Segmentation: The Chokehold for Malware

Segmentation: The Chokehold for Malware

This past week, the world braced itself for WannaCry 2.0 when the Petya malware infected over 12,000 machines in around 65 countries, including the United States. News outlets stumbled through misinformation as security researchers worked diligently to uncover and report who is at risk, who started it and what security measures could have prevented it. And while the technical details have been resolved, there are still gaping holes including the attribution, the motivation (which was curiously not financial) and its actual name -- #Petya vs. #NotPetya. 

It’s interesting to see how closely mainstream media are paying attention to these types of attacks. One could consider this is due in large part to the frequency and severity of the breaches -- when a virus spreads across the globe, it’s difficult to turn a blind eye. Furthermore, these attacks have also opened the opportunity for increased education around the security industry as a whole --  i.e., which vendor promises what kind of solution to the growing problem. 

Take for example, the Wall Street Journal; a publication dedicated to breaking news at a national and global level. In a recent article titled “Petya Attack Brings Renewed Focus to ‘Segmentation’" published by Kate Fazzini, the newly appointed cybersecurity journalist brought to light the concept of segmentation -- formerly considered a rather technical concept but now becoming a main topic of discussion for C-level executives to understand. 

In the article, Fazzini does a great job defining the complex technology of segmentation through an analogy to physical security:

“If a company has locations in Afghanistan, for instance, employee physical security has a much different focus than at locations in the U.S. Access to facilities in a conflict region would be heavily restricted, with the ability to shut-off and contain employees within a building’s perimeter if necessary.” 

Network segmentation, similarly, will categorize data by risk and compartmentalize it. Rules are then made for each compartment based on the amount of security it requires and alarms sound for activity outside of those rule sets. It’s a different way of looking at security -- the approach that If every process, application and workflow needed to conduct business could be defined, then by default everything outside of those definitions could be flagged as illegal. 

Properly segmenting the entirety of an organization's IT infrastructure is a wise move that adds resiliency to the network. In the case of attacks like WannaCry and Petya that spread indiscriminately, if data in one compartment was affected, the borders around the other parts of the network could at least stop the spread. 

Over the past few years, C-level executives have learned about the “death of perimeter security” and segmentation is really the next chapter. As attacks increase in sophistication, frequency and magnitude, it behooves companies to undertake segmentation seriously, no matter how secure they think their perimeter is. When it comes to breaches, it not a question of if but when. Segmentation is undoubtedly a requisite part of the layered approach to increase security posture. If Titanic had been segmented properly from the damage inflicted by the iceberg, it might very well have survived with a happy ending for Rose and Jack.

Related Posts