Sie sind an Cloud Computing interessiert? Legen Sie jetzt los

Dark background with blue code overlay
Blog

Lösung eines Makro-Sicherheitsproblems mit Mikro-Segmentierung

Charlie Gero

Verfasser

Charlie Gero

September 29, 2021

Charlie Gero

Verfasser

Charlie Gero

Charlie Gero ist VP und CTO der Enterprise Division bei Akamai und führt daneben die Advanced Projects Group. Aktuell konzentriert er sich darauf, die Edge-Forschung in die Bereiche Sicherheit, angewandte Mathematik, Kryptografie und verteilte Algorithmen zu integrieren, um Technologien der nächsten Generation zu entwickeln und so den wachsenden Kundenstamm von Akamai auch weiterhin zu schützen. Durch seine Arbeit bei Akamai konnte Gero sich fast 30 Patente auf den Gebieten Kryptografie, Kompression, Performance-Netzwerksysteme, Echtzeit-Medienverteilung usw. sichern. Er verfügt über Universitätsabschlüsse in Physik und Computerwissenschaft. Gero arbeitet seit fast 15 Jahren bei Akamai. Zuvor gründete er ein Startup-Unternehmen und bekleidete wichtige Positionen im Bereich Computerwissenschaft in der Pharma- und Networkingbranche.

Ransomware ist heutzutage überall. Die Verlagerung von Workloads in die Cloud und der Übergang zu Homeoffice-Arbeitsmodellen hat die Angriffsfläche noch erweitert und neue Möglichkeiten für Angreifer geschaffen. Unternehmen benötigen Zero‑Trust-Lösungen, die nicht nur Schutz vor Bedrohungsakteuren bieten, welche sich Zugang zu Unternehmenssystemen verschaffen wollen, sondern auch die Auswirkungen von Infektionen reduzieren, welche durch Schwachstellen entstehen.

Eine durchlässige Barriere

Those cracks are numerous and growing. VPN login credentials can leak, allowing bad actors to have unfettered access to an entire network. Social engineering attacks use convincing phishing emails with links to malware, leading well intentioned employees to accidentally expose company assets. Employees take their work laptops home, where they become infected while surfing the web, and then bring the malware into work when they plug into the network, facilitating a “sneakernet” attack behind the firewall. Advanced hacking groups infect the software supply chain, causing trusted enterprise software to become the launchpad for widespread breaches.  There are simply too many attack lanes to completely enumerate.

And it’s not just the number of ways an infection can occur that’s frightening. Ransomware tactics range from the simple to the extremely sophisticated, and are continually evolving to evade detection and bypass security controls. Worse yet, once inside, ransomware leverages the outdated notion of a trusted network perimeter to probe adjacent systems for vulnerabilities, known as east-west or lateral movement, to expand the infection from a single machine to large swaths of critical infrastructure within the network.

There are countermeasures designed to prevent these intrusions — strong identity and access controls, multi-factor authentication, secure web gateways, antivirus tools, and more. And, surely, these and other solutions are crucial elements in a Zero Trust security strategy. But the stark reality is that it just isn’t possible to plug all the potential cracks in the enterprise. At some point, there are diminishing returns in trying to create an impenetrable barrier. You need a strategy for protecting critical assets when ransomware breaches those enterprise defenses.

Multiple lines of defense

With its planned acquisition of Guardicore and its best-in-class network micro-segmentation solution, Akamai will be equipped to provide that protection. Guardicore complements Akamai’s industry-leading Zero Trust security solutions, providing multiple lines of defense against ransomware and other forms of malware.

Guardicore’s micro-segmentation technology logically divides the enterprise into distinct security segments, down to the individual software and workload level, with well-defined security controls for each. This approach addresses the problem of malware proliferating across the enterprise via east-west movement. Just as the waterproof bulkheads in a submarine prevent adjacent compartments from becoming flooded in the event of a hull breach, Guardicore’s micro-segmentation contains the “blast radius” from a malware attack, dramatically limiting its lateral spread.

The concept sounds simple, but achieving it is immensely challenging. That’s because modern networks are extremely heterogeneous and constantly changing. Virtualization, containerization, and other modern approaches for deploying software mean workloads are constantly migrating across boundaries within the data center and between the data center and the cloud.

Innovative, agent-based approach

To overcome this challenge, Guardicore employs an agent-based approach to segmentation. Agent-installed systems can only communicate with other agent-installed systems in the same segments or groups. Systems lacking agents are restricted to communicate only with other agentless devices and specifically chosen segments, separating them from high-value targets. This agent-based strategy greatly simplifies management while enabling very fine-grain controls, with a centralized, visual portal enabling quick and easy configuration of the segmented network.

Additionally, Guardicore’s agent-based architecture provides visibility down to the individual application level. With deep insight into all application interactions, across data centers and cloud environments, businesses can more fully understand their networks and workloads, from the core of the enterprise to the edge of the cloud.

As a result, breaches can be detected early on so that remediation is taken as quickly as possible. This combination of deep visibility and segmentation is what makes this solution so powerful.  And despite this level of sophistication and control, Guardicore makes configuring your segmented infrastructure simple, resulting in a highly secure solution with low total cost of ownership.

A holistic mitigation strategy

Minimizing the potential attack surface both outside and inside the enterprise is a pragmatic and holistic strategy for mitigating the threat of ransomware. Once the acquisition is finalized, by combining web application firewall, Zero Trust network access, DNS firewall, secure web gateway, multi-factor authentication, and now micro-segmentation, Akamai will be positioned to provide one of the most comprehensive and effective solutions for combatting today’s cyber threats. Combining end-to-end Zero Trust on both north-south and east-west traffic can provide defense in depth, without creating additional network management burdens.

Once Guardicore becomes part of Akamai, it will be great news for every business looking to minimize their risk — and bad news for cyber criminals.

Read the press release on the announcement. 



Charlie Gero

Verfasser

Charlie Gero

September 29, 2021

Charlie Gero

Verfasser

Charlie Gero

Charlie Gero ist VP und CTO der Enterprise Division bei Akamai und führt daneben die Advanced Projects Group. Aktuell konzentriert er sich darauf, die Edge-Forschung in die Bereiche Sicherheit, angewandte Mathematik, Kryptografie und verteilte Algorithmen zu integrieren, um Technologien der nächsten Generation zu entwickeln und so den wachsenden Kundenstamm von Akamai auch weiterhin zu schützen. Durch seine Arbeit bei Akamai konnte Gero sich fast 30 Patente auf den Gebieten Kryptografie, Kompression, Performance-Netzwerksysteme, Echtzeit-Medienverteilung usw. sichern. Er verfügt über Universitätsabschlüsse in Physik und Computerwissenschaft. Gero arbeitet seit fast 15 Jahren bei Akamai. Zuvor gründete er ein Startup-Unternehmen und bekleidete wichtige Positionen im Bereich Computerwissenschaft in der Pharma- und Networkingbranche.