Cybersecurity specialist OPAQ Networks has added microsegmentation for workstations and other endpoints to its OPAQ Cloud platform to prevent lateral attacks, contain breaches and quarantines infected hosts.
The patent pending OPAQ PathProtect technology provides visibility into network activity and the ability to locally enforce security policies on devices from the cloud.
Perimeter security is designed to protect against external North-South threats, not internal East-West attacks that move laterally between workstations, servers, and other endpoints. Once an attack successfully bypasses the security perimeter and compromises a host on the network, malicious traffic can spread undetected throughout the internal network. According to Gartner, “In security, network segmentation is concerned with dividing up the network into zones to aid in compliance, security, risk and maintaining control.”
OPAQ PathProtect enables organizations to easily and flexibly implement network segmentation from the OPAQ Cloud without using VLANs or firewalls. It provides device-based visibility and control from the cloud to protect against insider and external attacks. The OPAQ PathProtect capability is fully integrated with other enterprise-grade security capabilities, including next-generation firewall, web application firewall and DDoS mitigation, accessible as-a-service from the OPAQ Cloud.
OPAQ PathProtect monitors hosts and learns traffic patterns, classifies them and allows for the creation of security policies that can be applied based on IP address, Host ID or user identity. It supports a range of functions, including Network Access Control (NAC), so admins can assign what resources hosts and users can access on the network. For example, unmanaged hosts can be prevented from accessing sensitive servers, and are identified and cataloged when they send traffic.
It also supports multi-factor authentication (MFA) integration to enable step-up authentication to tighten security for VPN access and within the internal network; the ability to segment specific devices, applications and data; and quarantines to isolate infected hosts from sensitive resources at the touch of a button.
“Companies are struggling to implement and manage a microsegmentation strategy that adheres to Zero Trust security principles,” said Tom Cross, CTO at OPAQ. “This is particularly true for midsize enterprises that lack the expertise and resources to defend against lateralization attacks. OPAQ PathProtect provides a powerful, simple, and flexible tool that enables our channel partners to implement software-defined network segmentation-as-a-service from the cloud. This is a first for the industry.”
OPAQ PathProtect will be available spring 2018 as part of the OPAQ Cloud from authorized OPAQ channel partners. It supports Windows desktops and servers, MacOS and Linux.