Lots of organizations will start the new year with a plan to implement finer-grained segmentation near the top of their risk register. This makes it a great time to take a quick glance at “state-of-the-art” for segmentation. After all, micro-segmentation is no longer an infant technology. Some organizations have had it deployed for seven full years! Early adopters crossed the threshold of tens of thousands of systems protected many years ago. So it is worth asking, what is the state of micro-segmentation at the beginning of 2021? What kind of success should you expect from the vendors seeking your business?
Given that micro-segmentation is no longer a new technology, it is easier to get a sense of a potential supplier’s sophistication and maturity. With dedicated engineering teams, thought and product leaders have been building products for micro-segmentation for over seven years. These products are not re-spins or pivots but ground-up efforts tailored to the problem at hand. Unsurprisingly, these same solutions not only feature in the work of industry analysts but are consistently in the “upper right” portion of the vendor rankings. Check out the Forrester Wave Report and Gartner Peer Reviews as a place to start. In every industry, there are opportunists that spring up to try to enter a market late, typically copying the leader’s messaging almost word-for-word, but without any of the relevant product or industry maturity to back up those claims. There is real micro-segmentation expertise and there are established vendors that have proven themselves, so start with the acknowledged leaders. Look for durable companies with purpose-built products and years of happy customer renewals.
Micro-segmentation is well proven at scale as we enter 2021. Any vendor claiming to be a leader should have multiple enterprise customers with over 100k systems fully deployed and protected, and many customers in the mid to high 10,000s of systems. Demonstrating success in the 5k and below system count should be trivial, and industry-specific references should be expected. All credible vendors should be able to satisfy redundancy, high availability, policy distribution, logging, and other concerns at full scale. There should be no scale-limited features. If purchasing within the large enterprise space, look for solutions that can handle 10-25k systems per instance. You will want the scale units for micro-segmentation policy engines to match the size and scope of typical data centers. Expect single-pane-of-glass administration across a multi-data center environment.
Finally, as we enter 2021, look for vendors with significant implementation experience and expertise. The market leaders will have well over a million systems deployed across every major vertical. Micro-segmentation is different from writing firewall rules, so having an experienced guide saves time and effort. Look for vendors that deeply understand the operational impact on existing teams. If your organization has a tight deadline, look for companies that can execute quickly. It is entirely possible to secure 11,000 machines with a fully active micro-segmentation policy to pass an audit in four months. If a vendor recommends an “alert-only” policy deployment, keep moving – there’s no reason to settle for less than full policy implementation. Automation is important to most organizations, so ensure your vendor has significant experience in delivering fully automated micro-segmentation solutions with deep integration into DevOps and cloud workflows. Leading vendors will have many deployments above 10k nodes that operate entirely under automation. Expect vendor solutions that can withstand an entire enterprise data center going offline and coming back up in minutes and still keep policy flowing. It’s 2021, and enterprise maturity is a valid expectation.
If improved segmentation is on your “to-do” list this year, you can expect to have a positive experience and a successful project. Micro-segmentation is not new – it's been available for well over half a decade. There are vendors with significant market presence, scale, and experience in every aspect of micro-segmentation. Start there, and you’ll be well on the way to an effective micro-segmentation project inside your organization.
For a deeper dive on all of this and for other tips for a successful micro-segmentation implementation, check out the eBook, Secure Beyond Breach: A Practical Guide to Building a Defense-in-Depth Cybersecurity Strategy Through Micro-Segmentation.