Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Security in a Digital World Starts with a Strategic Approach to Segmentation

Has Your Network Segmentation Approach Changed in light of new Technologies and Business Models?

Has Your Network Segmentation Approach Changed in light of new Technologies and Business Models?

It seems that everyone is talking about mobility, the cloud, and digitization. While it’s exciting to think about the new business models these technologies make possible and the trillions of dollars in opportunities to be gained, there are also very real risks. As a security professional you are well aware that as connections multiply an exploding number of devices, users, and applications are gaining access to your network, creating more data to secure and new attack vectors for malicious actors to exploit. You have to keep up with the speed of business, but you must also demonstrate to organization stakeholders and board members what you’re doing to protect the organization from damaging cyber threats, like the recent cases of ransomware and destructive malware seen on personal computers and even corporate networks.  

Every industry has sensitive data and critical systems to protect. But many times you have minimal visibility and even less control over the devices connecting to that data – employee-owned devices, medical devices, smart meters, heating and air conditioning systems, supply chain partner systems, and more. Without the ability to ensure these devices and systems are secure and up-to-date with patches, protecting digital assets is a challenge. It’s not just the devices that matter, but the individuals too. If your business strategy includes suppliers, partners, and other third parties connecting to your network, you need to make sure those with the right credentials and identity have access to the right assets at the right time.

Network SegmentationNetwork segmentation has been around for quite a while as a way to secure data and IT assets. By isolating environments and critical systems from other areas of the network, it makes it harder for threat actors to take advantage of weaknesses in the infrastructure and policies. But most organizations fail to segment their networks at the device and user level, providing attackers who get in to a particular area of the network unfettered access across that segment. That’s like giving a hotel guest a master key to an entire floor or wing, which is what attackers using ransomware and other destructive malware count on. 

Once malware infects a device (computers, servers, machines, etc.), it moves laterally across an organization as it infects other devices and servers, locking up or stealing data and disrupting operations. Software defined segmentation enables companies to segment their network from the user and device level all the way back to the server. Granular network segmentation is a security best practice that dramatically curtails the ability of attackers to move about the network, limiting the spread of destructive malware and ransomware and helping to keep critical assets safe.  

You may have deployed network segmentation already. But has your approach changed in light of new technologies and business models? Does it provide the appropriate detail and controls required to stop malicious attacks? Is it bogging down audit and compliance processes? And is it making it difficult for employees and partners to get their jobs done?

If you’re taking a fresh look at network segmentation here are three important considerations to ensure you devise a strategic segmentation framework that will support your business objectives today and as they evolve.

1. Make sure the segmentation approach is specific to your organization’s needs. The most effective and efficient way to ensure that the framework will reflect the needs of all your stakeholders is by including them in the initial planning. With all network, security, and application teams in the same room at the same time, concerns and requirements can be addressed as a group. This collaborative approach helps to develop a model that incorporates specific privacy, security, and business needs from the beginning and saves time in the long run.

2. Ensure that the model extends beyond the datacenter. To mitigate damage from ransomware and other destructive malware, a segmentation framework must extend from the data center all the way out to the user. This requires considering all your connected devices, application data flows, any cloud services you’re using, your HR policies for access to critical data and assets, and your intellectual property. This allows you to use segmentation to help limit the lateral spread of malware, improving response and reducing the scope of damage from these types of attacks.

Advertisement. Scroll to continue reading.

3. Understand how the segmentation framework can evolve with your environment. Your framework must be able to accommodate changes in the business, for example huge increases in the number of devices and machines on the network, shifts in topology with the rise of the cloud, mergers and acquisitions and the new systems and locations that must be protected, and regulatory evolution. Such flexibility provides additional layers of protection should patching not happen regularly and as attacks continue to evolve.

To allow your business to innovate and grow with confidence in an increasingly connected world, you need to take a more strategic approach to segmentation. By directly linking segmentation strategy to your business objectives you can help your organization deploy new business models while reducing risk, securing data, simplifying audit profiles, and addressing board-level requirements.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.