The Business Case for Network Segmentation

Similar documents
Protecting Your SaaS Investment: Monitoring Office 365 Performance

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Data Center Consolidation and Migration Made Simpler with Visibility

Best Practices in Securing a Multicloud World

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

MEETING ISO STANDARDS

Simple and Secure Micro-Segmentation for Internet of Things (IoT)

HOW MIDSIZE ORGANIZATIONS CAN MEET COMPLIANCE REQUIREMENTS AND ENHANCE CYBERSECURITY WITH MICRO-SEGMENTATION WHITE PAPER FEBRUARY 2018

Trends and Challenges We now live in a data-driven economy A recent Gartner report discussing NetOps 2.0 stated, NetOps teams must embrace practices a

Simple and secure PCI DSS compliance

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

The Evolution of Data Center Security, Risk and Compliance

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Delivering Visibility for Your Risk Management Framework

SYMANTEC DATA CENTER SECURITY

A CISO GUIDE TO MULTI-CLOUD SECURITY Achieving Transparent Visibility and Control and Enhanced Risk Management

SHA-1 to SHA-2. Migration Guide

Network Visibility and Segmentation

Comprehensive Database Security

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

The SD-WAN security guide

10 FOCUS AREAS FOR BREACH PREVENTION

Automating the Top 20 CIS Critical Security Controls

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

The Critical Assets Filter for the SOC Focus discovery and analytics to expedite security investigations

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Modern Database Architectures Demand Modern Data Security Measures

VMware vrealize Network Insight Arkin Messaging Document

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Carbon Black PCI Compliance Mapping Checklist

ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS

Deliver End-to-End Systems Management for Cisco Data Centers That Run Microsoft Applications

CISO View: Top 4 Major Imperatives for Enterprise Defense

Operationalizing NSX Micro segmentation in the Software Defined Data Center

Cisco Start. IT solutions designed to propel your business

F5 Reference Architecture for Cisco ACI

DEVOPSIFYING NETWORK SECURITY. An AlgoSec Technical Whitepaper

Best Practices for PCI DSS Version 3.2 Network Security Compliance

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Next Generation Privilege Identity Management

AWS Reference Design Document

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Cloud, SDN and BIGIQ. Philippe Bogaerts Senior Field Systems Engineer

Tenable.io User Guide. Last Revised: November 03, 2017

Protect Your Data the Way Banks Protect Your Money

Evolved Backup and Recovery for the Enterprise

MAXIMIZE SOFTWARE INVESTMENTS

Choosing the Right Cloud Computing Model for Data Center Management

Agile Security Solutions

Device Discovery for Vulnerability Assessment: Automating the Handoff

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Securing Your Amazon Web Services Virtual Networks

NEN The Education Network

Securing Digital Transformation

Data-Driven DevOps: Bringing Visibility to Any Cloud, Any App, & Any Device. Erik Giesa SVP of Marketing and Business Development, ExtraHop Networks

Five Essential Capabilities for Airtight Cloud Security

The Convergence of Security and Compliance

Datacenter Security: Protection Beyond OS LifeCycle

Help Your Security Team Sleep at Night

Cisco Tetration Analytics

Ensuring a Consistent Security Perimeter with CloudGenix AppFabric

Imperva Incapsula Website Security

Strengthening Identity Infrastructure Through Visibility & Vigilance

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Streamline IT with Secure Remote Connection and Password Management

Accelerate Your Enterprise Private Cloud Initiative

The Benefits of Wireless Infrastructure Management in the Cloud

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Exam : Title : ASAM Advanced Security for Account Managers Exam. Version : Demo

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Securing the Modern Data Center with Trend Micro Deep Security

Securing Your SWIFT Environment Using Micro-Segmentation

Next-Generation HCI: Fine- Tuned for New Ways of Working

Integrated Access Management Solutions. Access Televentures

How WhereScape Data Automation Ensures You Are GDPR Compliant

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Securing Your Microsoft Azure Virtual Networks

Healthcare IT s Top 3 Pain Points

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

DELL EMC VSCALE FABRIC

The Market Disruptor. Mark Pearce EMEA Director Channel Networking November 16 th Networking Solutions for the Future-Ready Enterprise

Bomgar Discovery Report

Go Cloud. VMware vcloud Datacenter Services by BIOS

Complying with PCI DSS 3.0

Understand & Prepare for EU GDPR Requirements

Single-Tenant vs. Multi-Tenant Enterprise Software

Evolution For Enterprises In A Cloud World

Everything visible. Everything secure.

