Network microsegmentation is a security practice that involves dividing a large network into smaller, isolated segments, or microsegments, to limit the potential damage of a security breach. The goal of microsegmentation is to improve security by reducing the attack surface, limiting the spread of malware or other malicious activities, and providing a more fine-grained level of control over network traffic.
Microsegmentation can be achieved through various technologies such as network virtualization, firewall rules, creating smaller isolated segments and access controls. By creating smaller, isolated network segments, organizations can restrict network traffic and access, and better control the flow of sensitive data within the network. This helps to minimize the risk of data breaches and other security incidents, and to ensure that sensitive data is protected even in the event of a security breach.
Airgap Networks’ agentless microsegmentation places each endpoint into its own isolated network segment and allows only authorized communication between them. Microsegmentation is an integral part of Airgap’s Zero Trust Everywhere solution, contributing to our customers' zero trust security initiatives and frameworks.
MITRE ATT&CK Framework
The MITRE ATT&CK framework is a comprehensive knowledge base of adversary tactics and techniques used in cyber-attacks. It provides a common language and structure for describing and analyzing cyber threats and is used by security professionals, researchers, and organizations around the world. The framework includes information on various stages of an attack, from initial reconnaissance to the eventual impact on the target.
Each stage of the attack is broken down into specific tactics and techniques that an adversary may use. This information is derived from real-world observations and experiences and is intended to help organizations better understand the threat landscape and improve their security posture.
In addition to the main framework, MITRE also provides several resources to help organizations understand and implement the ATT&CK framework, including a matrix of techniques by platform, example use cases, and open- source tools for analyzing security events.
The MITRE ATT&CK framework describes the different stages of an attack by an adversary, which are:
- 1. Reconnaissance: The attacker gathers information about the target system and its users, typically as part of preparation for initial access.
- 2. Initial Access: The attacker gains entry into the target system or network.
- 3. Execution: The attacker runs code on the target system, typically with the intention of establishing persistence and escalating privileges.
- 4. Persistence: The attacker establishes mechanisms to maintain access to the target system, even after a reboot.
- 5. Privilege Escalation: The attacker elevates their level of access to the target system, beyond what was obtained during initial access.
- 6. Defense Evasion: The attacker takes steps to avoid detection and remain hidden on the target system.
- 7. Credential Access: The attacker seeks to obtain passwords, hashes, and other means of authentication for use in further attacks.
- 8. Discovery: The attacker seeks to gather information about the target system and its users, typically as part of preparation for lateral movement and data exfiltration.
- 9. Lateral Movement: The attacker moves from their initial point of entry to other systems and networks within the target environment.
- 10. Collection: The attacker exfiltrates data of interest from the target system.
- 11. Command and Control: The attacker establishes and maintains communication with systems they have compromised.
- 12. Exfiltration: The attacker removes data from the target environment.
- 13. Impact: The attacker's actions cause harm to the target organization.
How does Airgap Networks’ microsegmentation fit into this framework?
In a traditional network design, all devices and systems are connected to a single large network segment, which makes it easier for a malicious actor to move laterally within the network if they can breach a single system. Lateral movement refers to the process of an attacker moving from one compromised system to another to gain access to additional systems, data, and resources.
Airgap Networks’ microsegmentation fits into the MITRE ATT&CK framework as a mitigation technique for several tactics and techniques used by attackers. It involves dividing a network into smaller, isolated segments, with only authorized communication permitted between them. This helps to limit the scope and impact of a potential attack. By reducing the attack surface, Airgap Networks’ microsegmentation can prevent attackers from moving laterally within the network, making it more difficult for them to access sensitive data or systems. This can be particularly useful for countering tactics such as lateral movement and privilege escalation, which are often used in advanced persistent threat (APT) attacks.
Overall, network microsegmentation is a proactive security technique that helps organizations to prevent lateral movement within their networks, reduce the attack surface, and improve visibility into network activity.
Examples of network microsegmentation preventing lateral movement
Here are a few examples of how network microsegmentation has helped prevent lateral movement:
- Data center security: In a data center environment, microsegmentation can be used to isolate different parts of the network, such as web servers, database servers, and application servers. This helps to prevent lateral movement from one part of the network to another, even if a single system is compromised.
- Healthcare environment: In a healthcare environment, microsegmentation can be used to isolate medical devices, such as pacemakers and insulin pumps, from the main network. This helps to prevent attackers from compromising the medical devices and moving laterally within the network.
- Financial services: In the financial services sector, microsegmentation can be used to isolate critical systems, such as ATMs, from the main network. This helps to prevent attackers from compromising the ATMs and moving laterally within the network to reach other systems that may contain sensitive financial information.
- Government agencies: In government agencies, microsegmentation can be used to isolate sensitive systems, such as classified networks, from the main network. This helps to prevent attackers from compromising sensitive systems and moving laterally within the network to reach other sensitive systems.
- These are just a few examples of how network microsegmentation has been used to prevent lateral movement in different environments. The key point is that by dividing the network into smaller, isolated segments, network microsegmentation makes it much harder for attackers to move laterally within the network, and reduces the potential damage caused by a security breach.
Summary
Network micro-segmentation helps organizations achieve compliance with the MITRE ATTACK framework by reducing the attack surface, isolating sensitive assets, and providing fine-grained access control. By dividing a network into smaller, isolated segments, it makes it harder for attackers to move laterally within a network and gain access to critical systems. Micro- segmentation helps organizations meet compliance requirements by reducing the risk of cyber-attacks and mitigating the impact of successful attacks, while also making it easier to monitor and control access to sensitive data.