Traditionally, networks were constructed on standard building blocks such as switches and routers, whilst security solutions – whether perimeter firewalls or intrusion prevention systems – were applied afterwards as the ‘first fix’. However, as operational technology evolves, network and security are beginning to overlap.
Today, there is a move towards hybrid networks that combine physical data centres with virtualised platforms, all of which require the same level of security. By basing an approach on security functions, such as policy enforcement or micro-segmentation rather than the location of the system and/or application, helps deliver a holistic approach to security where the whole is greater than the sum of the parts.
North-south traffic – the ‘in’ and the ‘out ‘– within a hybrid network is generally already well protected. However, east-west traffic – which is effectively how the various applications and systems within the data centre ‘talk’ to each other – is often a neglected security area within many organisations.
This is because networks are typically designed and built to limit ingress and egress of data, not the flow of information within the network, or even between networks within the organisation’s data centre(s), and potentially partner networks. The problem is, if a bad guy manages to infiltrate the data centre, or legitimate traffic becomes malicious, these trust relationships which are in place, permit the attackers to get to wherever they want.
It is, therefore, vital to have a clear, and up-to-date understanding of the infrastructure. Micro-segmentation is then critical to properly control traffic flows within the environment and reduce the potential attack footprint by ensuring only compliant flows are allowed and to contain threats in case of a breach.
If a network is segmented down to the individual process level and communication is only between permitted systems (e.g. server A can talk to server B but no other), network operators can see that anything outside of that else is a violation. The next step is to apply a visual security delivery layer on top of these micro-segments and across the network. This will give all inline tools the ability to be feddata packets in real-time, to be stored for replay later or to be used in analytics engines. This gives Security Operation Centres (SOCs) a better idea of how their security tools are performing.
Additional layers can then be applied on top to regulate access (for example, with privileged access management baked into all the endpoints). This gives network administrators, and security teams far more control as to what can talk to what when data is travelling laterally. It will also enable them to detect active breaches within the network and confine them to a secure location for accelerated mitigation and remediation.
It is imperative to have an early warning of the potential dangers across the whole of the estate. The latest solutions provide this via a ‘single pane of glass’, showing what is happening in real-time and exactly what is happening down to the process level. By embedding security into the network reduces operational overhead, increases visibility and helps generate meaningful intelligence around events on the network.