How AI brings greater accuracy, speed, and scale to micro segmentation

Looking to gain the speed, scale and time-to-market advantages that multicloud tech stacks provide their new digital-first business initiatives, making microsegmentation table stakes is essential for protecting future growth.

Gartner predicts that through 2023, at least 99% of cloud security failures will be the user’s fault. Getting microsegmentation right in multicloud configurations can make or break any zero-trust initiative. Ninety percent of enterprises migrating to the cloud are adopting zero trust, but just 22% are confident their organization will capitalize on its many benefits and transform their business. Zscaler’s The State of Zero Trust Transformation 2023 Report says secure cloud transformation is impossible with legacy network security infrastructure such as firewalls and VPNs.

Defining microsegmentation

Microsegmentation divides network environments into smaller segments and enforces granular security policies to minimize lateral blast radius in case of a breach. Network microsegmentation aims to segregate and isolate defined segments in an enterprise network, reducing the number of attack surfaces to limit lateral movement.

It’s considered one of the main components of zero trust and is defined by NIST’s zero-trust framework. CISOs tell VentureBeat that microsegmentation is a challenge in large-scale, complex multicloud and hybrid cloud infrastructure configurations and they see the potential for AI and machine learning (ML) to improve their deployment and use significantly.

Gartner defines microsegmentation as “the ability to insert a security policy into the access layer between any two workloads in the same extended data center. Microsegmentation technologies enable the definition of fine-grained network zones down to individual assets and applications.”

Microsegmentation is core to zero trust

CISOs tell VentureBeat that the more hybrid and multicloud the environment, the more urgent — and complex — microsegmentation becomes. Many CISOs schedule microsegmentation in the latter stages of their zero-trust initiatives after they’ve achieved a few quick zero trust wins.

“You won’t really be able to credibly tell people that you did a zero trust journey if you don’t do the micro-segmentation,” David Holmes, Forrester senior analyst said during the webinar “The time for microsegmentation is now,” hosted by PJ Kirner, CTO and cofounder of Illumio.

Holmes continued: “I recently was talking to somebody [and]…they said, ‘The global 2000 will always have a physical network forever.’ And I was like, “You know what? They’re probably right.’ At some point, you’re going to need to microsegment that. Otherwise, you’re not zero trust.”

CIOs and CISOs who have successfully deployed microsegmentation advise their peers to develop their network security architectures with zero trust first, concentrating on securing identities often under siege, along with applications and data, instead of the network perimeter. Gartner predicts that by 2026, 60% of enterprises working toward zero trust architecture will use more than one deployment form of microsegmentation, up from less than 5% in 2023.

Every leading microsegmentation provider has active R&D, DevOps and potential acquisition strategies underway to strengthen their AI and ML expertise further. Leading providers include Akamai, Airgap Networks, AlgoSec, Amazon Web Services, Cisco, ColorTokens, Elisity, Fortinet, Google, Illumio, Microsoft Azure, Onclave Networks, Palo Alto Networks, Tempered Networks, TrueFort, Tufin, VMware, Zero Networks and Zscaler.

Microsegmentation vendors offer a wide spectrum of products spanning network-based, hypervisor-based, and host-agent-based categories of solutions.

How AI and ML simplify and strengthen microsegmentation

Bringing greater accuracy, speed and scale to microsegmentation is an ideal use case for AI, ML and the evolving area of new generative AI apps based on private Large Language Models (LLMs). Microsegmention is often scheduled in the latter stages of a zero trust framework’s roadmap because the large-scale implementation can often take longer than expected.

AI and ML can help increase the odds of success earlier in a zero-trust initiative by automating the most manual aspects of implementation. Using ML algorithms to learn how an implementation can be optimized further strengthens results by enforcing the least privileged access for every resource and securing every identity.

Forrester found that the majority of microsegmentation projects fail because on-premise private networks are among the most challenging domains to secure. Most organizations’ private networks are also flat and defy granular policy definitions to the level that microsegmentation needs to secure their infrastructure fully. The flatter the private network, the more challenging it becomes to control the blast radius of malware, ransomware and open-source attacks including Log4j, privileged access credential abuse and all other forms of cyberattack.

