Airwall — Zero Trust Micro-segmentation

Definition from Network World:

Micro-segmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually. It’s aimed at making network security more granular.

“Where VLANs let you do very coarse-grained segmentation, micro-segmentation lets you do more fine-grained segmentation. So anywhere you need to get down to granular partitioning of traffic, that’s where you’ll find it,” says analyst Zeus Kerravala, founder of ZK Research.

The rise of software-defined networks and network virtualization has paved the way for micro-segmentation. “We can do things in software, in a layer that’s decoupled from the underlying hardware,” Kerravala says. “That makes segmentation much easier to deploy.”

Granular security, approaching whitelisting, where every authorized access from every device can be specified, can reduce the lateral spread of malware if a host becomes infected. This can dramatically improve network security and mitigate threats when all other measures fail.

The benefits of micro-segmentation have already been established by industry experts, government frameworks, and regulatory agencies like PCI DSS and HIPAA. But there can be challenges to deploying micro-segmentation: cost, complexity, and integrating with existing systems. Traditional tools like VLAN’s, firewalls and remote access solutions were not designed for such a granular policy approach.

Figure: Multiple private segmented overlay networks on a shared infrastructure. Micro-segmentation extends policy enforcement to individual endpoints which communicate over fully-encrypted tunnels that can eliminate most attack vectors.

But Tempered makes it easy and cost-efficient. We were designed from the ground up with zero trust in mind, using the HIP protocol. Our Conductor makes it simple to manage highly complex identity-based policies and specific each individual trusted connection across a large network. Networks can be secured over any IP infrastructure or protocol, including remote sites, WAN protocols and cloud providers, all the way to any endpoint.

19410 HWY 99 STE A #119
Lynnwood, WA 98036

(206) 452-5500

© 2022