Vidder Blog

Segmentation: Where to Begin?

Posted by Greg Ness on Feb 15, 2018 1:03:18 PM

A New Paper Suggests it’s Time to Think Differently about Segmentation

blog-does-segmentation.jpgThe perimeter protecting the network, once considered impregnable, has been degraded by advanced threats and an explosion in the number of connected devices (and apps running on them) and a new generation of predatory malware attacks.

Since the dawn of the networking era, enterprises built open (flat) networks to offer every user access to (almost) every application. Many of these networks are global, spanning business units and national boundaries with unprecedented connectivity. Amazing. Powerful. Everything and everyone is accessible.

Today that access is now available to adversaries.

Some enterprise networks have become a kind of playground for hackers that offers up everything to everyone with minimal effort, not even the need to wait in line. With a few easily available tools or tactics adversaries can penetrate business critical apps and data. They simply compromise one of a growing population of connected devices.

From a single compromised device, attackers can then access other devices, servers and even printers to establish a robust foothold inside the network. From there they search for privileged users to get privileged access to servers, applications and data. Even with traditional network segmentation this can be a problem. (see diagram)

blog-segmentation-diagram.jpg

Because of the difficulty and expense required to protect the entire network from these types of attacks, CISOs are taking steps to segment (or isolate) applications so they cannot be easily reached by adversaries, yet still be reachable by employees.

The problem is too much access, stolen credentials, and the ability for compromised devices to access servers from inside the network.

Segmentation is the new perimeter strategy, and it should begin with the protection of applications and servers from attacks from compromised endpoints.  Yet CISOs have been “educated” by PCI compliance to think of server segmentation as a priority, instead of protecting servers from the most common threats.

It’s Time to Think Differently about Segmentation

 A recent paper, Segmentation for Security by Silicon Valley veteran Brent Bilger, takes you through the various hops, attack vectors and approaches to effective isolation and access and reviews common approaches for security and business impacts. I highly recommend it if you have an open network and are looking for where to start.

Download Segmentation for Security before you plan your next segmentation project.

 


Related Content

Silicon Angle: “It’s Time for a Cyber Security Reboot..”
Light Reading:
“Verizon and Vidder Put SD-Perimeter Around Enterprise Security”
Vidder blog:
“Protect Controlled Unclassified Information from Cyber Attacks”
CSO online:
“Cybersecurity technology: Everything is transforming and in play”

Topics: segmentation, security

About Vidder

Vidder is changing how modern day enterprises approach security in an increasingly untrusted IT landscape. PrecisionAccess™ enables secure, trusted access to critical business applications in today’s perimeterless enterprise. With PrecisionAccess, enterprises can continue to evolve their business ecosystem through major IT trends like cloud migration and outsourcing with assurance that their most valuable applications are safe.

Subscribe to Email Updates

Recent Posts