Microsegmentation is an approach to security that places microperimeters around critical IT assets and sensitive data, controlling access to these elements through security policy. By only granting access to authorized users and business processes, microsegmentation can stop intruders from easily accessing IT elements during an attack — effectively limiting the spread and damage caused by attacks like ransomware.
What Are Zero Trust Networks?
Traditional defenses that focus on defending the network perimeter are no longer able to protect organizations and their data assets. In the past, this “moat and castle” strategy attempted to build strong external controls that would allow legitimate traffic through, while stopping attackers from accessing the network. It also assumed that anything inside the network could be trusted, while virtually ignoring threats and compromised assets within the perimeter. As a result, attacks that successfully landed inside the network could propagate easily through lateral movement and inflict considerable damage.
In contrast, Zero Trust networks — first outlined by Forrester in 2010 — assume that every user, device, application, and system is already compromised, whether it’s inside or outside the network. A Zero Trust approach requires everything to be validated before a request for access is granted. Rather than relying on a strong network perimeter, Zero Trust architecture places microperimeters around sensitive and critical assets to reduce the attack surface and prevent lateral movement.
When seeking to implement Zero Trust network security quickly and easily, powerful segmentation technology is key. That’s why more organizations today turn to Akamai.
How Segmentation Enables Zero Trust
Today, in a world where breaches are a matter of “when” and not “if,” Zero Trust networks require cybersecurity teams to assume that all activity is malicious unless they can prove otherwise. Every user, connection and device must be treated with suspicion — even if it resides within the network. That means checkpoints must be established within the network perimeter to improve defenses against an evolving threat landscape.
Microsegmentation is the key to establishing these internal checkpoints. To protect assets within a Zero Trust framework, microsegmentation tools must first identify the dependencies and communications that are required for a given IT environment. Then, security teams must create microperimeters around assets and set policies that limit activity to only those communications required for business purposes. Since there’s a danger that segmentation can bring productivity to a grinding halt, microsegmentation tools must deliver visibility into the performance of policies and not introduce friction into workloads. Microsegmentation tools should also enable security teams to monitor the effectiveness of policies and refine them to continually improve network security.
Building Zero Trust Networks with Akamai
Akamai Guardicore Segmentation delivers the microsegmentation technology that enterprises can rely on to move to Zero Trust networks with greater speed. Our software-only approach to segmentation is decoupled from the physical network, delivering a faster and more cost-effective alternative to firewalls. Built for the agile enterprise, Akamai Guardicore Segmentation also integrates deep visibility of the entire IT environment into its policy engine so you can create more granular policies with accuracy and certainty.
Akamai delivers the two essential capabilities for creating Zero Trust networks: visibility and segmentation.
Visibility
Our solution enables deep, process-level visibility that lets you find and identify all the applications and workloads running within your environment. Akamai Guardicore Segmentation also makes it easy to graphically map the dependencies between assets, which is essential for creating microperimeter groupings as well as accurate policies. Real-time and historical visibility into all transactions are captured by comprehensive logs, providing continuous validation that eliminates guesswork and exposure to risk.
Segmentation
Our technology allows you to rapidly deploy segmentation policies across dynamic environments and to manage them simply and easily on an ongoing basis. Our software-defined solution provides a more agile approach for segmenting networks and isolating applications than VLANs and internal firewalls. As a result, you can move to a Zero Trust architecture more quickly and with less complexity.
Akamai’s Zero Trust Principles
Akamai’s Zero Trust Network Access control solutions are built on a few high-level principles that support the requirements of Zero Trust networks.
All entities are untrusted by default
That means access permissions are only assigned based on a well-defined need. The access requirements of users, applications and data is continuously reviewed and revalidated. To make this process seamless, we use group permissions and then remove individual assets or elements from groups as needed.
Least-privilege access is enforced
A user is given the minimum levels of access — or permissions — needed to perform their job functions.
Control access at all levels
We require multi-factor authentication (MFA) for the network itself and for each resource or application.
Secure access to all resources
No matter the location or the user, our approach to Zero Trust Network Access requires the same level of authentication inside and outside of the local area network.
Comprehensive Security Monitoring
We use automation to review all the data from logs that are manually collected. Bots generate alerts to the right person at the right time when anomalies are discovered or when emergencies occur.
Frequently Asked Questions (FAQ)
Zero Trust is a security framework that assumes every user, application, device, system, or connection is potentially compromised and must be validated before giving access or remote access to IT assets. Zero Trust is a reaction to traditional network perimeter security where everything inside a network is assumed to be safe.
IT networks today may span a variety of technologies, including on-premises architecture and virtualized technology, as well as cloud and hybrid cloud environments. In this landscape, traditional network perimeter defenses are no longer adequate for defending against sophisticated cyberattacks. A Zero Trust approach and Zero Trust security model are especially effective at stopping attacks from spreading once they have breached the network perimeter.
Why customers choose Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away.