Micro-segmentation is the way forward in protecting networks. But a successful micro-segmentation deployment cannot be slapped together – it requires deliberate and detailed forethought in order to get it all right — the first time around.
https://www.guardicore.com/wp-content/uploads/2019/02/microseg-operationalizing-blog-image-resize.jpg 187 679 Lior Neudorfer https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Lior Neudorfer2019-02-07 00:12:052019-03-10 12:08:50Operationalizing Micro-Segmentation to Get You Started
https://www.guardicore.com/wp-content/uploads/2018/12/application-discovery-blog.jpg 187 686 Monica Givati https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Monica Givati2018-12-13 03:53:502019-03-10 11:50:24Micro-Segmentation and Application Discovery - Gaining Context for Accurate Action
Application discovery across all environments and application delivery technologies helps organizations achieve the best possible security protection, compliance posture, and application performance levels.
https://www.guardicore.com/wp-content/uploads/2018/11/businesswoman-getting-buyin-at-mtng-w-colleagues-resize.jpg 187 686 Ariel Zeitlin https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Ariel Zeitlin2018-11-18 08:09:322019-02-23 13:26:34Implementing Micro-Segmentation Insights, Part 2: Getting Internal Buy-In
In a recent blog, I revealed part one of my insights from implementing micro-segmentation projects with large customers. Vendors don’t always get the perspective of deep involvement in the execution of these projects, but I have been fortunate enough to cultivate relationships with our customers and have thus been granted an inner view. In my first blog of this series, I discussed short versus long-term objectives and the importance of knowing your goals and breaking them down into phases to ensure that you’re truly working on the important matters first and foremost. In this blog, I want to get into the importance of getting internal buy-in from other teams in order to enable improved implementation. To make the process easier for all involved, “selling” the project to other teams is an important early step.
More often than not the segmentation project is driven by the security organization and they are the ones who see immediate value out of it, but they need the collaboration of other teams to help them deploy the product. It doesn’t really matter if the product is an overlay (usually based on agents) or underlay (comes as a part of the infrastructure).
Some teams will need to carry more of the weight and bear more in the processes of deploying such a project- networking, application, infrastructure, system etc. To achieve collaboration of those teams it helps to carry a carrot, not just a stick. Getting early buy-in on these projects and planning out collaboration from the right people will make the process much easier in the long run. In order to do so, the solution needs to be “sold” internally. And just like with any sales process, the more you are prepared and equipped for this, the smoother it will go.
As is true with any sales process, there will be the “early adopters” and the “late adopters.” In our experience, when the project team was well prepared and presented the benefits of the solution to the other teams, the impact was significant. If you can show the application team how they can benefit from the solution they will not just ease up on the objections, in fact they will be pushing the deployment.
But, there is a significant BUT to this. The product you choose for your segmentation needs to be able to deliver those carrots. It needs to be able to support use cases that are not the clear immediate concern of its direct, original audience. Here is a small example: let’s say you need to convince the application owner to install the agents that will enforce the policy. The application owner usually has little interest in the security use case and might object or hesitate because of the additional player introduced in the mix: wondering how will it affect the stability, and performance etc. But if you are able to demonstrate that he will gain value from the product, he in fact will become the one who pushes the deployment.
One of such value propositions that we constantly see is the value of “getting visibility into your application.” This is of course a great promise, but for the application owner to actually be able to gain value from this visibility, the visibility should have certain properties: it needs to be L7 with application context, it needs to collect data and store it historically (pay attention here that for the sake of building policy the historical aspect of the data is not important at all, you just need to know what connections might happen), and it needs to be searchable and filterable to allow simple and convenient consumption by the application owner. This of course is just one example, but the important lesson is to show the many ways in which the solution can expand beyond the obvious reason for implementation to help ensure buy-in of other teams through the illustration of other benefits.
So, when starting to deploy a segmentation solution make sure that you prepare an on-boarding package for the teams you need to cooperate with that includes ways they can leverage the product to expedite the adoption process and make the projects deadlines. Equally as important, when doing so make sure that the product you choose can actually cater to those use-cases, and many of the products on the market today miss that important point.
https://www.guardicore.com/wp-content/uploads/2018/08/benefits-micro-segmentation.jpg 187 686 Monica Givati https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Monica Givati2018-08-09 01:27:512019-03-10 11:54:37Harness the Benefits of Micro-Segmentation
One of the major benefits of micro-segmentation is that it provides shared visibility into the assets and activities in an environment without slowing development and innovation. Implementing micro-segmentation greatly reduces the attack surface in environments with a diverse set of deployment models and a high rate of change.