Microsegmentation has emerged as a leading tactic in our on-going struggle to better protect and secure networks from cyberattack, breach, malware, ransomware and a loss of system control. It has proven to be an effective process when used to secure workloads from Operational Technology (OT), Internet of Things (IoT), and other connected devices.
But what is microsegmentation? What is its goal or function in cybersecurity?
In a recent report entitled “Emerging Tech: Adoption Growth Insights for Microsegmentation,” Gartner notes that “microsegmentation is a form of isolation that limits the assets with which an endpoint can interact. Traditionally, a static set of rules is put in place that deﬁne other devices an endpoint (e.g., device, workload, container) can communicate with.”
Another definition of microsegmentation is “the process of creating zones within a data center or cloud environment to secure critical workloads.” It is a security method that allows network administrators to manage security policies and enforce Zero Trust standards, such as the principle of least privileged access.
For IT and cybersecurity professionals, Gartner says “the goal of microsegmentation is to isolate and protect a single endpoint, device, workload, or container by making identity the access key. Identity is a portable access key that is well-suited to digital transformation. As IT infrastructures continue to march to the cloud, the use of dynamic and portable identity as the main factor to determine access helps to simplify policy management.”
Onclave Networks is mentioned as a microsegmentation vendor in this Gartner report. If you are a subscriber, you can access and view the report by clicking here.
In response to the recognition from Gartner as a microsegmentation vendor, Don Stroberg, CEO of Onclave Networks said, “Our team has worked relentlessly to develop a solution that better secures enterprise networks and eliminates the OT/IoT attack surface. We think this report provides many great insights into microsegmentation adoption and trends, and we are pleased to be listed as a microsegmentation vendor.”
Technology leaders at large organizations rely on an exponentially growing number of Operational Technology (OT), Internet of Things (IoT), Internet of Medical Things (IoMT) and other connected devices for their daily operations. These devices share data and workloads over IT networks, but they are unsecured, unmanaged, and often cannot be seen by IT networks. This creates a significant vulnerability to the entire enterprise that needs to be secured. Today, microsegmentation is essential to achieving better network security.
How does Onclave use microsegmentation to secure OT, IoT and other connected devices?
In a typical, co-mingled network environment, you can see many systems and devices dependent on a single defensive perimeter for the network (see diagram below). This is how many networks are structured, but they are not secure from today’s cyberattacks.
To reduce a network’s attack surface, Onclave Networks uses secured point-to-point communications aggregated into networks with their own root of trust.
The Onclave TrustedPlatform™ identifies OT/IoT and other connected devices at the edge, and then cryptographically secures the segments. Each workload is effectively wrapped in a secure enclave with its own root of trust. This secures the workload as it travels on pathways, regardless of whether the network is on-premises and/or in the cloud. To the outside world, the workload is no longer visible. Since you cannot breach what you cannot see, this process of microsegmentation and cryptographic security eliminates the OT/IoT attack surface and prevents bad actors from exploiting vulnerabilities to gain access to the network.
“With technology professionals stressed by the rapid growth of OT/IoT devices and prolific cyberattacks taking place, microsegmentation is a viable solution that helps tip the balance of power back to them,” noted Stroberg. “Though there is no silver bullet in cybersecurity, we do believe that eliminating the OT/IoT attack surface significantly improves network security. Organizations can more easily manage security and focus their technology professionals where they are needed most.”
The Onclave TrustedPlatform also provides simplified internal management and automation of all identities, certificates, and trust keys without the need for special training, agents or additional staff, which helps to lower costs.