What is ZTS?
As technology evolves with software and data moving to the cloud, there’s been a massive uptick in cyber attacks and data breaches that have occurred in 2022 alone. The hottest and most recent attack was from the Lapsus Hacking Group who took down a plethora of Uber’s internal tooling, and before that, almost 8,000 wallets of Solana Crypto Network were compromised leading to $6M stolen. It’s not an anomaly, but a trend, that attacks have been on the rise and it’s only going to continue to grow. Both public and private companies are running towards external security software to secure their networks as internal security teams are simply not scaled enough to handle attacks at larger levels.
This is where zero-trust security comes into play through the hands of companies like Palo Alto Networks, Zscaler, Illumio, and many more! The idea of zero-trust models is to eliminate any trust between workloads inside a network. In other words, no one trusts anyone, unless that trust is explicitly built. The aforementioned companies provide enterprise software to its customers and customers would then be able to visualize their networks and create explicit access policies to only allow communication between workloads that should be communicating.
Microsegmentation
Companies that utilize this security model usually end up creating a group of segmented networks, also known as, micro-segmentation.
Normally, all nodes in their infrastructure (Virtual Machines, Containers, etc.) have a single large shield encompassing them. However, this could pose a risk if someone were to break into that first layer – they’d have access to their entire infrastructure that quickly!
Microsegmentation tells us to create multiple embedded groups within that one large shield. The creation of those mini-groups would be based on which nodes require communication with other nodes. In other words, highly interactive nodes are clustered together to create many internal networks. In the case of an attack, even though the malicious attacker is inside the larger shield, he has to break through even more layers to be able to access specific nodes. This lets companies have extra time to identify attacks, monitor attacks, and stop lateral movement across their platform.
Creating Security Policies
Security policies are a set of rules which dictate communication between workloads. They tell each workload who it can talk to and who can talk to it as well. Let’s look into how companies of different sizes can create this set of rules.
i. Manual Setup
One of the more time-consuming methods of creating policy is to visualize your entire network, read the communication patterns for all your workloads, identify all the paths between each workload, and measure the weight of each path (how commonly is the path used?).
Imagine trying to do this for Amazon, for example. Their infrastructure is made up of countless services and it would take a very, very long time to create an efficient and valid set of rules. There is a very high risk for human mistake which could lead to some workload being denied communication with another workload even though they NEED to communicate. This led to the use-case of having policy automation.
ii. machine automation
Unlike humans, machines don’t make mistakes (I think). Most companies that provide segmentation services must also provide a graph or some sort of visualization in order for customers to view their networks and workloads.
The visualization graph maps all the workloads, their communication paths, and the groups containing workloads.
The policy engine can analyze this graph, model the trends, and create a set of allow/deny rules that would cater to the data.
Further Reading
If you found this blog interesting, you can read more about zero-trust security providers like Illumio, Zscaler, and Guardicore.
Resources
Illumio. “Micro-Segmentation.” Illumio, https://www.illumio.com/solutions/micro-segmentation.
“What Is Cloud Workload Segmentation?: Definition & Benefits.” Zscaler, https://www.zscaler.com/resources/security-terms-glossary/what-is-cloud-workload-segmentation.
About Illumination, https://docs.illumio.com/core/22.1/Content/Guides/visualization/illumination/about-illumination.htm.
Uberoi, Aditi. “Recent Cyber Attacks, Data Breaches & Ransomware Attacks: August 2022.” Cyber Management, https://www.cm-alliance.com/cybersecurity-blog/recent-cyber-attacks-data-breaches-ransomware-attacks-august-2022.