FireEye Stories Blog

Microsegmentation For Macro Cloud Protection

The cloud has a special type of allure. Customer centricity, agility and reduction in costs—to name a few—are enticing benefits for all types of organizations.

However, new cloud speed often brings misalignment with IT rules and security protocols. While a business unit or developer operations can spin up cloud instances and connections at the speed of SaaS, the security team can easily be left out and unaware. Too often, a security team learns of a loose network policy and is left wondering: How long was that open to the internet?

With FireEye Cloudvisory, security teams go from being a gate to an enabler and protector—empowering the move and addition of cloud instances, accounts and apps so that a fully functioning cloud infrastructure can be reached without widespread pitfalls.

One of the ways that this enablement is delivered is through intelligent microsegmentation. Cloudvisory microsegmentation is an automatic way to deliver exacting and granular network policies for virtual machines and containers, based on workload function.

Unlike existing solutions that are based on virtualized and/or host-based firewalls, Cloudvisory leverages the cloud provider’s existing cloud-native security controls to enforce workload microsegmentation. Using cloud-native APIs for infrastructure and data flow discovery, Cloudvisory accelerates deployments, eliminates misconfigurations and minimizes the overhead associated with managing least-privilege polices at scale.

Cloud-Native Approach to Microsegmentation

To create, organize and manage security policies for environments with one or more clouds, an ideal solution will:

  • Deliver granular, intelligent micro-segmentation
  • Simplify policy creation using cloud-native security controls
  • Uncover misconfigured policy settings and helps remediate them
  • Organize policy controls for consistent, repeatable and immutable security in dynamic environments
  • Automate precise policy provisioning and deprovisioning across providers

Traditional microsegmentation solutions tend to be very invasive and inflexible, and do not support native cloud security controls. Their reliance on operating system (OS) or inline firewalls positions the security enforcement point inside the attack zone where malware can compromise both workloads and security controls. Inline firewalls increase cloud configuration complexity and scalability issues.

A lack of native controls forces customers to manually configure all cloud provider security controls. These security vendors do not monitor cloud-native enforcement points, increasing organizational risk. Rogue or accidental changes can expose environments to hackers and interrupt active applications.

Experience Cloudvisory For Yourself

Cloudvisory is a complete solution that has been engineered so its component parts (visibility, compliance and governance) work better together. Take the self-guided tour today to experience how Cloudvisory delivers the power of microsegmentation to improve security posture.

Ready to get take advantage of microsegmentation? Connect with us today to see a demo or to learn more. Reach out to your sales engineer to get more information and a walkthrough of how we can help!