Micro-segmentation – think smaller, achieve more
Is Micro-segmentation the key to a brave new world of information security?
As the cybersecurity threat to businesses continues to grow exponentially worldwide, many experts are touting micro-segmentation as the solution to the problem of data protection.
The cost of data breaches
Last year, according to the annual Cost of Data Breach Study published by the Ponemon Institute, there were more data breaches than ever before – this despite continual advances in cybersecurity technologies and tactics. Research shows that there is almost 28% chance that an organisation will experience a data breach of more than 10,000 records – costing them time, money, and damage to brand.
Given that the same research lists the average cost of a data breach per compromised record as US$148, that adds up to a fair amount of money to lose. Similarly, if you suffer a data breach of 50 000 or more records – far from inconceivable for a medium-size business – the organisational cost approaches US$7-million. If you’re a large corporate with a mega-breach involving 1-million records, the price could exceed US$39-million.
Consider also the reputational damage of a data breach, the loss of customers and customer trust, and potential punitive action by regulators, and it becomes clear that the consequences of a successful breach are quickly multiplying from embarrassing to business threatening.
The Challenge for Information Security Professionals
For individuals working in information security, there’s another statistic that is concerning. On average it takes about 206 days to detect a data breach – a scary and daunting figure as this time-frame means that hackers who gain entry to an IT system or data centre could have more than six months to trawl through the system before being detected. Even when an individual discovers a breach, the Cost of Data Breach Study says it takes a further 69 days, on average, to contain it.
The reason that such extended and uninvited visits can occur is that most organisations tend to focus on firewalls and intrusion prevention systems (IPSes) that detect and repel cyber-attacks to the perimeter of the data centre or cloud computing environment.
However, if intruders discover a chink in the sophisticated perimeter defences – which could happen via something as simple as a smart lightbulb – there are usually few effective inward-facing defence mechanisms that need attention, and the attackers can move laterally through the system at will, seeking high-value hacking targets.
Internal data centre traffic can account for as much as 80% of all network traffic, yet perimeter defences offer little or no control over these network communications. Because this traffic doesn’t pass through a firewall and is therefore not inspected, IT personnel may detect a problem, but they won’t know the context or extent of it.
However, fear not, the solution is micro-segmentation, a new and smarter way to think about data protection. In essence, micro-segmentation will allow you to segregate the high and low-value areas of your network and provide a robust internal defence against attackers from within.
How Micro-Segmentation works
By definition, micro-segmentation, is “a process that divides an entity into tiny parts”. Within the cybersecurity environment, it enables data to be broken down into small parcels, each individually protected according to their importance and each is taking cognisance of the network connections that an intruder could use to move laterally through an already compromised IT environment.
Developers of micro-segmentation technology approach the problem in the same way that designers of submarines protect their vessels in the event of collision or enemy attack. The submarine’s hull has a series of watertight doors that will seal off sections of the ship if there is a breach in the hull. So, the damaged part may take in water, but the watertight doors will ensure that all other components remain dry and operational. In other words, it assists in isolating the threat until it is dealt with and the impact on the broader IT system and business is limited.
Micro-segmentation can be used to tailor security settings to different types of traffic, thereby, allowing for the creation of policies that in turn limit network and application flows between workloads. Micro-segmentation creates a zero-trust security model which, if applied down to the workload or application, limits and reduces an attacker’s ability to move from one compromised application to another.
Micro-segmentation also aids operational efficiency. Access control lists, routing rules and firewall policies can be unwieldy and difficult to scale in rapidly changing environments. Micro-segmentation, however, is typically done in software, which makes it easier to define fine-grained segments. So, with this approach, IT can work to centralise network segmentation policy and reduce the number of firewall rules needed.
Also, by using micro-segmentation, security policies are automated, meaning that the rules and governance applied to each workload can change in only a few clicks. Everything from load balancing to firewalls and compliance issues is addressed at once and then rolled out instantly to the network, delivering a comprehensive and correlated security capability inside the data centre.
The reality is that cybersecurity breaches will continue to happen and that organisations must plan for this using an entirely new mindset and new tools such as micro-segmentation to compartmentalise the high-value areas of the network away from the low-value areas, which intruders tend to target as an initial entry point to the system. Mapping out the system to identify which areas may be high-value intruder targets is integral to this.
Additionally, IT security professionals need to think like their attackers to defend themselves and, in doing so, they will be able to support business continuity and protect organisations from IT risk and potential long-term damage.
Can Micro-Segmentation be a solution for your organisation?
Most organisations in Australia take the risk of data breach very seriously, and any sensible option such as micro-segmentation can appear as part of the solution. However, we are suffering a massive skills shortage of trained, experienced cyber security professionals – globally. Information security teams are massively stretched with existing initiatives, and companies that are not large enough to employ a cyber specialist struggle to justify the cost of cyber defences.
Stickman has released a new Managed Cyber Security service to allow even smaller enterprises to take advantage of the latest cyber defence methods. Contact us to hear more about our Cyber Security as a Service offering, and schedule a confidential discussion about your needs.