Guard Against Cyberattacks — Application Segmentation and Security
By: Patrick Kerpan, CEO at Cohesive Networks
2014 saw more than 697 separate data breaches in the U.S., according to an October report from the Identity Theft Resource Center (ITRC). The organization estimates the 2014 attacks exposed over 81,443,910 personal records of customers, patients, partners and employees. Organizations are now facing potential exploitation by hackers, criminal gangs, foreign governments, and even disgruntled employees.
Earlier in 2015, a large health insurance company was attacked, exposing over 80 Million patient and employee records.
How can companies in all industries best prevent attacks?
Perimeter-focused security is broken
Most enterprises focus on perimeter defenses and overlook internal network security. Yet, the Target and Sony hackers exploited the weak internal network security to plunder the critical applications “on a wire” connected inside the network.
Today’s complex and distributed networks can create a more porous data center perimeter. Once hackers (or a disgruntled employees) breach the perimeter, they can easily expose potential weaknesses inside the network, like what happened in the recent Sony attack. Nearly 85 percent of insider attacks or “privilege misuse” attacks used the target enterprises’ corporate local area network (LAN), according to a 2014 Verizon security report.
Hackers are now using corporations’ networks against them.
Changes are coming — from regulation and the board room
2014 also saw some hope for enterprises looking for cures for the common data breach: more government agencies and compliance groups are updating security standards to match modern cybercrime.
Upcoming security compliance regulations — like NIST, PCI, and the EU banking standards — are beginning to focus more on security at all layers. Wrapping applications into secure networks is a new and potentially game-changing way to thwart east/west attacks.
Defense in depth with application security controllers
To guard and quarantine an application, enterprises can force all data and network traffic to go through secure, encrypted switches at every layer within a data center network. Controlled access and encryption can all but eliminating malicious east/west movement.
In order to gain control over all incoming and outgoing traffic for each application, enterprises can use “micro-perimeters” to break the secure network into smaller, tightly controlled overlay networks. Just like the physical segmentation at the core hardware layer and logical segmentation at the virtualization layer, a micro-perimeter can provide “application segmentation.”
With application segmentation, enterprises can dictate what traffic travels to each application server through the application security controller. Because all data must pass through an encrypted switch, enterprises can mediate security and segmentation. User traffic then gets isolated to flow through the application’s secure edge. Even with only basic interior firewall rules, this enterprise can protect themselves from an east/west exploit.
Application segmentation creates secure micro-perimeters
Application security controllers can add security within the network layers to strengthen existing core networking hardware and virtualization layer security. Installing full function network security appliances for each application can improve network security without changing existing network or security infrastructure.
Application segmentation allows each application’s developer team to take a proactive role in cybersecurity in any public, private, hybrid or virtualized environment.
