Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Is micro-segementation the right solution for campus security?
It is a well known fact that perimeter based security alone doesn’t provide sufficient protection against cyber-attacks. Therefore, security frameworks like NIST and MITRE ATT&CK™ recommend that it is sound security practice to assume that the perimeter defenses will be breached and to take appropriate actions to limit the movement of bad actors inside the organization.
However, it is impossible for organizations to restrict movement of bad actors inside the network due to presence of shared VLANs that allow free flow of information without the granular security controls. The attackers exploit this fundamental flaw by taking control of one of the devices in the shared network to carry out mass disruption by using campus devices as launchpads. This was one of the ways WannaCry and Petya Ransomware attacks propagated within enterprises.
If we want to stop the spread of breaches inside the enterprise campus networks and meet compliance requirements, the best approach is micro-segmentation implementation for campus LAN.
I’d love to get your thoughts and views on this topic. Please fire away..
You must be logged in to reply to this topic.