Software-Defined Network Segmentation Provides Comprehensive Visibility and Control to Prevent Lateral Attacks, Contain Breaches and Quarantine Hosts
OPAQ, the network security cloud company, today announced the addition of microsegmentation for workstations and other endpoints to its OPAQ Cloud platform to prevent lateral attacks, contain breaches and quarantine infected hosts. The patent pending OPAQ PathProtect™ technology provides unprecedented visibility and control over network activity and the ability to locally enforce security policies on devices from the cloud.
Centralized Network Control, Local Security Enforcement From the Cloud
Perimeter security is designed to protect against external North-South threats, not internal East-West attacks that move laterally between workstations, servers, and other endpoints. Once an attack successfully bypasses the security perimeter and compromises a host, malicious traffic can spread undetected throughout the internal network. According to Gartner, “In security, network segmentation is concerned with dividing up the network into zones to aid in compliance, security, risk and maintaining control.”*
OPAQ PathProtect™ enables organizations to easily and flexibly implement network segmentation from the OPAQ Cloud without using VLANs or firewalls. It provides device-based visibility and control from the cloud to protect against insider and external attacks. OPAQ PathProtect™ is fully integrated with other enterprise-grade security capabilities, including next-generation firewall, web application firewall and DDoS mitigation, accessible as-a-service from the OPAQ Cloud.
OPAQ PathProtect™ monitors hosts and learns traffic patterns, classifies them, and allows for the creation of security policies that can be applied based on IP address, Host ID, or user identity.
Microsegmentation for Endpoints, Not Just Data Centers
Since OPAQ PathProtect™ is enforced on the endpoint, not the network, it supports the following capabilities and use cases:
- Network Access Control (NAC) to assign what resources hosts and users can access on the network. For example, unmanaged hosts can be prevented from accessing sensitive servers, and are identified and cataloged when they send traffic.
- Multi -Factor Authentication (MFA) integration enables step-up authentication to tighten security for VPN access and within the internal network.
- Granular Segmentation which is completely separate from the physical network architecture or network addressing, can be used to segment specific devices, applications, and data.
- Quarantine allows organizations to quickly isolate infected hosts from sensitive resources at the touch of a button.
“Companies are struggling to implement and manage a microsegmentation strategy that adheres to Zero Trust security principles,” said Tom Cross, Chief Technology Officer for OPAQ. “This is particularly true for midsize enterprises that lack the expertise and resources to defend against lateralization attacks. OPAQ PathProtect™ provides a powerful, simple, and flexible tool that enables our channel partners to implement software-defined network segmentation-as-a-service from the cloud. This is a first for the industry.”
OPAQ PathProtect™ will be available spring 2018 as part of the OPAQ Cloud from authorized OPAQ channel partners. It supports Windows desktops and servers, MacOS and Linux.
*Gartner “Best Practices for Network Segmentation for Security” Greg Young, Refreshed: January 4, 2018, Published: July 28, 2016.