Security practitioners know better than anyone that network security has changed significantly in the last few decades. Simplistic security measures allowed attackers to easily infiltrate and even as network controls advance, including next-gen firewalls, attackers continue to find their way into networks and data. Traditional network controls are blind to commonly deployed attacks.
In a new paper by SANS senior instructor Dave Shackleford, we look at how to rethink network security, including considering the entire environment as untrusted; better understanding intended application behavior; and focusing on trust and system-to-system relationships.
Especially in the cloud environment, micro-segmentation can be useful in making network security much more granular and controllable. This approach also supports the shift from a traditional network perimeter to one based on internal network segments, and a corresponding shift to focus on better cyber hygiene that includes inventory information, configuration management and patching.
In parallel security practitioners have been forced to deal with the growing number of applications; micro-segmentation and specifically adaptive micro-segmentation techniques can help here. For example, software-defined adaptive micro-segmentation can detect and prevent lateral movements in networks; increase visibility, reduce compromised data; centralize network control, and enable dynamic updates.
These same benefits can be applied to the data center as well. To learn more, register for the SANS webcast and paper at:
https://www.sans.org/webcasts/defeating-attackers-preventive-security-109355
See the related video where SANS' instructor and cloud security expert Dave Shackleford tackles the complexities of evolving cloud security and preventive security, including micro-segmentation, in this discussion with Tom Corn, security products group, VMware:
https://www.youtube.com/watch?v=ouMsXARfqyA&t=17s
A special thanks to our sponsor:
