Everyone has had to become accustomed to the phrase “social distancing” — the practise of using distance from others to minimise health threats. Inevitably, people have started using the analogy “digital distancing” to talk about similar ideas in information security. It’s not exactly new to use disease metaphors in infosec — we already talk about ransomware “infections,” for example. But with public health understandably in the front of people’s minds, let’s discuss “digital distancing” as one part of network defences.
Microsegmentation is an increasingly popular approach to enable digital distancing. As with social distancing, the basic concept behind microsegmentation is to limit as much unnecessary contact as possible. Most computers only need to communicate with a small number of other computers; otherwise, they can and should keep their “digital distance” from the rest of the network.
Microsegmentation functions like an allowlist for network traffic. Systems on the network can communicate only with the other systems that they need to, and only in an expected manner. These network segments have a parallel in the disease management concept of “social bubbles” — limiting contacts to a small group of necessary interactions. The digital version of this works by controlling the network traffic into and out of a given network connection.
Microsegmentation is among the best protections currently available to IT professionals against lateral — or east-west — spread of compromise when defending an organisation’s overall data estate. By limiting each system’s ability to communicate with others on the network, the chance of the digital infection spreading is minimised. Compromise can be further limited by selective use of quarantine: locking down compromised network segments completely, thus preventing spread.
This is in contrast to the “eggshell computing” model ..
Support the originator by clicking the read the rest link below.
