Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Security in a Digital World Starts with a Strategic Approach to Segmentation

Has Your Network Segmentation Approach Changed in light of new Technologies and Business Models?

Has Your Network Segmentation Approach Changed in light of new Technologies and Business Models?

It seems that everyone is talking about mobility, the cloud, and digitization. While it’s exciting to think about the new business models these technologies make possible and the trillions of dollars in opportunities to be gained, there are also very real risks. As a security professional you are well aware that as connections multiply an exploding number of devices, users, and applications are gaining access to your network, creating more data to secure and new attack vectors for malicious actors to exploit. You have to keep up with the speed of business, but you must also demonstrate to organization stakeholders and board members what you’re doing to protect the organization from damaging cyber threats, like the recent cases of ransomware and destructive malware seen on personal computers and even corporate networks.  

Every industry has sensitive data and critical systems to protect. But many times you have minimal visibility and even less control over the devices connecting to that data – employee-owned devices, medical devices, smart meters, heating and air conditioning systems, supply chain partner systems, and more. Without the ability to ensure these devices and systems are secure and up-to-date with patches, protecting digital assets is a challenge. It’s not just the devices that matter, but the individuals too. If your business strategy includes suppliers, partners, and other third parties connecting to your network, you need to make sure those with the right credentials and identity have access to the right assets at the right time.

Network SegmentationNetwork segmentation has been around for quite a while as a way to secure data and IT assets. By isolating environments and critical systems from other areas of the network, it makes it harder for threat actors to take advantage of weaknesses in the infrastructure and policies. But most organizations fail to segment their networks at the device and user level, providing attackers who get in to a particular area of the network unfettered access across that segment. That’s like giving a hotel guest a master key to an entire floor or wing, which is what attackers using ransomware and other destructive malware count on. 

Once malware infects a device (computers, servers, machines, etc.), it moves laterally across an organization as it infects other devices and servers, locking up or stealing data and disrupting operations. Software defined segmentation enables companies to segment their network from the user and device level all the way back to the server. Granular network segmentation is a security best practice that dramatically curtails the ability of attackers to move about the network, limiting the spread of destructive malware and ransomware and helping to keep critical assets safe.  

You may have deployed network segmentation already. But has your approach changed in light of new technologies and business models? Does it provide the appropriate detail and controls required to stop malicious attacks? Is it bogging down audit and compliance processes? And is it making it difficult for employees and partners to get their jobs done?

If you’re taking a fresh look at network segmentation here are three important considerations to ensure you devise a strategic segmentation framework that will support your business objectives today and as they evolve.

1. Make sure the segmentation approach is specific to your organization’s needs. The most effective and efficient way to ensure that the framework will reflect the needs of all your stakeholders is by including them in the initial planning. With all network, security, and application teams in the same room at the same time, concerns and requirements can be addressed as a group. This collaborative approach helps to develop a model that incorporates specific privacy, security, and business needs from the beginning and saves time in the long run.

2. Ensure that the model extends beyond the datacenter. To mitigate damage from ransomware and other destructive malware, a segmentation framework must extend from the data center all the way out to the user. This requires considering all your connected devices, application data flows, any cloud services you’re using, your HR policies for access to critical data and assets, and your intellectual property. This allows you to use segmentation to help limit the lateral spread of malware, improving response and reducing the scope of damage from these types of attacks.

3. Understand how the segmentation framework can evolve with your environment. Your framework must be able to accommodate changes in the business, for example huge increases in the number of devices and machines on the network, shifts in topology with the rise of the cloud, mergers and acquisitions and the new systems and locations that must be protected, and regulatory evolution. Such flexibility provides additional layers of protection should patching not happen regularly and as attacks continue to evolve.

To allow your business to innovate and grow with confidence in an increasingly connected world, you need to take a more strategic approach to segmentation. By directly linking segmentation strategy to your business objectives you can help your organization deploy new business models while reducing risk, securing data, simplifying audit profiles, and addressing board-level requirements.

Written By

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).