Preventing Lateral Hacker Movement with Crypto-Segmentation

August 23rd, 2016

Corporations increasingly realize the need to align their security practices with their business priorities. Crypto-segmentation is a new approach to protecting applications and the data they access from hackers who have become adept at penetrating corporate systems.

Cybercriminals are well rehearsed in finding ways inside of corporate networks. It’s not new territory, nor is it a hard task for them to achieve. After easily bypassing firewalls, hackers are able to move laterally from application-to-applications until they find the most sensitive and valuable data. Overcoming this security challenge is one of the biggest tasks facing information security managers today.

Micro-segmentation is a technology that technology advisory firm Gartner has identified as one of the must-haves for enterprise security in 2016. Crypto-segmentation is a form of this that works by cryptographically isolating workloads and encrypting network traffic end-to-end, therefore preventing lateral hacker movement and keeping data secure.

Cypto-segmentation protects applications and data by isolating individual applications and granting access only to authorized users based on business rules and authentication policies. This makes lateral movement across applications impossible, thus isolating hackers from doing extensive damage throughout a corporate environment.

Software-defined, cryptographic segmentation techniques allow:

Cryptographic segmentation certainly requires a new way of thinking. While organizations have worked hard on creating robust security strategies, with security experts across the globe now recommending a containment policy based on clearly defined infrastructure segments, it is time to make the change.

Discover how Masergy is working with Certes Networks’ CryptoFlow Platform to deliver WAN Encryption to your managed WAN.

David Venable

David Venable, Vice President of Cyber Security at Masergy Communications, has over 15 years experience in information security, with expertise in cryptography, network and application security, vulnerability assessments, penetration testing, and compliance. David is a former intelligence collector with the National Security Agency, with extensive experience in Computer Network Exploitation, Information Operations, and Digital Network Intelligence. He also served as adjunct faculty at the National Cryptologic School.