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

SDN HAS ARRIVED, BUT NEEDS COMPLEMENTARY MANAGEMENT TOOLS

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

WHITE PAPER. F5 and Cisco. Supercharging IT Operations with Full-Stack SDN

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

ExtraHop Platform Overview: Gain Control With Real-Time IT Analytics

GDPR Update and ENISA guidelines

align security instill confidence

Transcription:

Modern network segmentation to reduce risk and cost Abstract Modern network segmentation, also known as microsegmentation, offers a new way of managing and securing your network, offering tremendous benefits in terms of data protection, simpler compliance, and IT agility. ExtraHop provides the visibility needed to implement this new technology and realizing the benefits to your organization. This white paper explains how microsegmentation for your applications and datacenter network (not including campus and BYOD segmentation) equips your IT organization to significantly reduce both risk and cost.

Executive Summary New virtual networking technology enables organizations to automatically break their network into mini- networks and ensure that only approved communications are taking place on the network. If you stop to think about it, enterprise IT should have had this ability a long time ago, but virtual networking technology is just now catching up to technology for server virtualization. Remember the days when IT staff had to go around racking physical servers every time new server capacity was required? Then, they would have to painstakingly ensure the software configurations were correct and patches were up to date. Server virtualization abstracted much of that work so that today, an admin can spin up a new virtual machine with the push of a button and know that all the correct configurations are in place. With software- defined networking (SDN) technology, networking has the same potential for automation and control as is seen today with server virtualization. The benefits for security, compliance, and efficiency are tremendous. Instead of allowing every computer in the network to talk to others, enterprise IT organizations can precisely define and enforce which communications are allowed within these microsegments. The Evolution of Network Segmentation In the early days, organizations had flat networks where all devices could connect to one another. The first network segmentation efforts used firewalls and switches to impose some level of control on which communications were allowed, but these were static, coarse- grained controls based on IP addresses. Software- defined networking (SDN) makes new network segmentation approaches possible, so that organizations can create policies to automatically control what types of communications are allowed based on the type of function a computer serves, its unique identifier, and what data it handles. Flat Network with no controls Segmented Network with coarse, static controls Segmented Network with software-defined controls 2

In simple terms, network segmentation offers the ability to define and enforce which communications are allowed. New SDN technology makes network segmentation much easier to manage and automate so that it provides significant business benefits, including improved security, simpler compliance reporting, and greater IT efficiency and agility. Stronger Security Defenses Once an attacker compromises a computer inside your network, they will conduct reconnaissance, looking for valuable assets or probing for weaknesses so that they can extend their reach. With microsegmentation that defines how computers can connect to one another, IT organizations can make it much more difficult for attackers to move from one area of the network to another. In addition, because microsegmentation creates barriers between blocks of the network, it is more difficult for attackers to get valuable data out of the environment. Simpler PCI and HIPAA Compliance One of the simplest ways to reduce your regulatory compliance burden is to reduce the scope. Regulations including PCI and HIPAA require companies to prove that they are handling sensitive data securely. Without network segmentation, you must prove that your entire IT environment meets the required standards. However, by segmenting your network, you can keep that sensitive data where you can prescribe which users and computers have access to it and also where you have adequate monitoring in place. This reduces the risk of a data breach, non- compliant activity that could incur penalties, and the scope and cost of regular compliance assessments. Efficiency and Agility Just as server virtualization enabled systems teams to deploy and manage compute resources much more efficiently, new software- defined networking technologies promise to bring more automation and standardization to networking. Networking teams can focus on defining and monitoring policies instead of spending time configuring systems. Together, server and network virtualization enable what is dubbed the software- defined datacenter, where teams can deploy resources quickly while adhering to policies. Technologies Required for Modern Network Segmentation Two types of technology are required to make microsegmentation a reality for your organization: A software- defined networking (SDN) platform, such as Cisco ACI, VMware NSX, or Big Switch Big Cloud Fabric. These technologies enable you to orchestrate network provisioning and management according to policy. Application discovery and monitoring technology to discover existing networks and applications in your environment, map out the dependencies, and provide ongoing visibility. These goals are best achieved with passive, network- based observation of application communications. 3

