Microsegmentation in cybersecurity creates small zones within or adjacent to existing network segments to make it harder for malicious communications and activity to move throughout the network. By preventing lateral movement within zones protected by a firewall, network microsegmentation can limit the impact of external attacks, malware infections, and unauthorized internal user access. To be effective, microsegmentation requires visibility of all devices and communication in the environment.
Microsegmentation is one of the key principles for implementing Zero Trust network security. Even within an organization with a presumably secure perimeter, reducing network segments to the smallest possible size can sharply limit the ability of attackers and unauthorized users to move laterally through a network.
With security policies limiting access privileges by microsegment and real-time threat monitoring and response, microsegmentation can play an important role in protecting sensitive data, devices, and systems. These same practices can help organizations comply with strict data-protection requirements, including HIPAA in healthcare and PCI-DSS in card payment acceptance.
To get a sense of how microsegmentation can protect an enterprise, consider the URGENT/11 suite of VxWorks vulnerabilities. These vulnerabilities only target devices that traditional security agents can’t secure, and these devices often play critical roles in healthcare, manufacturing, and industry. The kinds of attacks that URGENT/11 vulnerabilities enable are also hard for some network solutions to detect.
Protecting devices running VxWorks requires identifying and patching devices as needed. Network segmentation is another best practice for placing a barrier between vulnerable devices and the internet. Because most affected devices aren’t internet-connected, another segmentation strategy to protect against URGENT/11 is “isolating vulnerable devices within a small subnet.” That way, even if another device on the local area network is compromised, malicious broadcast packets from that device can’t reach other devices that are protected within their own subnet.
The Armis platform identifies, assesses, and monitors every device in an organization’s environment. Armis also shows every connection among devices, including connections that pose security risks, such as communication through unauthorized channels and with high-risk devices. With this information, security teams can review, assess, and improve their network segmentation strategies.
Armis also supports automated enforcement of segmentation rules, including device blocking, quarantining, and segmenting based on the organization’s infrastructure, Network Access Control (NAC), firewalls, and switches. Enabling dynamic security with real-time remediation increases security team efficiency.