COMMENTARY: Segmenting an enterprise network to limit lateral movement within an environment has become a critical step for minimizing the attack surface.
Taking a software-based approach to microsegmentation offers the flexibility needed to address the segmentation needs of today’s complex, dynamic and heterogeneous environments. Unfortunately, not all microsegmentation projects achieve the protection that project planners envision.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
In our experience working with enterprise security teams, there are five reasons why microsegmentation implementations fail:
- Failure to set clear goals: Time and again we see situations where the security team has been tasked with implementing microsegmentation, but without a clearly defined goal for what it should look like in practice. Important questions remain unanswered: What segmentation approach will be used? How will different systems and datasets get segmented? Will application ringfencing be part of the plan? If so, what applications will we include? How will the project impact user access, including third-party access? Without a thorough examination of these and other relevant issues, it’s likely the project will stall or fail to deliver the level of protection that led to the request in the first place.
- Lack of stakeholder buy-in: Typically, it’s the network security team responsible for firewall management that’s tasked with segmentation. However, unlike a physical firewall, microsegmentation touches systems across the enterprise. That means multiple stakeholders must be actively involved in implementation—from application owners to software deployment teams. Without their support and engagement, the project will likely stop dead in its tracks. Making sure everyone buys-in, from the CISO to the individual business application groups, ensures success.
- Limited deployment scope: Teams often think that companies only need microsegmentation for part of the environment. When a microsegmentation solution only gets deployed to a subset of systems, the team loses visibility of its entire threat surface. This can obscure potential vulnerable areas that attackers could exploit. As a result, the organization won’t achieve the full value of microsegmentation. We have seen cases where an organization decides to start small, segmenting only certain assets as a proof of concept, but then they fail to build on this foundation. In some cases, it’s because of a lack of broader buy-in. Whatever the reason, limiting the scope of what systems are included for microsegmentation can lead to a false sense of security—until a breach occurs in a section of the environment that’s not covered by the segmentation. To avoid this, it's important to embrace microsegmentation as a comprehensive, enterprisewide strategy.
- Incomplete testing: When evaluating microsegmentation products, security teams often limit themselves to cursory functional testing. Since virtually every available option offers basic functions for visibility and blocking, this can lead to purchase decisions based solely on price. The trouble begins after deployment when the limitations of the products become apparent. It’s important to delve beneath the surface and ask some probing questions: How flexible and simple is the process of creating security policies? How easy can the team integrate existing tools into the environment? How quickly can they investigate suspicious activity in the environment? Understanding how it will perform under real-world conditions is essential to selecting a product that the team can deploy at scale and meet expectations.
- Lack of continuous improvement: Teams also often view microsegmentation as a “set it and forget it” solution. Over time, this can lead to vulnerabilities as the environment evolves. Instead, organizations should view microsegmentation as the centerpiece of its network security. That means continually maintaining and enhancing the product to ensure it meets the needs of the enterprise. This includes adapting policies when changes occur within the environment, federating control of policies among the leading stakeholders and implementing workflows with security operations teams to ensure an effective response to suspicious behavior. While this does require time and attention, it’s time well spent given the value of reducing the risk of data theft.
Given the onslaught of cyber threats, organizations should assume a breach will occur sooner or later. Ensuring a comprehensive, well-designed microsegmentation implementation can help limit the “blast radius” and protect valuable data from bad actors. Indeed, a properly deployed microsegmentation solution has now become an important element of a zero-trust strategy.
Avoiding common microsegmentation pitfalls can help protect the enterprise and the company’s customers from a disastrous breach. Given today’s threat landscape, we can not fall short.
Garrett Weber, Field CTO for Enterprise Security, Akamai Technologies
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.