Preventing Lateral Hacker Movement with Crypto-Segmentation

Preventing Lateral Hacker Movement with Crypto-Segmentation

Corporations increasingly realize the need to align their security practices with their business priorities. Crypto-segmentation is a new approach to protecting applications and the data they access from hackers who have become adept at penetrating corporate systems.

Cybercriminals are well rehearsed in finding ways inside of corporate networks. It’s not new territory, nor is it a hard task for them to achieve. After easily bypassing firewalls, hackers are able to move laterally from application-to-applications until they find the most sensitive and valuable data. Overcoming this security challenge is one of the biggest tasks facing information security managers today.

Micro-segmentation is a technology that technology advisory firm Gartner has identified as one of the must-haves for enterprise security in 2016. Crypto-segmentation is a form of this that works by cryptographically isolating workloads and encrypting network traffic end-to-end, therefore preventing lateral hacker movement and keeping data secure.

Cypto-segmentation protects applications and data by isolating individual applications and granting access only to authorized users based on business rules and authentication policies. This makes lateral movement across applications impossible, thus isolating hackers from doing extensive damage throughout a corporate environment.

Software-defined, cryptographic segmentation techniques allow:

  • Security teams to base segmentation on business applications and grant access based on user roles, which can be easily put in place as crypto-segmentation operates at the application layer, rather that the infrastructure layer.
  • Breaches to be contained even when the attacker is an insider, since no one – not even administrators with authorization credentials – have the ability to access all of the segments. Any reconfiguration of the crypto-segmentation policies refreshes key and actions gets recorded in an inalterable log.
  • Attacks to be prevented and damage mitigated as attackers realize that breaching an organization’s security won’t yield their desired results.

Cryptographic segmentation certainly requires a new way of thinking. While organizations have worked hard on creating robust security strategies, with security experts across the globe now recommending a containment policy based on clearly defined infrastructure segments, it is time to make the change.

Discover how Masergy is working with Certes Networks’ CryptoFlow Platform to deliver WAN Encryption to your managed WAN.

About David Venable

VP, Cybersecurity, Masergy
David Venable, Vice President of Cyber Security at Masergy Communications, has over 15 years experience in information security, with expertise in cryptography, network and application security, vulnerability assessments, penetration testing, and compliance. David is a former intelligence collector with the National Security Agency, with extensive experience in Computer Network Exploitation, Information Operations, and Digital Network Intelligence. He also served as adjunct faculty at the National Cryptologic School.