Microsegmentation evolves into a compensating control security tool

As IT environments have gotten more distributed and dynamic, the use of real-time visibility and microsegmentation has grown. Many traditional security tools aren’t agile enough to secure businesses where changes have become the norm. For example, if an application developer spins up a container, it needs to be protected, but the length of time it takes to deploy something like a firewall is far too long to secure it.

Microsegmentation has many use cases

Microsegmentation functions as an overlay to the physical infrastructure and can dynamically change as the environment evolves. The most common use cases for microsegmentation is ring-fencing high-value applications. Other use cases include environmental separation, workload and application migration, and securing hybrid infrastructure.   

An easy way to think about microsegmentation versus other security technologies is that it prevents the spread of breaches by isolating application components. But it doesn’t actually get rid of the problem. That’s left to compensating control tools, such as intrusion detection and prevention systems.

The biggest inhibitor to the deployment of microsegmentation is that security professionals don’t know what to segment. Application environments have grown increasingly complex, and understanding how to apply the segmentation can be a difficult-to-impossible task.

To help with this, Illumio developed the first real-time application dependency map in 2014, which provides security professionals with a visual depiction of how traffic is flowing and what application component dependencies exist — necessary information to build a segmentation plan. 

Illumio integrates Qualys data for real-time vulnerability info

This week Illumio announced a new service in its Adaptive Security Platform. It now imports live vulnerability and threat information from the Qualys Cloud Platform to show on a map which applications are connecting to vulnerable ports. This visibility enables microsegmentation to be implemented as a compensating control exactly where applications are most vulnerable to the spread of breaches.

Illumio

Key components of Illumio’s new solution:

• Vulnerability map. This provides a view of the paths that threat actors can exploit within a data center and the cloud. The maps show in real time which applications are connecting into ports that are at risk, the risk inherited by upstream applications when the connections are unpatched. It also displays vulnerabilities with no active or historical traffic enabling security teams to eliminate unnecessary attack surfaces.
• East–West exposure score. A numerical score is calculated from workload, application, and connectivity context. The higher the score, the greater the risk.  This data can be used to prioritize patching to minimize the risk to reduce the score. Alternatively, if patching isn’t possible, microsegmentation can be applied more granularly to reduce risk exposure.
• Automated policy recommendations based on vulnerabilities. The system can mitigate vulnerabilities through the automation of policy recommendations. Vulnerability data is correlated with application traffic in real time to provide the ability to use microsegmentation to prevent the spread of breaches. As microsegmentation is applied, the East-West exposure score is dynamically updated, making it easy for organizations to see the impact of the changes.

Security becomes a business enabler instead of an inhibitor

These capabilities pose an interesting juxtaposition on how security is viewed within organizations. The most common opinion on security is that it gets in the way and slows things down — because it does. Often, developers are ready to roll out a new application only to be delayed because the security team needs to dot every i and cross every t. They do this to ensure the new application does not introduce new risks that can impact the company.

Application developers could use the Illumio Vulnerability Map to instantly see what the risk level is, apply the recommended changes, and roll out the application without having to involve the security operations team. Another option is for developers and security operations to collaborate and have microsegmentation policies built into the development process, enabling the business to move with speed, a key tenet of digital transformation.

The integration of Qualys data into the Illumio platform lets businesses get a better handle on the risks created by East-West traffic by turning every host into a sensor that can detect a breach. Each host is also an enforcement point, so as soon as unauthorized traffic is spotted, the vulnerability can be mitigated via the recommended policies created by the Illumio Policy Generator. One last important point: All of this is done in software, so there’s no risk of the application breaking.

The interest in microsegmentation has certainly grown in the past couple of years. The ability to use it as a compensating control can expand the use of it to quickly and quantitatively see where the vulnerabilities are, but also provide the recommendations to take actions to reduce the overall level of risk.