Bridgeway Insights

Minimise the Attack Surface with Micro-Segmentation

Minimise the Attack Surface with Micro-Segmentation

Posted by Aaron Flack 11 March 2021

At what point do we accept that it is a matter of when, not if, our business falls under attack from external/internal threats, or misplaced trust? 

Business networks are transitioning to ever evolving and changing hybrid and multi-cloud architecture. As that architecture becomes more complex as digital transformation continues, traditional approaches to network security become costly and impossible to manage.

Traditionally, defending the perimeter was of upmost importance, since most threats to the business were external. Network security usually focused on a firewall that analysed and removed much of the bad traffic with manual segmentation internally using tools like VLANs, ACLs and VRFs to manage internal threats. When most traffic is north-south, the perimeter inspection model works well. 

The pace of digital transformation and cloud adoption is accelerating. More businesses are adopting cloud-first initiatives and an approach of “Never Trust, Always Verify” across their dynamic application, workloads, users, and endpoints.

Enter… Micro-segmentation

When adopting a zero trust model, we assume that nothing is trusted, and internal and external threats are always presumed to exist.

Although zero trust is not a particularly new term, micro-segmentation is not extensively understood to be a critical tool in adopting these principles.

A recent Gartner report identified three identity-based segmentation or micro-segmentation approaches to limit the effect of lateral network traffic. With the evolution of more complex hybrid and multi-cloud architecture, the data centre traffic pattern has shifted. Applications have evolved from monolithic architecture to micro-services-based architecture.

The challenge has arisen to minimise complexity across ever evolving and changing networks and prevent would-be hackers from moving around laterally, penetrating, or stealing sensitive data.

Ask yourself this question…

Do you know precisely who or what has access to your application workloads?

Practical solutions that provide full visibility into internal traffic and vulnerabilities, and protect assets such as servers and applications, become critical to monitor and mitigate the rise of east-west traffic inside the network(s).

For more expert opinions on zero trust architecture, watch our on-demand webinar ‘Navigating the Zero Trust Journey with Tony Scott’ (former CIO for the US Federal Government and for Microsoft):

Watch Now

 

Free discovery conversation

Contact us to today to arrange your free trial. We’ll show you how ColorTokens can be used to evaluate your network, identify your vulnerabilities and help you make the right decisions to achieve a true zero trust policy within your architecture.