Modern Microsegmentation for Modern Threats

By John Grady, Senior Analyst
DECEMBER 2021

Abstract

The concept of microsegmentation is not new but has risen in importance as applications and workloads have become increasingly distributed. Yet while microsegmentation can support both security and business initiatives and is a critical component of zero trust strategies, it is not currently used by most organizations. To foster broader adoption, solutions supporting microsegmentation must be easy to use and straightforward to deploy, generating accurate automated policy recommendations. This requires deep behavioral analytics across all workloads. TrueFort delivers these attributes through intelligent workload segmentation capabilities as part of its platform for implementing a complete zero trust protection strategy for application workloads.

Despite Its Importance, Microsegmentation Is Not Widely Employed

Enterprise application environments are more complex than ever. While cloud adoption has become nearly ubiquitous, most organizations continue to support applications across both cloud and on-premises infrastructure. In fact, 48% of ESG research respondents currently use a hybrid cloud model, and 27% are planning to adopt one in the next 12-24 months.¹ Additionally, application architectures have become increasingly heterogeneous. While the usage of containers and serverless functions continues to grow as organizations shift toward cloud-native models, many applications continue to run on virtual machines and bare metal servers.

This architectural and location flexibility has certainly helped development teams become more agile and efficient. However, security organizations have struggled when attempting to apply traditional security strategies reliant on static trust boundaries, point-in-time visibility, and manual processes to these modern environments. As a result, zero trust strategies have seen heightened interest as an avenue toward modernizing cybersecurity to address these challenges more effectively.

Among the core tenets of zero trust strategies are enforcing least-privilege and ensuring that entities are only able to communicate with other entities or resources required to perform their function. In the context of application security, this requires granularly segmenting the workloads that comprise enterprise applications. While supporting a zero trust strategy is an important high-level goal, microsegmentation can address more specific business and security use cases as well, including:

• Preventing lateral movement. Attackers increasingly exploit the fact that resources are distributed, which can reduce visibility and make threat detection more difficult. According to ESG research, 27% of organizations indicate that they have experienced cybersecurity incidents from malware that moved laterally to cloud workloads.² Microsegmentation can help prevent threats that do slip through initial defenses from compromising additional systems and establishing persistence.

• Accelerating cloud migration. The pace of innovation has increased, and many organizations have prioritized digital transformation initiatives to improve resiliency and become more operationally efficient. In fact, ESG has found that 85% of organizations have accelerated the number of on-premises applications and workloads that are cloud candidates as a result of the pandemic.³ Security teams must enable these programs while at the same time ensuring critical resources are protected. Microsegmentation solutions provide visibility into workload relationships and behaviors that allow organizations to ensure application dependencies are maintained and policies correctly applied as resources are migrated to the cloud, without impacting availability.

• Ensuring compliance. The regulatory environment continues to expand, with data privacy being a key focus. According to ESG research, 38% of organizations say new data security and privacy regulations are one of the biggest reasons IT has become more complex.⁴ Microsegmentation can help fulfill compliance requirements by reducing the scope of resources subject to regulations and more efficiently providing visibility across the environment during the audit process.

• Improving incident response efficiency. With the rise of ransomware attacks, organizations must respond to incidents quickly and efficiently to prevent business disruption. In fact, 29% of ESG research respondents indicated that improving mean time to respond to threats was a top area of focus for improving their organization’s overall security.⁵ Microsegmentation can quickly quarantine infected assets to prevent attacks from spreading once remediation efforts begin.

Yet despite these benefits and the fact that microsegmentation solutions have been available for a number of years, the practice has not been widely employed. Specifically, ESG research has found that only 36% of organizations use microsegmentation today.⁶ Further, of those who do currently use microsegmentation, only half report using it across all or most of their environment.

Deployment Flexiblity, Ease of Use, and Deep Visibility Are Critical for Microsegmentation to Be Successful

The reasons that microsegmentation has not been adopted more broadly can vary from one organization to the next. Product limitations such as solution complexity, expense, and the potential to break application dependencies are often cited as reasons to forgo microsegmentation. Yet while these concerns may have been valid in the past with regard to the first generation of microsegmentation solutions, there are capabilities organizations can look for to alleviate these issues. In fact, ESG research has identified 10 key attributes microsegmentation solutions should have to effectively support the broad set of use cases discussed earlier (see Figure 1).⁷ Broadly, these can be grouped into one of three categories:

1. Deployment flexibility. To protect the heterogeneous application environments most organizations now support, microsegmentation solutions should address not only public cloud and on-premises locations, but cloud-native application architectures such as containers. This typically requires support for both agent-based and agentless deployment models. Additionally, microsegmentation solutions must support modern application development practices by integrating with CI/CD tools and providing usable application data to developers to help them proactively secure their applications.

