Micro-Segmentation: Don’t Let Your Network Be Totally Invaded.
Updated: May 8
Tuesday, December 10th, 2019
The Worst Case Scenario
Imagine your physical or virtualized datacenter with multiple nodes including dozens of computers and servers running multiple applications with network connectivity running inside and outside of this datacenter; you might have traffic going out to your business partners, and you might even have network flows coming in from the internet; the entire network is working just fine and all the connections are in place and all of the data is safe and everyone is happy.
But then suddenly, BOOM, someone somewhere on the outside has breached your network and has accomplished the unexpected by accessing all of your server’s data, doing whatever they want with your private information, possibly even destroying your applications instantly. Like the image below, you were a massive ship being struck by a torpedo.
If your network was microsegmented, this would not have happened; Why don’t ships sink instantly? Let’s keep reading to use their genius engineering feats as an example of how we can keep our networks safe:
The Titanic Didn’t Just Sink Instantly
Yes, a bunch of people died in the Titanic, but not everyone. Even though this ship is an example of a massive tragedy, it’s also an example of genius engineering. (Historically, everyone could have been saved if a rescue ship had come to get them, but they were essentially abandoned out at sea). The ship took a staggering 2 hours and 40 minutes until it finally submerged under water because the engineers knew that in case they were to perhaps run into, per se, a gigantic iceberg, they wouldn’t instantly sink into the water, but would still stay afloat long enough to give the passengers time to flee to safety. How did they do this?
Genius Engineering: Microsegmentation In Gigantic Ships
In the image above, engineers sectioned off the bottom of the ship into segments in case of a breach into the hull of the ship; in case of a breach, the water would only be able to access the breached section, while the rest of the ship remains unscathed. As a result, the passengers’ lives are maintained and have time to either fix the hole or escape before it sinks.
Likewise, microsegmentation protects your network by segmenting it into sections. If the rare but unfortunate case of a breach, only a portion of the network can be accessed without obtaining access into the entire network, placing a huge limitation on invaders. Ot builds a defense system that will protect your data and applications, giving IT professionals plenty of time to get rid of the invader and block the IP address so that it doesn’t happen again. The vast majority of your network remains untouched.
Prophet can save your ship from sinking, and more.
Prophet will observe how users use a given app and will automatically map and track on an app's service dependencies. This helps your organization to accurately secure even the largest and most obscure network applications. Gain insight to app ports, protocols, or HTTP routes with Prophet. Add an extra barrier of safety to your Network by segmenting your network. Click the link below to learn more.
Posted by Joel Whitcomb