Illusive Blog June 3, 2020

Easier Security Management Across Segmented Networks

By Jason Silberman

Network segmentation—splitting up a network into smaller subnetworks—is a common practice, especially in large organizations. The benefits in segmenting networks include heightened network security, including better privilege management across different departments, isolating a successful attack (or other types of network failures) to a local network, and reduced attack surface, as well as better network performance through reduced congestion (fewer hosts in each subnetwork). Regulatory compliance can be a motivation as well. Additionally, previous mergers and acquisitions often necessitate that networks remain separate.

Generally subnetworks are divided from each other via firewalls, Access Control Lists and VLANs, with as little connectivity between them as possible. You can read more about network segmentation here.

This does sometimes present challenges to software providers in determining how to maximize coverage across the entire network environment, without requiring additional maintenance, slower and friction-filled deployment, inefficient and complex management, and higher ongoing costs. Furthermore, an added challenge is ensuring coverage as wide as possible without weakening internal network security controls, such as poking holes in a firewall.

At Illusive, we are proud that our Distributed Management capabilities help to alleviate some of those challenges.

Maximum coverage with reduced risk

The Illusive Distributed Management solution allows organizations with segmented networks the freedom to deploy one Illusive management server in a centralized location and deploy lightweight connectors in each segregated zone (i.e. each subnetwork), that allow coverage of the entire environment with minimal connectivity between zones. These connectors allow Illusive to operate across multiple network segments, such as zones, subnets and IP ranges.

Enterprises can leverage the advantages of the Illusive platform—credential and connection visibility and management, deception-based threat detection and attack intelligence—across dynamic ecosystems, but without sacrificing security protocols. No need to weaken firewalls or to grant additional privileges. We fully realize the benefits of, and reasons for, network segmentation and are proud that as security controls adapt and evolve to new needs, we are able to provide a solution to meet those needs.

Increased SOC and SecOps efficiency

We’ve written a lot on our blog about how SOC teams are under a lot of strain – already understaffed, they face a barrage of alerts and incidents to manage. When a cybersecurity incident strikes, the time it takes to analyze the situation can be the difference between significant business damage and a crisis averted. Having a unified single pane of glass to manage security operations is something that benefits not only them but the entire organization.

With efficiency, speed and ease of use being a key objective, Illusive Distributed Management eliminates the requirement for SOC and SecOps teams to manage multiple, separated Illusive systems. Deceptions, forensics and other capabilities are easily manageable, covering an entire network environment.

Read more about how Illusive increases SOC efficiency and view the on-demand webcast Save the SOC – How to Increase Investigation Speed, Efficiency and Accuracy.

Cloud-friendly network management

Another benefit of the Distributed Management capability is that it empowers security teams to more easily defend hybrid ecosystems, both on-premise and in the cloud.

Consider this example. A large multinational bank with a virtual private cloud (VPC) such as Azure VNET or AWS VPC would like to set up and manage the Illusive management server in the VPC, while providing unified defense coverage of endpoints, servers and other critical assets that live on-premise. Furthermore, they want to do so without opening many network connections between the cloud and the on-premise, which is considered risky from a network security perspective.

They have exactly that ability with Illusive Distributed Management. Illusive is easy to deploy and manage, included in segmented networks, and SOC teams are able to not only benefit from early threat detection, but also increase their investigation speed and efficiency. All the while, they are able to secure their cloud and on-premise ecosystems with confidence.

With Illusive, organizations can protect the business across hybrid ecosystems to stop malicious activity long before attackers can reach business-critical assets, and they can do this in a way that does not overburden the SOC and SecOpa teams responsible for managing and defending segmented networks.

To read more about Distributed Management, read this feature brief.

You can also Request a Demo with one of our security experts to review the Illusive platform and to discuss how we can help you with your security challenges.