CTO Round Table: Fighting Ransomware with Micro-segmentation

One of the biggest concerns for info security professionals and business executives right now is ransomware attacks. It has prompted many organizations urgently assess what they need to do to contain and limit their exposure to this threat. Presented by renowned industry expert Prof. Avishai Wool, this new technical webinar will provide some best practices and tips to help organizations prevent, contain and respond to a ransomware attack. In this webinar Professor Wool will discuss:

• The different methods used by cyber criminals to penetrate the network security perimeter
• Best practices for reducing cyber criminals’ lateral movements across the network
• How to augment incident triage with critical business context to assess the severity, risk and potential business impact of an attack
• Prioritizing incident remediation efforts based on business risk, and neutralizing impacted systems through zero-touch automation
• The impact of a ransomware on regulatory compliance

Avishai Wool, CTO and co-founder of AlgoSec, looks at how organizations can implement and manage SDN-enabled micro-segmentation strategies   Micro-segmentation is regarded as one of the most effective methods to reduce an organization’s attack surface, and a lack of it has often been cited as a contributing factor in some of the largest data breaches and ransomware attacks. One of the key reasons why enterprises have been slow to embrace it is because it can be complex and costly to implement – especially in traditional on-premise networks and data centers. In these, creating internal zones usually means installing extra firewalls, changing routing, and even adding cabling to police the traffic flows between zones, and having to manage the additional filtering policies manually. However, as many organizations are moving to virtualized data centers using Software-Defined Networking (SDN), some of these cost and complexity barriers are lifted.  In SDN-based data centers the networking fabric has built-in filtering capabilities, making internal network segmentation much more accessible without having to add new hardware. SDN’s flexibility enables advanced, granular zoning:  In principle, data center networks can be divided into hundreds, or even thousands, of microsegments. This offers levels of security that would previously have been impossible – or at least prohibitively expensive – to implement in traditional data centers. However, capitalizing on the potential of micro-segmentation in virtualized data centers does not eliminate all the challenges. It still requires the organization to deploy a filtering policy that the micro-segmented fabric will enforce, and writing this a policy is the first, and largest, hurdle that must be cleared. The requirements from a micro-segmentation policy A correct micro-segmentation filtering policy has three high-level requirements: It allows all business traffic – The last thing you want is to write a micro-segmented policy and have it block necessary business communication, causing applications to stop functioning. It allows nothing else – By default, all other traffic should be denied. It is future-proof – ‘More of the same’ changes in the network environment shouldn’t break rules. If you write your policies too narrowly, when something in the network changes, such as a new server or application, something will stop working. Write with scalability in mind. A micro-segmentation blueprint Now that you know what you are aiming for, how can you actually achieve it?  First of all, your organization needs to know what your traffic flows are – what is the traffic that should be allowed. To get this information, you can perform a ‘discovery’ process. Only once you have this information, can you then establish where to place the borders between the microsegments in the data center and how to devise and manage the security policies for each of the segments in their network environment. I welcome you to download AlgoSec’s new eBook, where we explain in detail how to implement and manage micro-segmentation. AlgoSec Enables Micro-segmentation The AlgoSec Security Management Suite (ASMS) employs the power of automation to make it easy to define and enforce your micro-segmentation strategy inside the data center, ensure that it does not block critical business services, and meet compliance requirements. AlgoSec supports micro-segmentation by: Providing application discovery based on netflow information Identifying unprotected network flows that do not cross any firewall and are not filtered for an application Automatically identifying changes that will violate the micro-segmentation strategy Automatically implementing network security changes Automatically validating changes The bottom line is that implementing an effective network micro-segmentation strategy is now possible. It requires careful planning and implementation, but when carried out following a proper blueprint and with the automation capabilities of the AlgoSec Security Management Suite, it provides you with stronger security without sacrificing any business agility. Find out more about how micro-segmentation can help you boost your security posture, or request your personal demo.  

Discover how AlgoSec makes it easy to define & enforce your micro-segmentation strategy. Discover business applications, define segments with application mapping, implement & maintain policies.