How Microsegmentation Keeps Security Up to Date
The Digital World Descends: Securing Traffic from East to West
The evolution of the modern data center is a rapid one, VMware explained. The average IT strategy of today is comprised of multiple clouds, while businesses and agencies alike flock from physical to virtualized workloads. Software-defined data centers are becoming the norm, and mobile devices are part of the package. Meanwhile, deployment models are changing, too.
With all of these changes taking place to fit within the digital world, traditional security controls for application workloads are no longer effective. Historically, data center security practices have emphasized perimeter security—securing north-south traffic with the objective being to prevent malicious actors from getting in. The trouble today is that you can implement the strongest possible perimeter defenses, but malicious actors can still get malicious code inside through simple means: your people. Microsegmentation aims to deal with the fact that you’ve already been infiltrated and need to prevent an attack from spreading and doing the damage it’s designed to do, which is collecting information and exfiltrating it.
“You can do all you want on the perimeter with regards to security, but employees have to read their email, and hackers are smart and in tune with social engineering and getting people to click on things, and, before anyone realizes it, an employee’s done something they shouldn’t have and infected a vulnerable system.”
Ron Flax, CTO at August Schell
Microsegmentation secures traffic inside the data center, giving you the ability to implement a zero-trust policy and put firewall rules or policies in place between each and every component of your infrastructure. As a result, even if something gets into the system to subvert it or exfiltrate data, rules are in place to allow the activities that should occur and prevent those that shouldn’t.
Why Microsegmentation for Data Center Security?
VMware NSX is a powerful vehicle for delivering granular security to individual workloads using microsegmentation. In the most recent release, firewalling rules have been further enhanced to enable microsegmentation using application level firewall rules. In addition to 5-tuple firewalling, this allows you to not only allow traffic between particular addresses and ports, but also ensure that the traffic type is appropriate for a specific port. For example, you can specify to allow TLS version 1.2 traffic, while not allowing TLS version 1.0.
How these capabilities can strengthen data center security:
- Specifying traffic between ports adds an additional layer of security. The more specific you are about firewall rules, the more secure.
- Application rule manager (ARM) is an additional capability within NSX that extends the power of microsegmentation. The Application Rule Manager (ARM) within NSX enables a new way to produce security rulesets for new or existing applications. Ordinarily, figuring out data flows between various components in apps is an arduous process, but ARM makes it easy to create the firewalling policy that will lock it down.
- If you have a virtual desktop environment that allows users access to compute resources, you can implement identity-based security. With microsegmentation, you can allow users access to specific resources based on credentials. Context aware software actually looks at traffic and makes a decision based on traffic type, even though communication may be allowed between resources.
Bringing Your Data Center Security to the Cutting Edge with August Schell
Are you using microsegmentation in your data center? If you’re not, you should be; it’s the only way to stay secure in the threat-laden environment of today. August Schell is at the forefront of emerging technologies within the software-defined space. If your security team would like to learn more about how micro-segmentation can enhance the security of your data center, reach out to August Schell, or call us at (301)-838-9470.