WHITE PAPER The Business Case for Network Segmentation Methodology for Network Segmentation ExtraHop can help to discover, evaluate, and identify gaps in your current network infrastructure. This technology will automatically discover existing networks and applications in your environment and map out the dependencies. With this unbiased, real- time view of the communications taking place in your environment, you can create a network segmentation design that can be implemented with minimal disruption while also achieving the project s goals. After implementation, this technology will provide ongoing visibility for security event detection, simpler compliance reporting, and application performance troubleshooting. Planning Phase The Planning Phase of the Network Segmentation begins with a whiteboard session to gain a better understanding of where your organization stands today with regard to network segmentation requirements. You should aim to determine the current state of segmentation on your network and review strategies for limiting network access through segmentation. Design Phase The Design Phase begins by mapping out the real- time application dependencies and communications using ExtraHop. This unbiased assessment of your environment provides a complete and continuously updated view of how systems are currently connecting, including the protocols and services in use. Equipped with this information, your organization can create policies that take into account how the applications and services in your environment actually operate. Application activity maps reveal hidden dependencies and activity that you need to know about when planning network segmentation. 4

Implementation Phase During the Implementation Phase, the continuous visibility ExtraHop helps to ensure that network services continue to function as planned. After the implementation is complete, the ExtraHop deployment can help your teams validate that traffic is properly segmented and that applications continue to perform well. Operate Phase Network segmentation is not a technology you purchase, but only one aspect of a new way of managing networks and security. How your organization adjusts operations to take advantage of new network segmentation technology will determine the success of the project. The Operate Phase is where the visibility from ExtraHop plays a key role. While the SDN platforms such as Cisco ACI or VMware NSX enable microsegmentation, you still need visibility into the actual application communications on the network to proactively address performance issues, detect suspicious activity, and provide reports for compliance purposes. With ExtraHop, your teams can create custom dashboards and reporting that reflect your policies: Encryption - Ensure that traffic is encrypted inside sensitive network segments, and that it uses sufficiently strong ciphers. Data movement - Identify communications that cross boundaries that should be kept separate, such as test and production environments. Protocols - Detect application communications that are insecure or otherwise not compliant with policy, such as unencrypted file transfer protocol (FTP) or telnet. Access - Monitor logins by user to see who is accessing sensitive files and applications. ExtraHop provides reporting on which user accounts have accessed sensitive data, which makes compliance reporting much simpler. Data breach - See when data leaves your environment even surreptitiously. ExtraHop provides the transaction details that allow your teams to differentiate between legitimate and malicious data transfers. You can create dashboards to monitor non-compliant activity, such as sessions using non-secure MD5 and SHA-1 ciphers as shown here. 5

Conclusion As you prioritize your organization s IT initiatives, put network segmentation at the top of the list. This technology not only dramatically reduces risk, but also saves money by simplifying compliance tasks and making network services easier to provision and manage. ExtraHop s visibility supports network segmentation projects by showing you how applications function, ensuring performance during changes, and ongoing monitoring for security and operations. About ExtraHop ExtraHop makes real- time data- driven IT operations possible. By harnessing the power of wire data in real time, network, application, security, and business teams make faster, more accurate decisions that optimize performance and minimize risk. Hundreds of organizations, including Fortune 500 companies such as Sony, Lockheed Martin, Microsoft, Adobe, and Google, start with ExtraHop to discover, observe, analyze, and intelligently act on all data in flight on- premises and in the cloud. ExtraHop Networks, Inc. 520 Pike Street, Suite 1700 Seattle, WA 98101 USA www.extrahop.com 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback