Micro-Segmentation: A Simple Solution With Prophet
Updated: Sep 9, 2019
Perimeter based security has flaws. Learn how micro-segmentation helps to secure your network and keep threats out.
As companies continue to increase in complexity and size, so does their need for an agile and responsive security strategy.
Companies that rely on spanning internal applications, or those that utilize dynamic data-centers, stand to benefit from micro-segmentation. Micro-segmentation allows IT administrators to generate isolated groups of network applications to administer security policies at the application level.
Prophet allows an IT organization to discover, build, and maintain micro-segmentation policies across physical, virtual, cloud, and on-prem infrastructures with its unified flow collection and correlation platform.
Micro segmentation utilizes granular “application” level data, providing targeted data to extrapolate behavioral inefficiencies within complex networks. This is critical for companies that process large amounts of data on multiple networks.
Threats within a network will have limited ability to traverse and infect other servers while a micro-segmentation security policy is active. In fact, it has been shown that IT threats decrease exponentially with each micro segment added.
Micro-segmentation ensures that threats remain isolated within a small local subset of the application server from which they originated. Containment of east-west threat movement is often a priority for IT professionals.
Traditionally, micro-segmentation has been difficult. This is because it requires that an organization know exactly how their applications are used and to know the interdependencies between all of their applications. Micro-segmentation is often a classification problem.
Prior to pursuing a micro-segmentation security policy, network data must be configured and set up for monitoring. Netflow data, as it is known, is the backbone of most micro-segmentation security policies. Netflow offers a rich dataset that provides context and visibility as to how users move within network applications, to identify analogous behavior.
Historically, Netflow monitors have been limited in their ability to conduct thorough analyses from the data they collect. This is because Netflow data is cumbersome and expensive to transport while maintaining context. Prophet uses flow stitching to transport Netflow data at an unparalleled 10x compression rate, while maintaining essential application context.
However, today organizations can drastically improve their security policies by switching from outdated, perimeter based (firewall) systems to a dynamic micro segmentation policy. Perimeter based security policies are limited, because while they excel at keeping bad-actors out, once breached they can do very little to limit internal network damage and access.
Malicious actors are free to move within the organization once breached, posing a severe security threat. Identifying the locations, actions, and movement patterns of malicious actors is impossible with a perimeter based security policy. Perimeter based security is also extremely vulnerable to physical changes in an organization's network and technology, as it is tied to the physical deployment of firewall boxes which much be added, maintained, and replaced.
By contrast to perimeter based security, micro-segmentation lets an organization drastically limit the fallout from unauthorized network users, silo their movements, and even remotely deny their ability to access a network. This is because once breached, the intrusion is very limited and must breach each micro segment independently. Prophet provides organizations with advanced micro-segmentation tools in a centralized control dashboard, offering ultimate visibility and control of your network flow data.
Transitioning to this type of policy ensures that as your organization grows, innovates, and changes, your security policy will not be compromised. This policy is essential for companies that manage or transport high-value data, maintain a complex network of physical devices, or are subject to strict compliance standards.
Find out how your organization can benefit from Prophet - Send us an email