Learning from Hackers: The Benefits of Microsegmentation

So, can’t we take a lesson from the hackers?  The bad guys do not go after your data center all at once.  They tend to look for a single vulnerability and then move out from there.  This means broad-based segmentation will be limited in its effectiveness.  Alternative, complementary approaches which drive segmentation closer to the application, even closer to a (physical or virtual) server can play a critical role in reducing the explosion of insider threats and spread of lateral attacks.  If one workload/app is comprised and your other applications are not well segmented, the bad actor can spread rapidly (Target, OPM, and Sony breaches all started this way).  Only segmentation down to the workload/application can prevent/reduce this risk.

This is particularly true now that applications have become more distributed, dynamic, heterogeneous, and hybrid.  Said simply, many n-tier modern applications are no longer constructed to run a single rack on a single server.  I have seen a single application span dozens of data centers.  A single application.  How can you protect that with a firewall?

Internal segmentation approaches must adapt to changes in environments (spin up, down, move) and increase the dynamic nature of new compute formats such as Linux containers that can literally run for only a few seconds to complete a process.   And they must work in hybrid environments, where IT takes advantage of physical infrastructure they do not truly control.

The benefits of microsegmentation in the data center is a reduction in the attack surface for bad actors to communicate and move.  By locking down all unauthorized communications, much of the probing that goes on can be similarly restricted, making it more difficult for a bad actor to spread laterally throughout the data center.