Applications are becoming increasingly distributed across private and public clouds and run on various compute forms such as hosts and containers. These components require a reliable network infrastructure in order to communicate with each other. However, too many open pathways on the network increases risk and enables lateral movement of breaches.
Securing the communications between workloads can be difficult. Understanding application dependencies and determining which components should be authorized to intercommunicate is a burdening task which quickly becomes overwhelming when performed manually. The market has seen a sprawl in microsegmentation technologies which are designed to help organizations enforce granular, least privileged network access across their workloads. With the number of microsegmentation vendors, understanding the key capabilities of these technologies can be challenging.
Forrester recently released its Q3 2021 New Tech: Microsegmentation report, which helps security and risk professionals understand the capabilities of emerging vendors within major segments of the microsegmentation market and to inform their technology strategies.
You can download a copy of the Q3 2021 “New Tech: Microsegmentation” to read in full.
Palo Alto Networks is proud to be recognized by Forrester as a vendor for microsegmentation.
What is Microsegmentation?
Forrester defines Microsegmentation as, “an approach to network security where access to network resources is granted by defined policy, using established relationships between identities, and not simply placement within the network topology.” Or as we say, microsegmentation helps organizations protect against the lateral movement of breaches by enforcing least-privilege network access. Microsegmentation is also one of the first network approaches to Zero Trust.
What is Zero Trust?
A classic cybersecurity model is to build a strong, network-based security perimeter around the enterprise. Anything outside of the perimeter is untrusted, and anything inside is implicitly trusted. Zero Trust is a strategic cybersecurity approach that eliminates implicit trust and continuously validates every digital interaction. According to Forrester, Microsegmenting the network can achieve the Zero Trust result without the need to rearchitect.
Recommendations for Security and Risk Professionals
The report highlights key recommendations organizations should consider for their microsegmentation strategy. Palo Alto Networks has chosen to emphasize the following for an effective microsegmentation approach:
- Ease into microsegmentation deployment. Identify one or two noncritical use cases to start with, build confidence around segmentation, and demonstrate quick wins before tackling critical applications.
- Automate application discovery and policy suggestions. Forrester spoke with one client who attempted to do it by hand and after 18 months had only mapped 10% of their applications.
- Overcome the organizational attitude that “network infrastructure solves all problems.” This “everything is infrastructure” approach fails to recognize the accelerating business needs for increasingly complex environments and can create political roadblocks that take years to sort out, potentially vaporizing significant shareholder value in the process.
As an integrated Cloud Native Security Platform, we believe Identity-Based Microsegmentation from Prisma Cloud aligns strongly to these considerations.
To read the report in full, including further in-depth exploration of these best practices and recommendations, download your copy of “New Tech: Microsegmentation.”