Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate
Almost every cybersecurity program these days does some sort of scanning, sandboxing or traffic examination to look for anomalies that might indicate the presence of malware. We’ve even reviewed dedicated threat-hunting tools that ferret out malware that’s already active inside a network.
However, what if there were a different way to approach security? Instead of searching for behaviors that might indicate a threat, what if you could define everything that is allowed within a network? If every process, application and workflow needed to conduct business could be defined, then by default everything outside of those definitions could be flagged as illegal. At the very least, critical programs could be identified and all interactions with them could be tightly defined and monitored.
It’s a different way of looking at security, called segmentation.
One of the advantages of segmentation is that if properly deployed, it can almost reestablish a perimeter type of defensive footing, which has all but evaporated from traditional networks and never really existed in the cloud.