![Microsegmentation (noun) [Word Notes] - Hacking Humans cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F7679d512-da01-11f0-a669-c391d51185fc%2Fimage%2F441b0ca2db080b93b935568d381ce462.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1920&q=75)
Transcript
A (0:02)
You're listening to the Cyberwire Network powered by N2K. Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling, or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effort, transform complexity into simplicity, and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire.
B (1:34)
The word is micro segmentation. Spelled micro as in a smaller size and segmentation as in a division into separate parts. Definition A zero trust security technique that isolates application workloads from each other, allowing each one to be protected individually. Example sentence Micro segmentation prevented the attacker from moving to other systems within the network. Origin and context the idea of separating your digital assets based on need to know has been around since the Internet was young, early 1990s, long before we had the cybersecurity catchphrase of zero trust. In those early days we did that by running separate physical networking cables. One cable supported the normal day to day traffic of email and printing, and the other cable supported the network where the sensitive information resided. And as Rudyard Kipling said, and never the twain shall meet. As networking evolved, though, actual physical separation of cables became impractical. But we soon realized you could accomplish the same thing at the logical level, the network protocol level, with something called VLAN Virtual Local Area Networks invented by W. David Sinkosky and standardized by the IEEE in 1998. Essentially, you could tag network frames at layer two of the OSI protocol stack. Email and printing network traffic could write the same physical network as the sensitive information traffic, but did not interact with each other at the same time that we were all playing with VLANs. Research began on the concept of software defined networking open source software that separated the control plane and the data plane in routing applications. A lot of work went into that idea, but Stanford University began the standardization work in 2008 and by December 2009 the community released version 1.0 of the OpenFlow switch specification. This ultimately led to the idea of network Virtualization, a network management abstraction layer that decouples functionality from the underlying hardware and is essential to cloud environments and virtual machines in the data center. With virtual networking, then we could start to segment both of these environments at a much more granular level than we did with vlens. This is called micro segmentation, and it provides security architects with available segmentation capability that they can apply all the way down to individual workloads. With physical cable separation and VLANs, you can segment local area networks away from each other, but if bad guys got access to one, they could see everything on the network. With micro segmentation, they can limit exposure to only the workload in question. This is a powerful zero trust tactic. Nerd reference in December 2020, Illumio's CTO and co founder PJ Kerner compared micro segmentation to the physical compartments built into modern day submarines.