In recent years, there has been a growing need to control East—West traffic within data center networks. Advanced threats often bypass traditional firewalls, gain a foothold and then move laterally within the network.
If your organization is moving to a flat network topology and/or a cloud environment, traditional network segmentation strategies will be complex or impossible to apply. As servers are rapidly provisioned and decommissioned, IP addresses change frequently, and it becomes difficult to continuously reprogram ACLs in routers, firewalls and switches. Proprietary “Software Defined Networking” products can do the job, but these solutions tend to be costly and difficult to implement, and they lock you into a single proprietary architecture.
THE SOLUTION: CLOUDPASSAGE HALO
The CloudPassage® Halo® agile security and compliance platform has been purpose-built to solve the East–West traffic problem in modern data center networks. Halo uses a micro-agent that can be deployed automatically on servers and cloud workloads. This allows Halo to orchestrate standard Linux and Windows firewalls and enforce granular network segmentation policies to protect against lateral movement and network attacks inside your data centers and cloud environments.
Halo lets you discover and visualize the IP connection patterns and listening ports of your workloads and servers, both between Halo-protected systems as well as connections to and from remote systems. This helps you create microsegmentation policies with confidence, ensuring that you are not blocking desirable traffic.
Block unwanted East-West traffic
Automate microsegmentation policies
Scale on demand
Minimal system impact