Sergey Nivens - Fotolia

Micro-segmentation key to new approach to infosec, says Unisys

Micro-segmentation enables organisations to improve data security at reasonable cost without compromising agility, governance, risk and compliance, says Unisys

Micro-segmentation could provide a key component of a new approach to information security, according to IT services firm Unisys.

Traditional security is failing because it is based on the castle and moat model of perimeter defence, which is no longer valid, according to David Matthews, European security industry director at Unisys.

“Many organisations are still spending 80% of security budgets on perimeter defences when most of the malicious activity is taking place inside networks. However, it will take leadership to change and overcome the resistance of those who have a vested interest in maintaining the status quo,” he told The Cyber Security Summit in London.

To assist this shift, Unisys has developed a technology to enable organisations to protect sensitive data by making it accessible to only members of specific communities of interest.

The technology refines network segmentation by enabling micro-segmentation, or the division of physical networks into thousands of logical micro-segments using software-defined identities.

This improves security by ensuring that if attackers are able to penetrate one micro-segment or compromise user credentials they will not have access to the entire network, only small parts of it.

Security is further bolstered by enabling encryption of data in motion and at rest, regardless of where it is stored, transmitted or used across datacentres, cloud environments or mobile devices.

According to Matthews, micro-segmentations is 30% more cost effective than traditional network security and, because it is portal-based, it cuts deployment time by 80%.

Read more about micro-segmentation

“From a governance, risk and compliance (GRC) point of view, it has the advantage of reducing the attack surface and consequently of reducing the complexity of audits,” he said.

According to Matthews, the Stealth portfolio boosts security by enabling encrypted, segregated workflows on desktops, public and private clouds and mobile devices.

Micro-segmentation frees CIOs from having to trade off security to reduce cost, or trade off agility because of compliance requirements, he claimed.

“This technology delivers security and agility using military-grade, software-based cryptographic separation of endpoints into communities of interest,” said Fraser Ross, European lead security architect at Unisys.

“This means that IT assets such as servers are effectively ‘undetectable’, which means attackers cannot ping them and get a response, protecting them against both internal and external compromise,” he said.

According to Ross, incremental implementation means there is minimal disruption to users. He said there is also no need to make any code changes to applications and the network is easily managed using identity.

“This means it is less costly and more flexible than traditional infrastructure, and it operates on any mix of public and private IP networks and any mix of media, including wireless and satellite,” he said.

Next Steps

Network microsegmentation is possible with SDN and NFV combined

Read more on Hackers and cybercrime prevention