2. Deep visibility. At its core, microsegmentation is about visibility. Identifying and mapping application relationships and traffic flows is critical but may not paint a complete picture. Visibility at the application layer and into application processes and related services identities can provide important context into application behaviors, which is necessary to detect anomalous activity. This visibility should be augmented by analytics capabilities to baseline normal behavior and assess trusted communications. Further, the ability to overlay vulnerability information to highlight the attack paths that present the highest risk to the organization can help security teams accurately prioritize their mitigation and remediation actions.

3. Ease of use. Because microsegmentation strategies expand from the idea of a single, defined trust boundary to an exponentially larger number of micro-perimeters, automation is critical. Based on visibility into application relationships and behavior, microsegmentation tools should automatically recommend policies; do so through an intuitive, easy to use management console supported by strong visualization capabilities; and dynamically update policies as the behavior or trustworthiness of applications and workloads change.

Figure 1. Key Microsegmentation Attributes

What are the most important attributes in a microsegmentation solution? (Percent of respondents, N=220, multiple responses accepted)

Source: Enterprise Strategy Group

TrueFort Uses Deep Behavioral Analytics to Deliver Intelligent Workload Segmentation, Supported by Integrations with CrowdStrike Falcon

TrueFort was founded by IT and security executives with extensive experience protecting some of the leading Fortune 500 financial services firms. This unique perspective into the threats facing these organizations and the challenges in efficiently responding to them led to the development of the TrueFort platform. Truefort unifies capabilities supporting visibility, control, and response, helping organizations modernize security for their application environments by incorporating zero trust strategies.

TrueFort can be deployed in on-premises data centers, cloud, hybrid, and containerized environments, as well as in a TrueFort hosted version of the platform. TrueFort’s approach to microsegmention is based on a deep, comprehensive understanding of the behavior of application workloads. The platform uses machine learning and advanced behavior analytics to assess 160 unique application runtime parameters and build a complete view of applications and workloads across cloud and on-premises environments. These inputs are used to develop an Application Trust Profile for each application and workload, which is continuously updated and used to determine which behaviors should be authorized and which fall outside the baseline and should trigger an alert or be automatically blocked. These recommendations can then be automatically deployed to enforce microsegmentation policies, which are updated in real time based on changes to application behaviors, vulnerabilities, or threat profiles. The result of this approach is more accurate segmentation policies, helping organizations reduce time to value, limit errors and the resulting negative business impacts, and lower ongoing operational costs.

TrueFort’s approach to microsegmention is based on a deep, comprehensive understanding of the behavior of application workloads.

Integration with CrowdStrike Falcon

TrueFort supports deployment flexibility by allowing organizations to use the lightweight TrueFort agent or utilize agents of technology partners to take advantage of existing deployments. This partner ecosystem was recently expanded through a platform integration with CrowdStrike, which enables customers to enforce microsegmentation policies managed by TrueFort, through CrowdStrike Falcon agents. Telemetry collected by CrowdStrike Falcon is automatically and continuously fed to the TrueFort platform and used as an additional input into the Application Trust Profile. Customers can then choose to automatically generate microsegmentation policies that are sent back to the Falcon platform and enforced through the native firewalls on host servers. By enabling organizations to use already deployed agents to support microsegmentation initiatives, TrueFort can help customers significantly reduce time to value, improve security, and accelerate their journey to the cloud.

The Bigger Truth

Application environments have changed dramatically since the first microsegmentation tools were introduced ten years ago. Environments are more distributed and dynamic than ever, microservices-based architectures are commonplace, and attackers are more motivated than ever before to target these valuable resources. For all these reasons, microsegmentation should be a critical component to every organization’s zero trust application security strategy—and yet it remains underutilized. This is not because organizations struggle to see the value microsegmentation can provide, but because many microsegmentation tools do not have the capabilities required to effectively protect modern environments. TrueFort’s intelligent workload segmentation provides a new approach to help organizations improve their application security posture. When coupled with CrowdStrike Falcon, organizations gain flexibility, additional telemetry, and improved time to value.

Protect critical applications and say goodbye to APTs with TrueFort

LEARN MORE

DOWNLOAD PDF REPORT

This ESG Showcase was commissioned by TrueFort and is distributed under license from ESG.

¹Source: ESG Research Report, Network Security for Cloud and Data Centers, to be published.

²Source: ESG Master Survey Results, The Maturation of Cloud-native Security: Securing Modern Apps and Infrastructure, un 2021.

³Source: ESG Master Survey Results, 2021 Technology Spending Intentions Survey, Dec 2020.

⁴ibid.

⁵Source: ESG Master Survey Results, The Impact of XDR in the Modern SOC, Feb 2021.

⁶Source: ESG Research Report, Network Security for Cloud and Data Centers, to be published.

⁷Source: ESG Master Survey Results, Network Security Trends, Mar 2020.

All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.

Enterprise Strategy Group | Getting to the Bigger Truth™

Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.