With the move to remote work and distributed corporate networks, perimeters are quickly becoming more undefined. As a result, the need for a holistic Zero Trust approach is becoming increasingly urgent. The Zero Trust framework relies on the principle of ‘trust nothing, always verify.’ This means that organizations must authenticate every user or device connecting internally or externally before allowing them to access applications and data, acting as if they are already compromised.
A successful Zero Trust strategy includes not only broad segmentation of the network. It also calls for organizations to establish micro-perimeters around critical assets, tightly managing who or what is accessing them and also taking into account the context. In the past, this level of control would have required enormous infrastructure complexity. However, as Zero Trust has matured, so have the technologies that support it, including microsegmentation.
Where does microsegmentation fit into Zero Trust security
Technologies that fall into Gartner’s Zero Trust Network Access (ZTNA) and Forrester’s Zero Trust eXtended Ecosystem (ZTX) categories, like microsegmentation, can help organizations mature their Zero Trust journey. However, it’s important to note that no single tool will address an organization’s unique Zero Trust requirements and that each company’s approach can and should constantly be evolving.
Initially, Zero Trust was presented as an alternative to the traditional ‘moat and castle’ strategy of security, in which most protection measures focused on activity moving across the network perimeter, or north-south. In a world where a breach is often now a matter of ‘when’ and not ‘if,’ security teams should operate under the assumption that all activity is malicious until they can prove otherwise. Every user, connection and device should be treated with suspicion — even if it originates inside the network. Since most companies no longer have a contained network or data center, the idea of a ‘castle’ that organizations can defend is obsolete. By implementing the Zero Trust framework, organizations will establish the checkpoints necessary inside the perimeter to improve their security posture against today’s evolving threat landscape.
As a technology, a microsegmentation tool can help you achieve this, first, by allowing you to understand the dependencies and communications unique to your company. Then, you can start to address the lack of security rigor inside of the network by creating micro-perimeters around assets that allow only those activities necessary for the business and nothing more. Once controls are established, organizations can continue to monitor the effectiveness of their approach and build on this foundation. A good microsegmentation tool should ensure that your business has the contextual tools to see if policies perform as expected and do not introduce friction. It’s also helpful in identifying gaps in a Zero Trust strategy with historical and real-time data so you can flag and understand the context of non-compliant activity and address it through tweaking or introducing new policies.
Zero Trust segmentation: reduce attack surfaces and contain breaches
As organizations flock to cloud and hybrid infrastructures, workloads often migrate among different environments, and the amount of east-west traffic in modern data centers has exploded. This rapid proliferation of applications and increased traffic creates an ever-larger attack surface for bad actors to target.
Unfortunately, traditional perimeter security measures can do little to protect a business from infected devices or prevent attackers from pivoting to access critical data once they have successfully breached an environment. Additionally, the increased use of TLS encryption gives attackers more potential to obscure their activities, making it difficult to spot threats and other non-compliant activities. This can increase dwell time as well as potential breach impact. The longer a bad actor has in your network before they are detected, the more opportunities they have to access and exfiltrate critical data and assets.
Acknowledging that breaches are bound to occur, Zero Trust protects the business from advanced threats and helps minimize the blast radius and fallout from a successful attack. Leveraging the framework’s principles, which call for strict authentication and access controls for any user, device or application, Zero Trust shores up defenses within the perimeter. Preventing unauthorized communications thwarts the lateral movement of threats within the data center or network environment. This renders attackers unable to take over any processes even if they have successfully broken through perimeter defenses.
Least privileged access with zero trust segmentation
Least privilege access control plays a significant part in the Zero Trust framework. Reducing access to only what is necessary and relevant for business needs goes a long way in decreasing the attack surface and halting a threat that has successfully breached an organization’s initial security measures. This is especially true when dealing with attacks that require propagation to be successful, such as ransomware. By scaling Zero Trust principles to all your key systems and use cases, you’ll be applying least privilege principles at the same time and shoring up your defenses with standard cybersecurity best practices.
To achieve this, you’ll need complete intelligence on what is in scope for Zero Trust and to also understand the relationships between your users, workloads and endpoints. Organizations should identify their necessary business dependencies and create policies that prevent, or at the very least alert on, any activity that is not explicitly allowed.
And, any action that is sanctioned should have a well-defined case as to why it is permitted.
Since controlling and granularly regulating what users can see and access is critical to least privilege, this includes creating micro-perimeters with controls based on user identity rules. With these, security teams can effectively enforce least privilege access, including third-party or remote, to specific applications and assets. Of course, as in all areas of Zero Trust, privileges should be continuously monitored and adjusted as needed.