Application-Based Segmentation & Firewall
As applications move to the cloud, traditional network firewalls and segmentation lose effectiveness because these firewalls rely on IP address, port, and protocol based rules for enforcing access control and as the infrastructure becomes dynamic, the IP address based network traffic control and segmentation is not feasible. Securing application workloads in a dynamic environment requires that the Cloud Workload Protection Platform must be able to understand traffic and application infrastructure in real time without relying on underlying IP addresses in order to correctly enforce security policies. This cannot be achieved via static rules that quickly become obsolete or updating rules based on monitoring where a lag exists that permits unauthorized access or denies legitimate access.
K2 has developed a new approach for enforcing firewall and segmentation based on strong identity for application workloads that does not rely on IP addresses. The identities can be cryptographically validated to defeat spoofing. Firewall and segmentation policies are applied at each workload to ensure correctness and scaling. K2’s unique solution overcomes the security challenges with traditional firewall and segmentation solutions in today’s modern hybrid data center.