Software-based microsegmentation is an emerging security best practice that offers several advantages over more established approaches like network or application segmentation. These traditional methods rely heavily on network-based controls that are coarse and often cumbersome to manage. However, the software-based segmentation element of microsegmentation separates security controls from the underlying infrastructure and provides businesses with the flexibility to extend protection and visibility anywhere.
“Microsegmentation is essential at a time when many organisations are adopting cloud services and new deployment options, like containers, which make traditional perimeter security less relevant,” says Stefan van de Giessen, security and global system integrator (GSI) lead: Africa, at Exclusive Networks Africa. “It is essentially a software-defined network overlay that, through artificial intelligence, allows for greater visibility around all assets within the network. This infrastructure visualisation is helpful in that it makes activity in the environment easier to identify and understand. We teamed up with Akamai Technologies, a cloud company that powers and protects life online.
“This approach allows companies to ringfence their applications and servers and define which ones can talk to each other. This is critical in the case of, for instance, a ransomware attack as the malware is not able to spread to other machines within the network due to these authorisation parameters. The ability to lock down a device individually allows for greater control over the blast radius of an attack, which would not be possible with the use of a firewall, for instance.”
A software-based microsegmentation solution can be rolled out faster, seamlessly and with far less capital expenditure than would be required to purchase firewall appliances and additional hardware. It also allows businesses to avoid lengthy implementation timelines – taking rollout timelines from over a year down to weeks – as well as the unavoidable related downtime. In addition, the reduced maintenance – and reduced management effort needed – results in far lower operating expenses over time.
“Microsegmentation may be a newer concept to many, but it is becoming an increasingly important tool for IT teams challenged with ensuring that security policies and compliance keep pace with the rapid rate of change in today’s dynamic data centre, cloud and hybrid cloud environments,” Van de Giessen said.