Sergey Nivens - Fotolia
Micro-segmentation could provide a key component of a new approach to information security, according to IT services firm Unisys.
Traditional security is failing because it is based on the castle and moat model of perimeter defence, which is no longer valid, according to David Matthews, European security industry director at Unisys.
“Many organisations are still spending 80% of security budgets on perimeter defences when most of the malicious activity is taking place inside networks. However, it will take leadership to change and overcome the resistance of those who have a vested interest in maintaining the status quo,” he told The Cyber Security Summit in London.
To assist this shift, Unisys has developed a technology to enable organisations to protect sensitive data by making it accessible to only members of specific communities of interest.
This improves security by ensuring that if attackers are able to penetrate one micro-segment or compromise user credentials they will not have access to the entire network, only small parts of it.
Security is further bolstered by enabling encryption of data in motion and at rest, regardless of where it is stored, transmitted or used across datacentres, cloud environments or mobile devices.
According to Matthews, micro-segmentations is 30% more cost effective than traditional network security and, because it is portal-based, it cuts deployment time by 80%.
Read more about micro-segmentation
- The tech industry seems fixated breaking things apart into ever-smaller units for greater levels of “granularity”.
- Micro-segmentation makes network security more flexible with software-defined policies rather than manual configuration work.
- Micro-segmentation enables software-defined network security at a granular level, simplifying data center networks and traffic without risking breaches.
“From a governance, risk and compliance (GRC) point of view, it has the advantage of reducing the attack surface and consequently of reducing the complexity of audits,” he said.
According to Matthews, the Stealth portfolio boosts security by enabling encrypted, segregated workflows on desktops, public and private clouds and mobile devices.
Micro-segmentation frees CIOs from having to trade off security to reduce cost, or trade off agility because of compliance requirements, he claimed.
“This technology delivers security and agility using military-grade, software-based cryptographic separation of endpoints into communities of interest,” said Fraser Ross, European lead security architect at Unisys.
“This means that IT assets such as servers are effectively ‘undetectable’, which means attackers cannot ping them and get a response, protecting them against both internal and external compromise,” he said.
According to Ross, incremental implementation means there is minimal disruption to users. He said there is also no need to make any code changes to applications and the network is easily managed using identity.
“This means it is less costly and more flexible than traditional infrastructure, and it operates on any mix of public and private IP networks and any mix of media, including wireless and satellite,” he said.
Network microsegmentation is possible with SDN and NFV combined