In every major breach I've researched over the past couple of years a common thread stands out. Attackers didn’t start with the system they were really after. We've gotten smarter; we are doing a better job protecting our most critical systems. They are either too well defended to directly attack or monitored closely enough that we quickly detect and respond to overt direct attacks.
Enter the horizontal kill chain. Start with an end-user workstation and work your way from system to system harvesting shared credentials as you go. Take advantage of the open fully routed underbelly of the typical enterprise’s internal network to launch attacks from “trusted” addresses.
There's 2 ways to deal with this. Host security and network segmentation. Make each host harder to compromise – even systems that don’t seem that important. But also make the network more like the least privilege we try to follow on file systems and with OS privileges. Don' let every endpoint communicate freely with everyone other endpoint on the entire network. That is easier said than done with a physical network. Many times your physical network topology doesn't line up with how you'd like to divide it up in terms of security zones. And firewall and router rules are never simple let alone fun. There's plenty of risk to breaking business processes with your fancy router rules.
And that brings us to one of the coolest things about virtualization. Most of the focus on virtualization has been about cost, speed and flexibility. But now we are starting to see some incredible security opportunities. And in this webinar I’m going to dive into micro-segmentation.
Micro-segmentation is a way to implement fine-grained security boundaries at the hyper-visor level that automatically limit traffic between virtual machines based on how a VM is tagged in terms of its workload.
The hypervisor compares a VM’s tags to security policies and automatically allows that VM to communicate with other systems associated with the same workload. But that same VM is protected from the rest of the network and the rest of the network is protected from it. And those policies follow that VM around if its migrated to a different virtualization host or even a different data center. If additional systems are tagged for the same workload the hypervisor automatically adjust its rules and allows those systems to communicate.
Micro-segmentation promises to be a way to finally add a thick layer of strong defense-in-depth without introducing yet another manual approval process, slowing down business, making the organization less nimble and breaking business processes.
The most common virtualization infrastructure, VMWare, provides micro-segmentation with their NSX platform and that’s the technology I will use for this discussion. But this gets even cooler when you learn that NSX is a platform built for integration with high tech security products like Symantec’s Data Center Security solution. Symantec is sponsoring this real training for free ™ session and will briefly show you how DCS integrates with VMWare NSX and Vshield to do some really cool things with virtualization security – including agentLESS anti-malware. Beyond agentless, it's really fast because instead of scanning each file each time each VM acccesses it, DCS does it once and caches the file’s status.
This is going to be an awesome technical security session. Please register now for this real training for free ™ event.