Startups jumping into the space

Startups see an opportunity in the many challenges that microsegmentation presents. Airgap Networks, AppGate SDP, Avocado Systems and Byos are startups with differentiated approaches to solving enterprises’ microsegmentation challenges. AirGap Networks is one of the top twenty zero trust startups to watch in 2023. Their approach to agentless microsegmentation shrinks the attack surface of every connected endpoint on a network. Segmenting every endpoint across an enterprise while integrating the solution into a running network without device changes, downtime or hardware upgrades is possible.

Airgap Networks also introduced its Zero Trust Firewall (ZTFW) with ThreatGPT, which uses graph databases and GPT-3 models to help SecOps teams gain new threat insights. The GPT-3 models analyze natural language queries and identify security threats, while graph databases provide contextual intelligence on endpoint traffic relationships.

Prime areas for AI and ML

AI and ML can deliver great accuracy, speed and scale in microsegmentation in the following areas:

Automating policy management

One of the most difficult aspects of microsegmentation is manually defining and managing access policies between workloads. AI and ML algorithms can automatically model application dependencies, communication flows and security policies. By applying AI and ML to these challenges, IT and SecOps teams can spend less time on policy management. Another ideal use case for AI in microsegmentation is its ability to simulate proposed policy changes and identify potential disruptions before enforcing them.

More insightful, real-time analytics

Another challenge in implementing microsegmentation is capitalizing on the numerous sources of real-time telemetry and transforming them into a unified approach to reporting that provides deep visibility into network environments. Approaches to real-time analytics based on AI and ML provide a comprehensive view of communication and process flows between workloads. Advanced behavioral analytics provided by ML-based algorithms have proven effective in detecting anomalies and threats across east-west traffic flows. These analytics improve security while simplifying management.

More autonomous asset discovery and segmentation

AI can autonomously identify assets, establish communication links and identify irregularities and distribute segmentation policies without manual intervention. This self-sufficient capability diminishes the time and exertion needed to execute microsegmentation and maintains its currency as assets alter. It additionally mitigates the potential for human error in policy development.

Scalable anomaly detection

AI algorithms can analyze extensive amounts of network traffic data, allowing for the identification of abnormal patterns. This empowers scalable security measures while maintaining optimal speed. By harnessing AI for anomaly detection, microsegmentation can expand across extensive hybrid environments without introducing substantial overhead or latency. This ensures the preservation of security effectiveness amidst the expansion of the environment.

Streamlining integration with cloud and hybrid environments

AI can improve microsegmentation’s integration across on-premises, public cloud and hybrid environments by identifying roadblocks to achieving optimized scaling and policy enforcement. AI-enabled integration provides a consistent security posture across heterogeneous environments, eliminating vulnerabilities attackers could exploit. It reduces operational complexity as well.

Automating incident response

AI allows for automated responses to security incidents, reducing response times. Microsegmentation solutions can use trained ML models to detect anomalies and malicious behavior patterns in network traffic and workflow in real-time. These models can be trained on large datasets of normal traffic patterns and known attack signatures to detect emerging threats. When a model detects a potential incident, predefined playbooks can initiate automated response actions such as quarantining affected workloads, limiting lateral movement and alerting security teams.

Enhanced collaboration and workflow automation

AI streamlines team collaboration and automates workflows, decreasing the time required for planning, analysis and implementation. By enhancing collaboration and automation, AI has optimized the entire microsegmentation lifecycle, allowing for a quicker time-to-value and ongoing agility, thereby enhancing the productivity of security teams.

Essential to zero trust architecture

Microsegmentation is essential to zero trust architecture, but scaling it is difficult. AI and ML show potential for streamlining and strengthening microsegmentation in several key areas, including automating policy management, providing real-time insights, enabling autonomous discovery and segmentation and more.

When microsegmentation projects are delayed, AI and ML can help identify where the roadblocks are and how an organization can more quickly reach the results they’re after. AI and ML’s accuracy, speed and scale help organizations overcome implementation challenges and improve microsegmentation. Enterprises can reduce blast radius, stop lateral movement and grow securely across complex multicloud environments.