smith, Founder and CEO, Edgewise Networks
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds