Zero Trust Network Segmentation for the Enterprise: What’s different?
For the last several years, if you heard the word micro-segmentation you would immediately think of a security solution deployed by customers in datacenter and cloud deployments. Micro-segmentation ensures that each workload has its own security perimeter, enforced by a security policy that granularly defines what and how other workloads can communicate with a protected workload.
Microsegmentation has now become a required security implementation, with the proposed security goal of preventing the “lateral movement” of a cybercriminal who has breached security perimeter and is moving across a customer’s sensitive data. Micro-segmentation in the cloud context ensures that communication between any two workloads is of least privilege, ensuring communication that is only required to run business processes. In doing so, it helps to prevent cybercriminals from exploiting open ports, processes and vulnerabilities that would enable them to move to the next critical stage in their cyber-attack.
Enterprise Need for Micro Segmentation
Increasingly, micro-segmentation is now becoming a critical preventive security strategy in the Enterprise. Pushed to the limits by Ransomware campaigns, enterprises are looking for new ways to combat the rampant proliferation of ransomware attacks. You have to look at the latest news reports on how a local hospital, municipality or national gas line has been the victim of a ransomware attack, encrypting the critical files used to run the business. Once infected with ransomware, these organizations are often extorted for millions of dollars in bitcoin before their files are released back with a provided decryption key. This has become an extremely profitable business model for cybercriminal gangs. Due to the anonymity of bitcoin payments, it makes ransomware one of the most effective cyber-attack strategies that can be used by cybercriminal gangs to generate income.
Zero Trust Micro Segmentation
Zero Trust Micro Segmentation addresses the need for segmentation in the enterprise. The power of ransomware is in its inherent ability to rapidly spread across the organization. The wider the spread of ransomware, the greater the pain inflicted to the organization which can often lead to quicker payment. What enterprises need is a defense-in-depth approach that includes endpoint malware detection for prevention and Zero Trust Micro Segmentation for containment. First, all devices should have a malware detection system installed from a leading EDR or EPP vendor to detect the presence of a ransomware file on the device. This mitigates risk from users clicking on malicious phishing emails or browsing to questionable websites that may inadvertently lead to the download of ransomware files. Second, Zero Trust Micro Segmentation should be implemented across all enterprise devices, ensuring that if ransomware does slip by malware detection system, it is firmly contained within the security perimeter established around the infected endpoint. This prevents the lateral spread of ransomware, mitigating the organizational wide damage originally intended by the cyber-attackers.
Traditional Security is Defenseless against Ransomware
Security vendors are responding with these ransomware attacks with their own security products trying to sell more products, services and consulting to their customers. And yet ransomware attacks continue unabated, with no signs of slowing down. In part, much of the reasons why traditional security solutions don’t work is they don’t focus on how ransomware structurally operates that enables them to propagate freely, expanding their attack reach. Most ransomware varieties seek out open ports that they can use to propagate across to other endpoints and servers. Once infected, it represents an additional infected device as part of their attack campaign, increasing pressure on management to pay ransomware.
Ransomware Attack Surface
Structurally, enterprise networks that have open ports that enable free communication between endpoints and servers to ensure smooth business operation, represent a ransomware attack surface. The state of existing enterprise network architecture is widely understood by cybercriminals, who can exploit open network communication to stage successful ransomware attacks. You can think of an open enterprise network architecture as an organization ransomware attack surface. Open and unrestricted ports that allow free communication to a print server or access to sensitive documents are great for organization collaboration but creates a critical blindspot that can be used by cybercriminal to hold an entire organization to the whims of cybercriminal gangs.
The Airgap’s Zero Trust Anti-Ransomware Approach
Airgap is redefining how enterprise network architecture operates, preserving critical communication between endpoints and servers, ensuring smooth business operations but with security guardrails at each device that ensure least-privilege communication. A device should only communicate with other devices that it needs to without be exposing ports that are never used to run business operations.
Airgap Ransomware Kill Switch – Stopping Ransomware in its tracks.
The Ransomware Kill Switch provides organizations a powerful security mechanism to quickly redefine the communication level of each device to communicate with other devices. This can provide a surgical way to limit the blast radius of initial ransomware attack. When an enterprise endpoint is infected with a ransomware, security teams can quickly limit that infection from spreading to other endpoints and servers with the organization. Via Airgap’s “one-click” and API automation feature, security teams can isolate an infected end-device, preventing infection spread and buying time for incident response teams to remediate and clean the endpoint before it is released back into the enterprise network.
For more information or a demo, follow the link at https://airgap.io/ransomware-kill-switch/
Airgap Networks is proud to be a sponsor at Black Hat 2021 USA + Virtual. We look forward to meeting you in person at Booth #IC34 and have a deeper discussion on your Ransomware Readiness use cases.