Making a case that current approaches to IT security have proven largely ineffective, Unisys today launched a software-only version of its Stealth security solution based on a micro segmentation architecture.
Thanks to the broad availability of IPsec, Tom Patterson, vice president and general manager for global security solutions for Unisys, says it’s now feasible to apply a common approach to both digital and physical IT security. Making use of micro segmentation architecture, contends Patterson, will enable IT organizations to better isolate each piece of hardware. In the event of a breach, that device can’t be exploited to compromise the security of any other device on the network.
Patterson says IT security has historically focused on the application-centric approach to securing the IT environment. The challenge with that approach is that it is dependent on the skills of any given application developer to implement the right security controls. Given the number of high-profile breaches that now regularly occur, Patterson says it’s more than apparent how ineffective that approach really is. In contrast, by focusing instead at layer two and three of the network, Patterson says Unisys is making it possible to apply a software-defined approach to IT security anywhere across the extended enterprise.
Patterson says the shift to a micro segmentation approach to IT security requires organizations to put aside some of their traditional biases toward IT security. Instead of thinking in terms of an application construct, micro segmentation takes advantage of network virtualization and IPsec to isolate the underlying IT infrastructure in a much more granular way. When an attack is discovered, not only is it contained, information about the nature of that attack can then automatically be fed back to a security event information management (SIEM) that makes it possible to more readily identify that threat in the future.
While a micro segmentation approach to IT security may require adopting new approaches to how the network and overall data center are managed, given the current lack of success that most organizations are experiencing when it comes to IT security, it would appear the time may have finally come to try a fundamentally different approach altogether.