Blog

Utilizing intrusion detection systems and analytics to assure micro-segmented environments

Implementing the ZeroTrust Security Framework and micro-segmentation without impacting application performance and end user experience

Over the past couple of years, enterprises seem to be investing more money into cybersecurity countermeasures. In 2020, this spending trend in cybersecurity is continuing as CISO leadership increases their budgets for cybersecurity investment in years to come—and for good reason! According to ZDnet, “The average cost of cybercrime for an organization has increased $1.4 million over the past year, to $13.0 million, and the average number of security breaches in the last year rose by 11 percent from 130 to 145.” Yikes!

Just like cybercrime tactics, the move towards segmentation in the enterprise industry has evolved over the years. Complementing micro-segmentation, the use of a next-generation firewall ensures only trusted, allowed traffic and applications to have access to protect the perimeter gateway. Also, enterprises use next-generation intrusion detection systems (IDS) that bring less and less false positives. These next-gen IDS solutions also have increasingly more intelligence, less reliance on signature-based scanning, and more reliance on protocol analysis and anomaly detection.

On the other side of the field, ZeroTrust policies are based on who, what, when, where, why and how, and determines who can transit the micro-segmentation at any point in time, preventing access to your protected resources by unauthorized users and preventing the exfiltration of sensitive data.

ZeroTrust is only possible at Layer 7

Micro-segmentation has increased the ability to accommodate transformative IT initiatives such as cloud computing, infrastructure virtualization, and user mobility, and it is a significant trend that many enterprises are pursuing. This movement is aimed at better controlling the prevention of security breaches in their enterprise environments.

In a zero-trust model, all devices, networks and resources are micro-segmented; this allows custom-tailored individual access. Implementing granular micro-segmentation can be complicated to deploy and manage. In doing so, enterprises may find that their apps (public, SaaS, private cloud) may suffer when it comes to the performance and responsiveness of their applications.

Is the trade-off you get when using micro-segmentation for granular control access of WAN and LAN traffic flows (when implementing micro-segmented network access) worth the potential end-user experience impacts?

The trade-off made when micro-segmenting the network and applications can lead to unforeseen performance degradations. Accedian’s Skylight AI/ML predictive analytics capabilities, and next-generation IDS utilizing Skylight sensors, can provide micro-level detail and insight. This ensures performance and more intelligence into securing enterprises moving towards implementing micro-segmentation access for their network (branch, private, public, hybrid cloud) applications access.

Enterprises need to examine their performance when it comes to micro-segmentation. Here are a few example cases:

  • ZeroTrust access to public and private clouds
  • Using 3rd party networks as a proxy (CDN and caching) 
  • Identify and locate route paths issues when optimizing cloud resources
  • Find and target forward error correction (FEC) between network segmentation
  • Isolate packet replication issues 
  • Uphold visibility into intrusion detection and incident management

More enterprises are increasingly turning their investment towards next-gen network performance monitoring and diagnostic tools and techniques compared to traditional remediation approaches. Enterprise’ are doubling down to prevent incidents from occurring, and CISOs know that, ultimately, their goal is to reduce their impact as much as possible.

Today, CISOs know that “slow is the new down”

The Skylight solution provides enterprises the necessary tools to pinpoint and report details on performance- and security-related issues before they happen. Skylight helps maintain a high bar for network and application performance and network and application security posture that aligns with the enterprises’ goal when implementing a micro-segmentation solution such as ZeroTrust Security.

Skylight performance analytics efficiently monitors the network and application via a centralized management SaaS portal. Allowing traffic and application data to be processed, enhances network and application visibility, detect unknown threats, and supports compliance reporting.