Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Six Steps to Segmentation in a Perimeterless World

Setting Objectives and Having a Clear Roadmap is the Best Path to a Successful Network Segmentation Journey

Setting Objectives and Having a Clear Roadmap is the Best Path to a Successful Network Segmentation Journey

Organizations have talked about segmentation for years as a strategy to improve overall security posture. While widely considered a security best practice, in today’s dynamic environments where the network perimeter is ever-evolving, segmentation can be challenging to implement, scale, and manage. A combination of new connected devices, changing business models, expectations for guest access, regulatory requirements, and evolving threats can make it a complex undertaking. Furthermore, you need a holistic approach that covers the campus, data center and cloud – anywhere an endpoint connects. Otherwise, you risk ending up with multiple segmentation strategies that compound complexity and may negatively impact security and user experience. 

However, you shouldn’t let this reality prevent you from moving forward. As Henry Ford said, “Nothing is particularly hard if you divide it into small steps.” Coming from the person who transformed factory production and was a driving force behind the industrial revolution, this advice carries some weight. In that spirit, I want to share six steps to successful segmentation. Whether you have in-house staff who can drive your segmentation project or are considering third-party advisory services, these activities are critical to success. 

In part one of this two-part article, I’ll cover proper planning and preparation. These activities will help ensure you create a segmentation strategy that is aligned with your business goals and drivers, and accurately defined to reduce security risk and strengthen security posture. With the right plan in place you’ll have a clear understanding of how you will accomplish your objectives and be better able to set expectations for the segmentation program.

1. Define Objectives. Setting objectives and laying out a clear roadmap is the best path to a successful segmentation journey. To do this, you need answers to critical questions, including:

• What business and security drivers are behind the segmentation initiative?

• What practices do you have in place to define asset classification? 

• What assets are critical to your business? 

• What threats are common in your business vertical? 

• How are you leveraging technologies and processes to address those threats? 

• Does your technology roadmap include an element of security? 

• What are your top business priorities and how do they align with your current security initiatives? 

• What are your pain points?

This information helps define the high-level strategy by gaining an understanding of business goals and drivers, critical business assets, known risks, and an overall understanding of the current enterprise security posture. This in turn helps you to determine next steps and priorities for reducing security risk and developing technology roadmaps.

2. Identify, Classify and Prioritize Assets. Working closely with key stakeholders, you’re now ready to define sets of assets and classify them by business impact, risk, function, and regulatory requirements. This classification is used to define security control capabilities and to help set priorities through clearly defined criteria. As examples, if a hospital considers radiology gear as a critical asset, then those devices should be identified and grouped with like devices. An insurance provider may consider all business services equally critical and group them together, but its corporate services may vary in criticality based on the impact on revenue-generating activities or compliance.  

3. Gain Visibility to Support and Augment the Strategy. To validate your work from step two, you need visibility into actual traffic and devices to ensure you haven’t missed anything. This process includes considering the types of traffic of interest (North, South, East and West), all physical and virtual devices collecting traffic, where to gather data (WAN edge, Access Layer, Cloud), the best sources of data, and an analytics platform to monitor, analyze, and report on the information. With the right tools and processes you can identify actual devices within a segment and trusts or policy with other segments. This allows you to discover unknown devices and traffic patterns and is crucial in understanding if, how, and where you might need to adjust your strategy based on what is actually happening within your environment.

You’ve now done the critical work to develop a segmentation strategy that matches your needs. In part two of this article, I’ll discuss the final three steps which focus on implementation and ongoing operation of your segmentation program. Specifically, I’ll review how to develop, validate, and enforce policies that are as dynamic as your environment to enable effective protection for your critical assets.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...