Navigating the 8D city: Why multi-dimensional network security is no longer optional

COMMENTARY - As a Field CTO, my work takes me across the globe. Some cities feel like old friends – the hustle-and-bustle of Santa Clara; the sunny, vibrant streets of Madrid. Some are less my speed, like Paris and London. But then there are cities like Chongqing that defy conventional understanding, cities I can only comprehend through the lens of my professional expertise – my network security brain.

Known as the "8D city" for its vertigo-inducing topography, Chongqing is a living, breathing cyberpunk mosaic: buildings built into mountainsides, stretching upwards with elevated highways that weave and spiral between their facades, allowing for vertical and horizontal movement. To navigate a city like this, you need more than a single-plane map – you need a 3D holographic guide that adapts in real time.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

We in the tech world are grappling with a similar challenge. Our environments are now sprawling across data centers, clouds, branch offices, and everywhere in between – a tangled web of layers, workloads, and identities. Yet many of us are still trying to secure a shapeshifting, multi-layered digital landscape with manual tools designed for a simpler, flatter world – these approaches to network security feel as useless as navigating Chongqing with a 2D map.

As I concluded my tenure at Palo Alto, I began exploring two pivotal questions: How do we innovate our network security capabilities to match the evolving complexity of our networks? How do we secure every traffic pattern between every layer – North/South, East/West, and even Up/Down? I think the answer – the future of network security and in some ways, the security of our world – lies in a combination of cornerstone capabilities that combine to provide multi-dimensional, holistic protection.

Security Needs to Match Network Complexity

One approach is microsegmentation, which has long been recognized as a powerful tool in cybersecurity, but the complexity and resource demands of traditional implementations have often hindered its adoption. Enter automated microsegmentation – a revolutionary approach that's changing the game. Here’s what’s different about true automated microsegmentation, and what to look for if you’re in the selection process:

Swift and Effortless Implementation

Legacy solutions require manual processes (tagging, grouping, policy creation and management) that can take years to fully implement, draining resources and delaying critical security improvements. Automated microsegmentation can be deployed in a matter of days and is much easier to manage in the long run. Anyone seeking cutting edge microsegmentation should prioritize solutions with automated asset discovery and classification (tagging, grouping); automated policy generation based on observed traffic patterns, eliminating the need for manual rule creation; and non-disruptive deployment that minimizes impact on existing operations.

Dynamic Adaptation to Changing Environments

Effective microsegmentation isn't just about rapid deployment; it's about continuous adaptation. In today's dynamic environments, your network is constantly evolving. Automated microsegmentation keeps pace with seamless adjustments to changes in cloud, hybrid, and on-premises infrastructure; and dynamic policy creation that continuously refines and adapts policies to your ever-growing and changing network – incorporating and protecting new assets and removing decommissioned ones.

Granular Control and Zero Trust

By breaking networks into smaller, isolated sections, teams gain unprecedented control of their network, transforming network security from a reactive stance to a proactive, adaptive Zero Trust defense. They’re able to achieve things like block lateral movement, leaving ransomware stranded and ineffective. Layering protection with MFA throughout the network, enforcing human and machine authentication to access assets is also key. The ability to enforce strict security policies at the level of specific workloads, applications, or devices; and support Zero Trust security principles, are also non-negotiable to ensuring that trust is never assumed and always verified.

Layer Microsegmentation with Next-Generation Firewalls (NGFWs) for Dynamic Protection

As networks become more complex, so too do the firewalls designed to protect them. Next-generation firewalls (NGFWs) are at the forefront of this evolution, offering sophisticated protection that goes far beyond traditional perimeter defense.

They offer deep packet inspection, examining traffic at higher TCP/IP layers, including the application layer, allowing for more accurate threat detection and prevention, better control over app usage and data flows, and enhanced visibility into network traffic patterns. NGFWs also include intrusion detection and prevention services (advanced ML powered threat prevention), enhancing their ability to detect and block suspicious traffic. Finally, they provide streamlined network architecture by combining multiple security functions in a single platform, reducing complexity and potential security gaps.

When combined, NGFWs and automated microsegmentation offer layered defense across every axis of network traffic – North/South, East/West, and Up/Down – to provide comprehensive, three-dimensional protection:

Let’s Leave Hackers Stranded and Penniless

Combining automated microsegmentation with NGFW capabilities can provide comprehensive, adaptive security across all network dimensions. This integration allows for real-time threat detection, automated policy enforcement, and rapid incident response. It enables organizations to maintain robust security postures in increasingly complex and dynamic network environments.

My call to the industry is to create a more resilient, adaptive, and comprehensive security framework that addresses the evolving threat landscape while supporting modern network architectures and compliance requirements. In other words, when a hacker enters a network protected with this holistic security combination, they won’t be able to move laterally or really do anything – they'll be left stranded and penniless.

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.