Solutions
Complexity of Segmentations
Complexity of Segmentations
Security breaches and incidents are very common in data centres and now in the cloud.
Those incidents start on the perimeter and then move inside of the organization’s infrastructure or network. Segmentation or micro-segmentation can help to add an additional layer of security within the organization’s network. When the breaches occur having micro-segmentation in place can prevent the “lateral move” of attackers. The better we build the barrier of micro-segmentation the harder for attackers to jump from one VM to another. The same principle applies and, in the Cloud, as in the cloud organizations share the same underlay infrastructure with other customers that might be exposed to a breach already. Applying strong segmentation policies and mappings to the communication of the application come with a price, which is complexity.
Organizations use AutoNSX Solution to overcome the complexity of different types, which includes:
- Discover complexity: One thing is to create a single rule or policy but start addressing more complex environments with multiple layers of mid-tier and middleware make the life of the security team and application owner very complicated. In other words, policy complexity
- Implementation complexity: Once we addressed discover complexity with AutoNSX, the next natural step is to implement some hard barriers to the attackers and prevent “lateral” movement. The AutoNSX Solution allows the organization’s security team or in general IT staff to deploy micro-segmentation with a “blink” of the eye (only 4 steps to full application segmentation (link to vrni integration)). Without using scripts or manual work.
- Housekeeping complexity: After the organization implemented micro-segmentation, with help of AutoNSX, someone must continually update the policies and rules. AutoNSX detects if the is rule/policy duplication and alert the security engineer on such an event. In case there are new rules to be created the AutoNSX solution updates only necessary objects without disturbing traffic patterns. Orphaned objects are removed from the firewall.