Posts

What is Micro-Segmentation?

Micro-segmentation is the emerging IT security best practice of applying workload and process-level security controls to data center and cloud assets that have an explicit business purpose for communicating with each other. It offers more flexibility and granularity than established security techniques like network segmentation and application segmentation, making it more effective at detecting and blocking lateral movement in data center, cloud, and hybrid-cloud environments.

Read more

Micro-Segmentation Methods

The emergence of virtualized data centers, public cloud infrastructure, and more dynamic DevOps approaches makes the need for granular network- and application-level security controls more important than ever. Micro-segmentation is the most effective method of protecting sensitive data within these rapidly changing hybrid cloud environments.

Micro-segmentation enables visibility, alerting, and policy enforcement from the network level all the way down to the individual process level. However, the power and flexibility of micro-segmentation can also make it challenging to identify the optimal micro-segmentation methods for a specific organization. Both over-segmentation and under-segmentation can present challenges as IT security teams try to strike a balance between improving security and avoiding disruption of business processes. However, when an optimal mix of micro-segmentation methods is implemented, it provides proactive security and compliance controls and accelerates breach detection.

Read more

Harness the Benefits of Micro-Segmentation

Enterprise IT environments – and the security attacks they are subjected to – are becoming more sophisticated and diverse. While data centers continue to play a central role, a growing number of workloads are shifting to cloud and hybrid cloud deployment models. Meanwhile, emerging deployment approaches like containers bring both new advantages and new security challenges.

As a result of these shifts, the days of a well-defined perimeter are over, putting greater pressure on IT security teams to detect and prevent lateral movement among heterogeneous data center and cloud assets. Micro-segmentation with Layer 7 granularity addresses this growing challenge, bringing several essential benefits to today’s fast-evolving enterprise environments.

Read more

Time to Transform Data Centre Security?

Digital transformation is by its very definition redefining how data centres are designed and services managed and deployed. In fact, much like the long-maligned ‘perimeter’ security model many once datacentre-centric workloads are evaporating and re-forming as more agile and elastic cloud-based operational models.

Read more

Security Features of the Hybrid Cloud (OpenStack and AWS)

Everyone knows about the many benefits of the cloud: it is infinitely scalable, developer-friendly, and easy to use. However, we often avoid addressing the reality that the cloud is not perfect. The truth is that, despite the cloud’s many merits, it presents a significant challenge from a security standpoint. Security concerns might make you hesitate to deploy your workloads in any cloud, be it public or private – and understandably so.

Read more

Integrating Security and DevOps to Protect Cloud Workloads

CSO Online recently reported on a study conducted by the Cloud Security Alliance that listed the top twelve threats to cloud computing. The threats range from data breaches, to advanced persistent threats (APTs), to abuse and nefarious uses of cloud services. For example, the report discusses how malicious actors exploit poorly secured or misconfigured cloud services to abuse compute resources for nefarious purposes, such as DDOS attacks or attempts to exfiltrate data as part of a breach.

Read more

Leveraging Micro-Segmentation Data to Accelerate Breach Detection

Micro-segmentation provides the ability to isolate communication flows within applications and workloads and allows for more granular workload security than traditional tools. Beyond using micro-segmentation to allow or block connections and alert on those activities, the ability to compare, within a single platform, policy violations to historical observations can dramatically accelerate threat detection, investigation, and response.

Read more