Raz-Lee CEO Shmuel Zailer recently explained to IT Jungle how micro-segmentation enables zero-trust security in Firewall.
“The idea of micro-segmentation comes to security from a different corner,” he said. “Instead of thinking about what exactly somebody is doing to which object, etcetera, what you do is you start thinking about segments in your network.”
For instance, one segment of your network may stretch from Dallas to New York, he said. With micro-segmentation, the administrator would define the specific IP addresses and the specific ports that could be used, Zailer said.
Zero-trust goes beyond typical IBM i security by specifying not only who can access IBM i resources, but where they can access them, too. For instance, an outside contractor may have permission to log onto his client’s IBM i server in one of the client’s locations.
“But if he goes to another office where all the office was just going clerical operations and then he starts programming – well, you will have to change some definitions,” Zailer said.
The control over users and their activity across network segments is more fine-grained with zero-trust security and micro-segmentation, said Moshe Sofer, Raz-Lee’s marketing manager.
“They are not just controlling who is the user. They are also controlling who is the user and where is the user able to connect? From where to where? With which port? It’s really, really specific,” he said.
For instance, a user might have permission to move data via FTP from one location to another, whereas another user may only have permission to access the database. “They might have the same authority, but now with the Firewall you have planned control about how they are working,” Sofer said. “It’s how they enter inside the network and inside the network you are controlling who they are and what are they doing in these micro controlling transactions.”
iSecurity Firewall uses some security features of the IBM i operating system as part of its zero-trust implementation. Specifically, it uses the exit point for sockets, Zailer said. But the idea behind zero-trust is “completely different” than traditional IBM i security, he said.
“It’s different from old school security,” he said. “It’s a modern method. The processing time required to enforce this security is absolutely minimal, which means performance. People tend to think about it as more systematic. They can make less mistakes in the definition of the rules, because it’s so systematic.”
Raz-Lee has supported zero-trust security in iSecurity Firewall for some time now, but it is only now just starting to talk about it. Any users who have installed the latest release already have access to the micro-segmentation capabilities.
You can read the Full Article on IT Jungle.