Containment is a military strategy to stop the expansion of an enemy. The strategy of containment has been used successfully in world wars, cold wars, and the war on terror. Today, it is a company's newest and best weapon in defending against cyber-attacks.
The strategy of containment for cyber-security is a simple premise to grasp. Simply put, it stipulates that a successful attack on a part of your enterprise won't be able to spread and destroy all of your enterprise. Historically, this has been done by separating segments into separate physical locations, separate divisions, and separate servers. The tools used were separate physical buildings and logical separation with firewalls that blocks data traffic based upon a set of rules programmed into them. This worked well for the last 15 years or so, but with advances in cloud and mobile technologies, as well as the increasingly integrated business ecosystem, these tools of yesterday can no longer keep up with the containment requirements of today.
Yesterday's security concepts are based upon the need for security measures to be perfect. After all, a cyber-attack only needs to work once for it to be successful. This need for perfection is a failed concept.
Whether an employee's ill-advised click on a phishing email, a missed or delayed patch of some remote system, an employee that turns (or is turned) against you, or one of those truly advanced persistent threats now being launched by well financed and resourced global adversaries—we know that perfection is impossible. And the bad guys know it too.
Today's malware is often designed to use any entry point into an enterprise, no matter how minor or inconsequential a link. Once inside, it then proceeds to map out the target enterprise, move laterally around the soft interior (since most money is spent keeping malware out, little is spent protecting against something that is already inside), and over time escalate its privileges that enable denial, destruction or disclosure.
Enter the strategy of micro-segmentation for containment. Since we know that security perfection is impossible and relying on it ultimately guarantees failure, micro-segmentation takes a more realistic approach that doesn't require perfection to be successful.
Micro-segmentation is new technology designed specifically to provide containment in today's hyper-connected world. It accepts that users are human, that technology evolves constantly, and that the bad guys are just as clever as the good guys. When properly deployed, a system of micro-segmentation will allow you to contain whatever threat inevitably makes its way into your enterprise.
The difference with this new containment strategy is its ability to work at the Internet Protocol (IP) packet level, which makes it easily applicable anywhere your data goes, from your data centres to public clouds, to employees in coffee shops to suppliers around the world. Driven by existing identity management systems like Active Directory or LDAP, it's simple to establish communities of interest for authorised users across all of these technologies.
With micro-segmentation, it's quick and easy to create a cryptographically sealed community just for human resources, so that everyone in the HR group can reach it from anywhere, but no one else – including malware that got in somewhere else and is looking for something to steal – can even see that it is there. And since it's cryptographically enabled at the IP packet level, you don't even have to fiddle with the applications themselves, saving time and money.
Today, enterprises are quickly layering on micro-segments for HR, finance, trade secrets, supply chains, PII, PCI, HIPAA, and more. This takes full advantage of the infrastructure already built and deployed, bypassing many of the constraints like overwhelming network rules and inability to keep up with tracking security events, while addressing the evolved business, technology, and security realities of today.
Containment works today as it always has in the struggle between good and evil. New technologies like micro-segmentation can make it an efficient and realistic strategy to protect against advanced digital attacks.
Contributed by Tom Patterson, VP Global Security, Unisys