Advanced cyber-attacks like Ke3chang have exploded the myth that firewall security can prevent attacks. Ke3chang used phishing emails to initially gain access to high-profile government and private-sector IT networks and then move throughout the network to gain access to private data. Whilst network segmentation couldn't have prevented the attack, it could have limited its spread.
With this in mind, I recently presented a webinar on enterprise network segmentation and how it can be applied.
Network segmentation involves splitting a computer network into subnets, each being a network segment or network layer. Advantages of splitting networks include boosting performance and improving security.
However it's very difficult to manage and implement network segmentation. Complexity is increasing with hundreds of firewalls, zones, rules and restrictions. IT network complexity means segmentation has to be updated and maintained constantly. Other challenges also include connectivity, compliance and risk and collaboration.
Most organizations that have completed segmentation of their network rely on spread-sheet mapping the different network segments and the relationship (or access restrictions) between them. But there are better solutions. What's required is an automated approach to network segmentation where security admins can visualize their network segments, define the access allowed between different segments and decide the priority for this access.
Based on our conversations with customers we've come up with a process of four steps to help you implement segmentation and protect your business network:
- Identify sensitive assets and define security zones
- Establish connectivity restrictions between security zones
- Detect segmentation violations across the network
- Remediate violations and tighten security policies
- Embed segmentation checks in to the network change process
- Automate change process for superior business agility
- Plan application architecture that enforces segmentation
- Orchestrate rapid and secure delivery of applications or services
For more information about how you can effectively implement network segmentation and protect your business from both internal and external threats, you can watch a recording of the webinar here or learn more about network segmentation here.