Network microsegmentation as a protection strategy: expert analysis of Akamai's solution in the article magazine “Networks and Business” from Anton Nikitin, Senior Cybersecurity Engineer SEETON (SEETON GROUP LLC)
Every day, attackers are finding new ways to penetrate your network perimeter. Traditional defenses sometimes fail to stop the wave of sophisticated attacks using, for example, ransomware or zero-day vulnerabilities. The answer to these challenges is microsegmentation, a new approach to cybersecurity that divides the network into granular and isolated zones, stopping attackers in their tracks.
And among micro-segmentation solutions, Akamai Guardicore holds a special place - a tool that combines simplicity, intuitiveness, and functionality, ensuring the protection of your business operations and its cyber resilience.
What is microsegmentation and why does business need it?
Modern IT infrastructures have evolved into a complex hybrid of on-premises data centers, cloud services, virtual machines, and containerized environments. This diversity opens up a number of opportunities for businesses, but at the same time expands the surface for attacks on a company’s infrastructure. Traditional firewalls can no longer guarantee 100% security, as the network perimeter is blurred, and every server or device is a potential entry point for
attackers.
Microsegmentation solves the above problems by dividing the network into small segments with individual security policies, thereby protecting your infrastructure from so-called Lateral Movement. That is, when an attacker penetrates one segment, he cannot freely move further, and his activities will be blocked (Figure 1).
Fig. 1. Firewalls vs microsegmentation
You might say, “I segment the network using firewalls,” or, “I use VLANs for this.” And indeed, these approaches create a certain level of isolation. But ask yourself: how many hosts, servers, virtual machines, or containers are in each of these “segments”? It should be borne in mind that when penetrating the company’s network, an attacker can potentially perform a lateral movement or damage all hosts within a given segment. In addition, firewall-level segmentation works literally at the network/transport layer, using only a port and an IP address (in some cases, also a protocol/application, provided that an NGFW is used).
But let's assume that segmentation can be implemented not at the host-to-host level, VLANs, or based on IP addresses and ports, but much deeper - at the level from a single process to another process, even if they are on different hosts, in different subnets, or data centers.
This is how Akamai Guardicore works, which we will talk about below.
How does Akamai Guardicore work?
Imagine a detailed map of the company’s IT infrastructure containing all communications between hosts in the format: server-1 communicated with server-2 on port 443 by running the curl.exe process as administrator on server-1 to communicate with the nginx service deployed on server-2. Interesting, right? You can immediately see the level of detail in the information compared to the classic segmentation approach. For example, Fig. 2 shows the communication of the lsass service on the Jumpbox-win-4 server with services on the DC-01 server. It is worth noting that you can control these communications using any of the attributes (process, port, hostname, IP-address, protocol, user, etc.)!
Fig. 2. Example of communication visualization in Akamai Guardicore
Fig. 3 shows an example of detailed information about communication between two services.
“Service-level segmentation? ― Yes. ― Identity-based segmentation? ― No problem. Network map visualization? ― Easy.” That’s how Akamai Guardicore works, collecting data through agents, network collectors, and integrations, including with cloud providers. This information is transformed into dynamic visualizations that allow security professionals to see everything: who is doing what and when on the company’s network.
Moreover, visualization is not just a map. Thanks to artificial intelligence, the solution offers ready-made policy templates that can be customized to meet business needs. Want to protect a critical application or stop ransomware? A few clicks and the policy is ready. Moreover, these policies are infrastructure-agnostic: they can be applied without complex changes or downtime in the company's network. Thus, Akamai Guardicore allows you to use both proactive (pre-microsegmentation) and reactive (isolation and incident response) approaches to network protection.
Why is this important for your business?
✔ Ransomware protection. Ransomware is a pain for today’s businesses. Akamai Guardicore isolates affected segments, preventing malware from spreading across the company’s network.
✔ Zero trust principle. Zero Trust is not just a buzzword, it’s a necessity. Akamai Guardicore enables you to implement this approach quickly and efficiently, ensuring that access is verified, granted, and controlled in accordance with company policies.
✔ Compliance with requirements. Akamai Guardicore solution ensures compliance with GDPR, HIPAA, and other regulatory requirements.
✔ Protection of key assets. Critical applications are the heart of any business. Microsegmentation segments and isolates them, creating a reliable barrier against threats.
✔ Secure cloud migration. Moving to the cloud is a security challenge. Akamai Guardicore provides continuous protection and visibility at every stage of the migration.
✔ Remote work security. In a world where employees work remotely, endpoint protection and access control are becoming critical. Akamai Guardicore solves this challenge.
✔ Replacing outdated network screens. Forget about internal firewalls. Akamai Guardicore offers a flexible and modern approach to internal network protection that goes beyond the classic approach to organizing corporate network security.
Unique advantages of the solution
Akamai Guardicore is independent of the company's infrastructure, as it supports a wide range of platforms - from legacy OSes and almost all Linux distributions to containers, as well as agentless deployment for, for example, IoT devices (printers, cameras, etc.). The solution can also be integrated with security tools such as SIEM, EDR, NGFW, etc. The solution has several deployment options - in the cloud or on-premises, with or without agents, which is ideal for any company's infrastructure (Fig. 4).
Fig. 4 Akamai Guardicore - a solution that works in any infrastructure
Additional Akamai Guardicore features
✔ Visualization of communications: Akamai Guardicore automates the discovery and delivery of a dynamic visual representation (map) of all applications and workloads at the process level with user account identification.
✔ Application segmentation and micro-segmentation: The solution map and interface for creating and editing policies allow you to fine-tune security policies for hosts and scan devices for suspicious activity that may indicate host compromise.
✔ Breach Detection ― includes multiple detection methods such as dynamic deception, policy-based detection, reputation analysis for files, IP addresses, and domain names. Additionally, Threat Intelligence Firewall provides policies to block malicious or suspicious IP addresses.
✔ Automatic analysis ― allows information security professionals to automate the prioritization of security incidents, thereby reducing the need for manual analysis using traditional tools.
✔ Incident response ― allows real-time isolation of hosts/segments, isolating the attacker or malware at an early stage.
And if you are interested in the Akamai Guardicore microsegmentation class solution and would like to try it out in your own infrastructure, write to us at cs@seeton.pro, and Seeton's Cyber Security team will assist you in testing and implementing this solution.