Dec 7, 2020
BrakeSec Sponsored Interview
with Nathanael Iversen
Questions, comments, and other
content goes here:
Illumio Nathanael Iversen BDS Podcast
of development and deployment of micro-segmentation
Where does segmentation fit into
your security strategy?
- Micro-segmentation is a preventive measure
deployed to create and enforce access at the workload layer. It
does not replace identity and access management (IAM), perimeter
firewalls, or patching but complements such solutions.
- Because traditional network segmentation is
done with network devices, it only works when the traffic passes
through that control point. Micro-segmentation, on the other hand,
shifts the enforcement point from the network onto the individual
servers and hosts. The means that segmentation policy can be much
more granular and can encompass all inbound and outbound traffic,
not just the traffic leaving a network zone, VLAN, or
- Micro-segmentation is a great deterrent for hackers. More
organizations are implementing micro-segmentation as an essential
part of a defense-in-depth strategy. According to a
of over 300 IT professionals, 45%
currently have a segmentation project or are planning
The keys to a successful
micro-segmentation deployment: As with
any security control, it’s important to balance the strategy of the
business with the need to secure it. There are several key
functions and abilities to consider to ensure your deployment goes
- Visibility with application context
- Scalable architecture
- Abstracted security policies
- Granular controls
- Consistent policy framework across your compute
- Integration with security ecosystem
There are three broad preventive
is controlling the ability to reach the device or target service
via the network. Clearly, if you cannot even get to the sensitive
data or application, then no amount of vulnerabilities will permit
compromise. Often terms like firewall, access control lists (ACLs),
VLANs, zones, and the like describe these capabilities. This
function is generally implemented by the network team or a
dedicated network security team.
second broad action available controls the ability to access a
device, data or service once you get there. This covers the entire
world of credentials, user accounts, permissions, authentication,
authorization, tokens, API keys, etc. If you get to the front door
of my house and it is locked, you can’t gain access unless you have
the right key.
third broad strategy addresses the fact that often malicious
behavior exploits some bug or weakness. So, if one can remove
vulnerable code, then in many cases, malicious intent can’t be
realized. This involves patching, replatforming applications to
stronger platforms, doing code reviews, and more.
is micro-segmentation? How long has it been around?
micro-segmentation be used in conjunction with other cybersecurity
tools? Like firewalls?
does micro-segmentation operate in different environments? How does
development and deployment differ in the cloud vs.
does a successful micro-segmentation deployment look
us about the common challenges people face in their
misconceptions do people have about micro-segmentation?
is the difference between having a proactive vs. reactive security
you explore the ‘cost’ of preventative cybersecurity in 2020? I.e.,
how much can your organization save by preventing breaches, vs.
paying off ransomware attackers? Or losing customer trust via a
does micro-segmentation adoption look like as we head into the new
is the future of micro-segmentation? Segmentation of database