Control access to critical assets through adaptive micro-segmentation
Stop cyber threats by controlling the lateral movement of unauthorized communications across your computing environment.
Traditional segmentation technologies include Access Control List (ACL), internal firewalls and Virtual Local Area Network (VLAN) systems on networking equipment. However, due to the mobility requirements nowadays, these approaches become more costly and difficult to maintain. Elemental's software-defined access technology simplifies segmentation by dynamically grouping hosts and then automatically applying distributed traffic flow controls to enforce segmentation policies directly at the host level where data is generated and stored, all this without the complexity or cost of traditional approaches.
The Elemental Security Platform (ESP) is a solution that empowers organizations to deploy an access control framework that provides a highly granular micro-segmentation of the network that keeps potentially malicious activity in control. Elemental delivers a unique approach to managing communications that specifically focuses on providing policy-based access control to critical resources.
Dynamic Security Groups enable the logical divide of networks in security zones
"More than half of the thousands of elements in a typical network are changing constantly, people are revolving in and out of the organization at a rapid rate, and rogue machines, outsourcing and consultants constantly inject unknown risks."
Only Elemental's solution provides the automation necessary to keep up with the rapidly changing environment and real-world business context of enterprise networks. A key aspect of this automation is to dynamically group endpoints (hosts) based on common characteristics, such as networking behavior, configuration, registry settings, running processes, hardware or software inventory and more than a hundered other attributes.
As an example, even if you have a lot of servers in your network, you might only have one server susceptible to be affected by PCI-DSS compliance requirements, therefore ESP’s dynamic grouping will enable to only target that server with the PCI policies. If the situation evolves into having more than just one server in PCI compliance scope, then ESP would automatically add these other hosts to the PCI scope and apply the correct policies no matter where these hosts might by located. Consequently, you can keep focus on applying and enforcing the required PCI policies while dealing with a reduced compliance scope on a budget.
Dynamic Security Grouping is the automated process by which the Elemental Security Platform (ESP) manages the membership of host groups which are the deployment targets for security policies, and it is one of the key functionalities of ESP. ESP collects a variety of information about managed hosts, and uses this information as potential "grouping parameters". These parameters can be mixed and matched to create very broad or very granular host group definitions. This way the ESP system makes it easy to define and maintain security zones or micro-segments.
Dynamic Security Groups enable logical segmentation of network computing resources. As new systems or users connect or as new applications come online, they are automatically assigned to existing or new groups and each security policy is applied to all the hosts and users in a defined group. As the activity of individual hosts changes, group membership also changes automatically, and the correct policies are applied accordingly.
For example, an administrator can specify a policy such as "Members of the Policy Violation Group PCI can not access the servers in Group PCI Cardholder Data" and the ESP system dynamically updates network access rules based on user group membership, machine configuration, and policy compliance levels.
The cases for micro-segmentation
Elemental's Adaptive Micro-Segmentation allows for several applications:
- - Manage reduced compliance scopes
- - Prevent lateral movement of ransomware or other malware
- - Secure remote end-user environments, like Virtual Desktop Infrastructure (VDI)
- - Secure multi-tier applications
- - Secure Server to Server traffic
- - Define security zones anywhere
- - Create "Quarantine", "Untrusted", or "High Risk" groups of hosts allowing for containment of potentially compromised devices
- - Implement a Zero-Trust model
Implement Adaptive Micro-Segmentation - write policy once, enforce everywhere!
Micro-segmentation is more cost-effective and easier to implement than traditional firewall based network segmentation.
Micro-segmentation is host-based security segmentation which offers a more cost-effective faster way to reach a Zero-trust network model!
It is more effective at protecting data centers and cloud ecosystems against lateral data breaches. Since host-based, security segmentation is software-based and isn’t tied to the network, it offers several compelling benefits:
- - At least 500% more cost effective than firewalls
- - Has up to 90% fewer rules than firewalls
- - Deploys several times faster than firewalls
- - Easy to test before full production deployment
- - Segmentation rules can be updated in minutes
- - Low risk of breaking an application - nice for Devops
The ESP system provides constant and continuous automated monitoring, control, and remediation of host security policies, as well as continuous access control protection that automatically adapts to observed changes in the network environment. Elemental’s access control solution delivers immediate protection for key enterprise information assets by controlling access to them, and enhances enterprise existing initiatives with more in-depth policy-based security assessments of devices at the point of admittance. In addition, the Elemental solution provides ongoing risk-adjusted visibility and control for all systems on the network—which is key to the overall digital security.