Securing Applications from the Perimeter is Painful at Best
Most of the technical security controls that your organization has implemented to protect your business applications reside far away from the applications themselves. They have been deployed in the form of a security perimeter between the Internet and your internal network. Organizations have experienced that trying to protect a broad range of business applications through such centralized perimeter controls is very difficult.
Think of launching a new application and asking the operations team to add related new rules to the existing perimeter firewall, which already has over 500 rules. More likely than not you will hit resistance, as the change request can be very complex and will take several days or even weeks to implement. Looking at this from another angle, lets take the example where an old application is being decommissioned. Very few organizations will even attempt to remove the corresponding rules from their perimeter security controls given the complexity and the risk of breaking access to other applications. The result in both cases is an inflexible and weak perimeter.
Implementing Application-centric Security Through Micro-segmentation
Protecting business applications in today’s dynamic environment requires a different model that complements existing perimeter security controls. Rather than continuing to add rules to a complex centralized policy, organizations can now move to a more application-centric model which allows you to wrap fine-grained security policies around each application; a model known as micro-segmentation or software-defined segmentation.
Catbird allows you to group virtual assets into logical zones representing your different applications or application tiers. For each logical zone, you can then define a multi-control security policy, including Access Control Lists, and an IDPS policy and vulnerability scanning policies. Unlike centralized perimeter policies, these micro-segmentation policies can be both simple and fine-grained.
Next time a hacker is able to breach your security perimeter he will be met with a second security layer, tailored to protect whatever business application they are targeting.