The idea of segmentation for security is nothing new. Perimeter firewalls, along with VLANs and ACLs, are what most companies have traditionally used to segment and protect their IT infrastructure. However, times are changing. The increase in containerization, software-defined networking, the use of public and multicloud infrastructure, and the expansion of internet-connected devices have created a new set of security issues to address — one that needs a solution built for a heterogeneous IT environment with varying sets of security requirements. Plus, ransomware and nation-state-affiliated threat actors are now a risk to any business, and attackers are becoming more sophisticated at the same time that gaining visibility into your IT environment is becoming harder to grasp. Traditional perimeter security measures, as well as next-gen firewalls based on deep packet inspection or signature-based detection, struggle to keep up with the amount of traffic an enterprise data center experiences today. Let’s look at how the right microsegmentation techniques are the best technology to address the shortcomings of other alternative network segmentation approaches.
As hybrid cloud environments have become the norm, they demand a specific set of requirements above and beyond traditional perimeter security
Legacy firewalls are inadequate for east-west traffic
When looking to segment IT environments, an enterprise might first look to legacy perimeter security devices. Unfortunately, these devices were built to monitor traffic that moves from north to south, from client to server. This includes any traffic that comes to the data center from any external source. More recently, the amount of traffic within the data center moving from server to server, usually referred to as east-west traffic, has increased exponentially. This is in large part due to the growth of virtualization and
converged infrastructure such as hypervisor, VPC, and container-based computing.
Perimeter security measures like traditional firewalls do nothing to protect your business from infected devices or to prevent attackers as they expand their foothold using east-west traffic. With the rise of TLS encryption and the easy hiding of malicious traffic piggybacking across open legitimate application ports, many attacks can get through even when traversing the firewalls. This leaves you unable to spot existing breaches and resolve or divert them. It also means that you cannot easily limit the dwell time that attackers have on your network. The longer the dwell time, the more catastrophic the breach. The Active Adversary Playbook 2022 from Sophos found that, while the average median dwell time was 15 days, small businesses and specific industries saw much longer average dwell times — up to 34 days.
The more time an attacker can go undetected in your network, the more damage they can do.
It is simply not possible to use enough virtualized firewalls to protect thousands of applications or workloads. Even if a virtualized solution could be created, it would be impossible to manage or control considering the ever-changing dynamic environments in which we now work. When it comes to hybrid cloud, for example, traditional firewalls are even more difficult to use, as they need to work across various environments, track workloads across different clouds, and be controlled from a single point. To try and solve these issues, several network segmentation approaches have appeared.