Zero Trust, Microsegmentation, Whitelisting, Oh My…

Zero trust is a comprehensive approach to securing all access across your networks, applications, and environment.  Because applications are at the center of modern business, driving productivity and revenue; the protection of the entire application stack or workload is critical.  Organizations are deploying more workloads than ever before and running them in more locations across a diverse multi-cloud environment.  Traditional security approaches struggle to offer comprehensive protection, an issue that’s worsened by today’s hostile threat environment.  The “Trust nothing, verify everything” Zero-trust approach to enterprise security becomes necessary, not optional.

Today’s security teams need to think about secure access for APIs, microservices, or containers accessing a database within an application, no matter where it’s located–in the cloud, data centers, or other virtualized environments. They need to focus on how to segment access and identify malicious behavior to contain breaches and protect against lateral movement.

How does this get implemented in a meaningful way?   Zero Trust is an approach but just like many things “the devil is in the details”.  A common method of putting zero trust philosophies into practice is using microsegmentation and whitelisting.

Micro-segmentation logically isolates workloads in virtual environments by enforcing granular segmentation policies. It allows specific communications to occur while denying all others.  Commonly referred to as zero trust, or whitelisting, this method gives workloads significant protection from attacks. Microsegmentation and whitelisting are key elements to add to your existing security protections.  They reinforce the secure boundaries that network firewalls provide, adding an additional layer of visibility and control into communication that take place within virtual, containerized, or cloud-based environments. Micro-segmentation provides granular control; traffic that is not expressly allowed is blocked, reducing attack movement from one compromised workload to another. With organizations allowing more customer and third-party access over a wide variety of devices to their applications and the critical data they contain, microsegmentation or whitelisting becomes important to be vigilant about security.  The days of focusing on detection are long gone – today’s modern business needs to focus on prevention.

A zero-trust approach doesn’t require a complete reinvention of your infrastructure. The most successful solutions should layer on top of and support a hybrid environment without entirely replacing existing investments.

So, what next – focus on gaining visibility into workload behavior and attack surface, then identify and respond to workload risks. Establish application micro-segmentation while enforcing policies across cloud and hybrid environments.

How can Cisco help? We have the tools with Cisco Tetration to provide a bridge to support your new business models.

  • Comprehensive visibility – To enforce zero trust principles, Tetration empowers your security and incident response teams with the visibility of everything going on in your network – and the intelligence and insight to recommend policy changes, versus the antiquated “analysis paralysis” model of too much information.
  • Automation – Leverage Tetration’s automation and Big Data security intelligence to keep your systems up and running and your policies enforced. Humans are not capable of keeping up with the volume of monitoring events necessary in today’s environment. Automate as much of your monitoring and threat detection as possible to save your human intervention for the critical issues when they are needed.
  • Understand application communications – Tetration’s complete visibility into application components, communications, and dependencies enables the implementation of a zero-trust model.  It integrates key CVE details on software vulnerabilities and exposures to reduce attack surfaces.

Adopting a zero-trust philosophy towards workload security enables security teams the ability to approach the problem in new ways.  With better visibility, automation, and a deeper understanding of application communications, this approach redefines the perimeter around expected behavior. Malicious activity, from initial compromise to lateral movement to data exfiltration, then becomes apparent and preventable.

For more information about Cisco Tetration and Cisco’s Zero Trust Solution, please see: