| INTEGRATIVE INSIGHTS ON EMERGING OPPORTUNITIES |
Integrative research means our extensive company research informs every thesis and perspective. The result is deep industry knowledge, expertise, and trend insights that yield valuable results for our partners and clients.
hsmith@firstanalysis.com
- As bad actors have learned to take advantage of the freedom inside a protected environment and internal threats have become better understood, cybersecurity spend has rapidly expanded from protecting internal assets from outsiders to better controlling lateral data flows within protected environments.
- In a world where lateral data flows for a business process can now span on-premise infrastructure, a company's own data center, third-party data centers such as AWS, Azure, and Google Cloud, and hosted cloud applications from third parties, microsegmentation is a key solution in the arsenal to protect business assets. Microsegmentation divides data center and other computing assets, regardless of physical location, into logical groupings, sometime down to very basic component and workload levels, and then creates and enforces policies for each segment.
- While microsegmentation can be highly effective and has great promise, its relatively early stage of evolution combined with its complexity mean there is a long runway for the market to grow as innovative cybersecurity companies invest to introduce better solutions. We highlight just a few of the companies providing some of today's leading solutions.
TABLE OF CONTENTS
Includes discussion of PANW, VMW, ZS and three private companies
Proliferation of lateral data flows shifts the nexus of vulnerability
Microsegmentation is key to protecting today's expansive computing environment
Enormous complexity requires automation
Common implementation challenges
Tradeoffs among microsegmentation solution types
Some leading microsegmentation players
See heavy investment, new products and M&A ahead
Cybersecurity index continues to soar, pulls further ahead of Nasdaq and S&P
M&A activity slows in Q1
Q1 private placements on track to rise from Q4 low
Proliferation of lateral data flows shifts the nexus of vulnerability
Most historical security spend has focused on preventing unauthorized or inappropriate access from outside a protected environment and keeping sensitive data inside a protected environment from leaving. These data movements are commonly referred to as north-south traffic. East-west traffic, or lateral data flows, refers to flows between points within a protected environment. For example, a person sending account information to a client creates north-south traffic, while an internal accounting system pulling data from an internal payroll database creates east-west traffic. In the early days of networking, east-west traffic received much less scrutiny than north-south traffic. However, as internal threats became more appreciated and bad actors learned to take advantage of the freedom they found once they had penetrated a protected environment, security postures changed to pay much more attention to east-west traffic.
Fast forward to today's networking environment where data is located in a combination of on-premise infrastructure, a company's own data center, third-party data centers such as AWS, Azure, and Google Cloud, and hosted cloud applications from third parties. A single application or workflow may use and pull data from all of these. For example, a cloud based payroll system may pull hours worked by employees from systems hosted in a third party data center and from on-premise databases. In this type of data environment, enterprises cannot rely on north-south focused network-based firewall architectures because lateral data flows are just as critical and trying to firewall every segment based on IP address mapping is difficult and largely ineffective at preventing attacks.