Organizations heavily invest in security solutions to keep their networks safe, but still struggle to close the security gaps. Micro-segmentation helps protect against the lateral movement of malware and minimizes the risk of insider threats. Micro-segmentation has received lots of attention as a possible solution, but many IT security professionals aren’t sure where to begin or what approach to take.
In this practical webinar, Prof. Avishai Wool, AlgoSec’s CTO and co-founder will guide you through each stage of a micro-segmentation project – from developing the correct micro-segmentation strategy to effectively implementing it and continually maintaining your micro-segmented network.
Register now for this live webinar and get a practical blueprint to creating your micro-segmentation policy:
What is micro-segmentation.
Common pitfalls in micro-segmentation projects and how to avoid them.
The stages of a successful micro-segmentation project.
The role of policy change management and automation in micro-segmentation.
2. WELCOME
Comment through the Live Chat
Have a question?
This webinar will be available On-demand and as Podcast
Connect with AlgoSec online !
2
marketing@algosec.com
• https://www.algosec.com/resources
• https://www.algosec.com/webinars
• https://www.algosec.com/podcasts
3. AGENDA Motivation: lateral movement
Reducing the attack surface
Network segmentation
Managing micro-segmented networks
Use Cases
13. TRADITIONAL EXCUSES IN A TRADITIONAL DATA CENTER
Use standard or virtualized firewalls
Requires:
• Reassigning IP addresses
• Making routing changes
• Defining new VLANs
• Possibly connecting new cables
Hard Work!
13
14. SOFTWARE-DEFINED DATA CENTERS
• Comes with filtering capabilities inside the networking fabric
• Reassigning IP addresses
• Making routing changes
• Defining new VLANs
• Possibly connecting new cables
• On-premise data center:
• Cisco ACI
• VMware NSX
• Public cloud:
• Amazon AWS
• Microsoft Azure
Old excuses are gone!
Technology is just the 1st step.
You still need to configure it!
14
15. NEXT CHALLENGES
• Where to place the segment boundaries?
• What filtering policy should you write ?
• So all legitimate business traffic is allowed!
• To do this – you just need to know all the legitimate traffic in the
data center, so you can write policy allowing it.
Naturally, you have perfectly accurate records
of all the application flows running through
the data center, so it’s easy. right?
15
16. FOR EVERYONE ELSE: APPLICATION DISCOVERY
• Need to:
• Detect all the network flows
• Annotate them with application name (“intent”)
• Aggregate & optimize “thin” flows into “fat” flows
• Put them in the filtering policy
• How:
• Netflow → AlgoSec AutoDiscovery
(or → AutoDiscovery)
• Import into AlgoSec AppViz
• Results:
• Micro-segmentation knowhow
• Application name annotates current + future rules that support it
16
17. OTHER CONSIDERATIONS: SENSITIVE DATA ZONES
• Some types of data are more sensitive
• Credit card data (PCI regulation)
• Personally Identifiable Information (GLBA, privacy laws)
• Medical data (HIPAA)
• Financial data (SOX, etc.)
• Ransomware encryption of personal or PCI data: equivalent to theft
• Regulatory implications
• Keep servers with sensitive data in separate segments
17
38. • Micro-Segmentation is KEY to tight network security
• SDN enables micro-segmentation – but it does not mean all
your challenges are gone
• Discovery, segment definition, and initial policy definition
• Ongoing maintenance: east-west + north-south
44 | Confidential
SUMMARY