What is Microsegmentation?
The idea behind Microsegmentation is to split a single corporate network into lots of multiple application/workflow networks that are separated by a firewall to achieve better speed and security. This process of having a dedicated microsegment also helps reduce the attack surface on a network and make the trust regions smaller.
Though this sounds great, it comes with a lot of complexities such as:
- a large number of policies
- requirement to know about applications, network and attack pathways
- complexity of maintaining so many networks
- difficult to manage the rules
What is Machine Learning (ML)?
ML can be divided into 3 parts:
- Data – collect data and process it into a useful form
- Algorithm – a way to explain the unknown data
- Objective – fill the unknowns to get the best explanation of data
How we can leverage Machine Learning to manage Microsegmentation?
Inherently, setting up right Microsegmenation requires a ton of data points and understanding of complex, high-dimensional data. And the machines are really good at these.
In our specific case, the definition of ML can be tweaked as:
- Data – monitor the network at the application level
- Algorithm – create a set of user-friendly rules
- Objective – account for the network traffic
First steps?
- Collect the data and find the high-priority applications (not usage)
- Protect each application incrementally
- Use human insight to amplify machine learning
Over a period of time, the algorithm will have enough data points to provide inferences from the network traffic to suggest which services we may like to disable for the public and keep them open only for the applications.