Network segmentation is one of the defensive practices used by many enterprises to stop the spread of malware in the ecosystem. Servers and databases are grouped together by using network switches or firewall appliances, and separation is achieved based on the application requirements.
Network segmentation provides very rudimentary control over the malware. Typically the network segments are based on physical or virtual servers and consider layer 2 and layer 3 attributes. But malware can easily break such segments.
The next level is microsegmentation which segments based on server routing tables and the application’s layer 3 and layer 4 attributes like TCP or UDP port numbers. In such segmentation methods, one or more applications with large number of individual processes can be grouped together and segregated from each other based on certain behavior or routing policies.
Unfortunately, in recent times, many such deployments were breached due to uncertainty in the behavior of the applications or larger sizes of the micro-segments. Malware can easily attack and migrate laterally by exploiting application vulnerabilities. In all forms of attacks, the applications processes or databases are the target of attacks, so the protection is really needed for the application / database processes.
In this video for Help Net Security, Keshav Kamble, CTO of Avocado Systems, talks about the challenges, benefits and modern methods of microsegmentation.