Pico segmentation is an evolution of security segmentation that protects applications and data from modern, multifaceted attacks.
Understanding pico segmentation
Before we delve into pico segmentation, it may be useful to first explain two other related terms: segmentation and micro-segmentation.
Segmentation, sometimes referred to as network segmentation, controls the flow of traffic from one domain of control to another. Segments are structured in such a way that cross-domain communication cannot be nefariously established.
The internet traffic that flows into a DMZ, for instance, should only be able to communicate with the DMZ and vice versa. But if the security of the DMZ server is somehow comprised, a path can be created to another system in a different domain.
In theory, data from the domain should not be able to move onto the internet since perimeter segmentation rules would forbid it.
On that note, segmentation tends to be found on perimeter security products such as firewalls.
However, it does require a considerable amount of power to manage inbound and outbound states for what can total millions of sessions. As you may have surmised, this process is complex and resource-intensive.
The evolution of segmentation
Micro-segmentation is considered to be an evolution of network segmentation.
Instead of allowing traffic to be unmanaged once inside the domain, micro-segmentation manages traffic within a single domain of control such that only approved services, destinations, and sources can communicate with each other
Pico segmentation builds segments within a single domain, but places further limits on factors such as time of day, traffic volume, packet size, protocols allowed, and the number of ports used.
It also incorporates other heuristics that can tell the difference between authorized and unauthorized traffic sources. In this way, pico-segmentation affords security and risk managers more granular control over their infrastructure.
Pico segmentation and IoT
While many games and social media applications may only require standard network segmentation to maintain service levels and availability, the IoT systems and devices that support them will benefit from pico-segmentation to minimize risk and liability in the case of a security incursion.
In truth, IoT devices are proliferating at a rapid speed and many of them are released by the vendor with limited security capabilities. Many believe there is a real and immediate need for a more robust security solution that considers the increasing interconnectedness of devices.
Pico segmentation products
Avocado is one of the companies leading the way in pico segmentation services. The patented Avocado Security Platform (ASP) utilizes innovative pico segmentation to prevent the lateral movement of security threats across cloud and data center environments.
The ASP protects applications deterministically in real-time and enables clients to meet payment card industry (PCI), personally identifiable information (PII), and personal health information (PHI) standards. It also utilizes a policy-free approach that makes it a more resource-efficient option when compared to traditional segmentation.
- Pico segmentation is an evolution of security segmentation that protects applications and data from modern, multifaceted attacks.
- Pico segmentation is an evolution of micro-segmentation where segments are built within a single domain. To thwart attacks, it places further limits on factors such as time of day, traffic volume, packet size, protocols allowed, and the number of ports used.
- Pico segmentation may become increasingly important as the number of interconnected IoT devices proliferates.