The Zero Trust Framework

Pillars of Zero Trust: Efficacy of Micro-Segmentation

AUG 24, 2020

By John P. Blessing, Trace3, Research Principal

The Zero Trust security mantra is to trust nothing of your Workforce (people), Workplace (devices), and Workloads (applications/data); then watch everything and constantly check and verify changes that occur.

It can be simplified into two simple statements:

  • Trust Nothing by Default [1]
  • Trust is not Permanent [2]

Micro-segmentation in enterprise networks is an essential part of successfully deploying a Zero Trust security strategy.  The path from the perimeter network (north-south) and the internal connection of devices and applications (east-west) are all suspected to have bad actor activity. Continuous monitoring of the segments for normal activity reveals the actions that shouldn’t happen, such as the scanning process of a breached system.

Speed Kills

WannaCry (Ransomworm), Petya (Ransomware), and NotPetya (Cyberweapon) all had significant impacts across organizations at the global level[3] in 2017. They infected computers across 150 countries within hours of each breach. All had a slight variation to how the exploits moved across the network through devices, but what they shared was the extreme speed of infection and spread. NotPetya alone was estimated near $10 billion in damages[4].

The battle was over before anyone knew one it had started.

The exploit of these variants was made possible due to breaching the perimeter security and then exploiting devices at will, sometimes with a long delay from the breach to execution of a payload. The design of networks without Zero Trust network security allows a payload to deliver extremely fast across the pipes once inside the perimeter.

Micro-Segmentation Isn’t Just for Networks

The ‘defense in depth’ concept of security was based on military studies. Slow your adversary down and buy time so they burn more resources than they desire. Trenches, barbed wire, tanks, cannons, infantry, and mines would all be deployed to protect a valuable bridge or city during battle. Why would security design stop at the network layer against an adversary deploying Advanced Persistent Threats (APTs)? It shouldn’t.

That is why micro-segmentation in Zero Trust delivers a broader net to cover all the ways that the Workforce uses the Workplace to access the Workloads. This can easily be seen by the number of vendors that are incorporating micro-segmentation into their solutions[5]:

Software Defined Networks / Perimeter Cisco ACI, Juniper Contrail, VMware NSX
Network-Based Appliances vArmor
Host Based Agents Alcide, Cisco Tetration, Cloud Passage, Cloudvisory, Illumio, Edgewise, Colortokens
Microservices Based Applications ShieldX
Container Based Frameworks Alcide, Tigera, Twistlock, Aporeto
IAAS (Hyperscalers) AWS, Azure, Google
API Based Protections AlgoSec, Cloudvisory, Tufin

 

Micro-segmentation in Zero Trust slows down the adversary and makes them burn more time for every segment they need to maneuver toward their target. Deploying more segments of security into the network, platform, or applications will make the path to success for adversaries more difficult. They may just forgo the attack and move onto a different target.

Does Micro-Segmentation Help?

The efficacy of micro-segmentation was captured in a study by BishopFox with sponsorship from Illumio[6]. The goal of the study was to measure the Illumio Adaptive Security Platform (ASP) in its effectiveness of limiting lateral network movement.

In the study, BishopFox used a control group and three use cases that progressively increased the micro-segmentation properties. The research team also increased the number of devices in the target field to see if the study would scale.  What was found was that, at any scale, applying a simple micro-segmentation policy can increase the attack time of an adversary by a minimum of 300 percent.

To summarize, micro-segmentation is effective in slowing the adversary in the time to infiltrate while minimizing the dwell time because bad actors are slowed in their movement through the network and the application layers.

For more information on how to architect and implement Zero Trust, request a custom Trace3 Zero Trust Workshop.

Don’t forget to read the other parts of this blog series where we look at the other pillars of Zero Trust; Workforce and Workplace.

 

_____________________________________________________________________

[1] Forrester (2016). No More Chewy Centers: The Zero Trust Model of Information Security

[2] Gartner (2018). Zero Trust is an Initial Step on the Roadmap to CARTA

[3] Guardian (2017). https://www.theguardian.com/technology/2017/dec/30/wannacry-petya-notpetya-ransomware

[4] Wired (2018). https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

[5] Gartner (2018). IBID

[6] BishopFox (2020). Efficacy of Micro-Segmentation

Leave a Reply

Your email address will not be published. Required fields are marked *