Would you trust network security compartmentalization?

July 26, 2017

Compartmentalization in cyber security is exactly what the term lets us assume it would be. In order to reduce risks, experts employ a smart firewall and divide users into categories. Nevertheless, at this year’s RSA conference multiple vendors discussed a different type of compartmentalization.

Due to the fact that the classical, user-types based model, “started to show its age”, this rejuvenated version emerged and is pushed compartmentalization in the hot cyber security pool again.

Although upon search, there is not much to go by (available) in the online environment, we will try to explore a few elements. For example, what is new in this 2017 model of compartmentalization? Or how does this model differ from segmentation?

How does modern compartmentalization look like?

As the source quoted above mentions, we can visualize modern compartmentalization as a honeycomb. Each cell represents a network compartment, and in this new vision, there is just one trusted cell. While in the older view, the inside network counted as one (trusted) element, while the external network represented the element of risk, the new representation lets go of this binary structure.

It is only logical to do so, since in our times no company can trust its internal network – not by default, anyways. With BYOD, shadow data and shadow IT, insider threats and various malicious attacks that have proved once and again how easy it is to penetrate the official border between external and internal, enterprises need a new approach.

What is the downside? All those who have employed classic compartmentalization can take a guess, Yes, it all has to do with slowing down the network and the network operations. So far, the vendors cannot guarantee a way of bypassing this unpleasant secondary effect.

Of course, security over speed could matter in theoretic terms, but in the fast-paced business world fastness is essential. Even the security specialists doubt that company executives would go for cyber security to the detriment of data traffic.

Short recap – where does compartmentalization originates from

Let’s put compartmentalization another way. It is the technique of limiting the access to information, in relation with the need-to-know considerations. And yes, the method originates from military and intelligence operations, where strategists employed it in protecting classified information, regardless of its support.

By keeping the big picture separated into small bundles (of data), the incumbent risks lowered. Yet the entire strategy counted on the right preliminary information on who needs to know what. Also, on precise information regarding the limits of each “compartment”. In the current digital environment, modern tech just pushed these limits in complex ways. Companies, as we’ve mentioned before, cannot count on the classic limits. Assuming the on-premises network is safe when in fact you have not acknowledged various connected devices is a big mistake.

Compartmentalization, between the classical formula and segmentation

As we have mentioned above, classical compartmentalization involves dividing users into categories. It also works with the assumption that the internal network is safe, while the external one is not.

Modern compartmentalization divides the internal network itself into different categories, security-wise. This way, users can act within the boundaries of their network category. The monitoring and threat detection operations take into consideration the different regimens.

The concept of “enclaves within the organizations’ larger network” is specific for network segmentation. At this point we are a bit confused – again.

In fact, in network security, all protection measures form an unitary shield. Although pertaining to different subdomains, the various ways of putting into practice compartmentalization/segmentation need to integrate seamlessly.

Enterprise cyber-security tries to keep up with the modern threats. When it comes to networks, we have the network itself, and then we have the users, Cyber attackers can target the network, or they can take it one step at a time and compromise user accounts. Due to the fact that restrictions lose their power once the connectivity changes its shape, specialists need to cover all vulnerabilities somehow. That is why a double (or multiplied) threaded protection emerges.

Big solutions or clever hacks?

It goes without saying that big organizations should go for the big solutions, when cyber-security is concerned. No point in risking gaps in their cyber-security defense with a less-than-unitary network protection tool.

Nevertheless, what happens with smaller organizations? Of course, there are many elements to consider, from budget versus needs, compliance requirements, to others. Should they go for the modern solutions, compartmentalization being one of them, or not? Presuming that the answer to this question is the only deciding factor that tips the scales – they should, whenever possible. Since the future, if not present risks, are not ones to be taken lightly, always go for the strongest solution.

Until then, there are also clever hacks that you could implement in your organization. For example, an extremely simple preventive measure consists of changing the default name of the admin account. As an online source mentioned, no cyber attack can go for the admin account if it cannot identify it.