Manufacturer Establishes Micro-segmentation Strategy to Address Risks of Flat Network
Challenge
A large manufacturer relies on more than 2,500 applications to maintain its position as an industry leader. With the applications residing on a flat network, the manufacturer knew that it was exposing itself to risks. If bad actors penetrated the network, they could easily move through the data center to find applications that handle sensitive customer information, intellectual property and production processes.
The company needed help sorting through its complex application ecosystem to limit access to bad actors. They had decided to micro-segment their network — grouping applications and applying security policies based on risks — but didn't know where to start. The manufacturer turned to WWT for help.
Solution
Identifying the right application
The first piece of the puzzle was to quantify application risk. WWT evaluated each of the organization's applications based on factors like the type of data they used, how they were accessed and how they related to critical business operations. From there, they grouped like applications and developed a risk scoring system.
The next step was to zero in on an application that would be a good candidate for piloting a micro-segmentation solution.
The trick was finding a middle-ground between the highest and lowest risk applications. Segmenting one of the highest risk applications could disrupt the business if a pilot was unsuccessful. Alternatively, one of the lowest risk applications likely wouldn't share the same characteristics of the majority of the organization's applications, making a solution hard to scale.
WWT ended up selecting a customer-service application that accessed the same systems and infrastructure as about 60 percent of the organization's total applications. If the pilot was unsuccessful, customers could still receive service in other ways. If it was successful, they would know that the micro-segmentation solution would protect much of the company's application footprint.
Selecting the right technology
Once an application was selected, it was time to decide which micro-segmentation solution made the most sense for the organization. With so many solutions on the market, the manufacturer needed unbiased guidance evaluating different products.
WWT consultants created a solution assessment and alignment tool based on the needs of the organization. Consultants aligned segmentation controls outlined in NIST 800-53 to NIST 800-171, the framework the company uses to control its sensitive data. This alignment pinpointed the micro-segmentation capabilities that would be the best fit given the manufacturer's existing security investments.
Consultants then presented six leading micro-segmentation vendors with a capabilities questionnaire based on NIST 800-53 segmentation controls, entering responses into the tool, which provided an alignment score. By seeing how each vendor scored, the manufacturer received an unbiased evaluation of solutions. After evaluating the results, the security team was most attracted to Illumio, but they wanted to understand management of the solution.
WWT has several segmentation labs in its Advanced Technology Center including the Illumio Segmentation Lab. Engineers were able to experience what it would be like to implement and manage the solution in a setting similar to their production environment before moving ahead with the pilot.
Results
The manufacturer has installed Illumio Control Center with agents on all of the pilot application's servers. The company's security team is now working on mapping application dependencies and applying appropriate firewall rules. Once complete, the team will turn on Illumio to ensure the application is only communicating with the servers it needs to, blocking bad actors who gain access to the application from moving to other parts of the data center.
With all of its applications scored, the manufacturer has standardized risk across its environment. This information will help them roll out the Illumio solution quickly once the pilot is complete.
While risk is never completely eliminated, the manufacturer is on a path toward confidently limiting the ability of bad actors to compromise critical resources.