Network Segmentation

What is a Network Segmentation System?

Network segmentation refers to the act of dividing different parts of a network into separate segments or subnets. This is done either physically or technologically, usually as part of a network access control system that limits who can access what parts of the network.

Once organizations have identified subnetworks, they establish virtual fences around them using a variety of techniques, including VLANs, SDNs, and firewalls.

Why Is It Important to Have a Good Network Segmentation System?

Network segmentation vastly improves security by containing potential breaches to one subnetwork. It also improves an organization’s speed, as users work with only the network data that they need. Both these advantages are particularly important in these days when organizations must provide access to networks remotely.

What Internal Data Should I Have for a Good Network Segmentation System?

Similar to network access control systems, which often use segmentation practices, companies must verify their  users and devices before assigning access privileges based on organizational role or on identity or attribute. Whatever the rule for granting network access, however, organizations must ensure that subnetworks are separate and accessible by only authorized personnel.

What External Data Is Essential for a Good Segmentation System?

Since network segmentation concerns itself with internal network security, there is not much external data to consider. However, it is true that a good segmentation system should always run seamlessly with the host, whether it is an SDN or a private cloud. IT departments should also be alert to cybersecurity news in order to provide up-to-date service.

What External Data May Prove Useful for a Good Segmentation System?

Organizations may also take in user feedback to design or update the segmentation model.

What Are the Main Challenges of this Use Case?

Of course, organizations require security solutions like virus and malware protection. However, when SaaS companies provide these services to each subnet individually, they can get very expensive. If organizations cannot set up in-house applications, then they may need to find a supplier who can.

Finally, setting up segmented networks in the first place can be expensive. This is especially true when the subnetworks are divided physically as they cannot be remodeled easily. Even in terms of the amount of time spent setting up a non-physical segmentation system, there is a high cost to entry as organizations must log and grant permissions for all users and devices.

Interesting Case Studies and Blogs to Look Into

Illumio: What is Network Segmentation?
Cisco: A Framework to Protect Data Through Segmentation

Tangible Examples of Impact

On December 4th, President Trump signed the IoT Cybersecurity Improvement Act of 2020, which directs the National Institute of Standards and Technology (NIST) to create standards and guidelines on the use and management of internet of things devices by federal agencies and to develop guidance on vulnerability disclosure and the resolution of disclosed vulnerabilities.
…
NIST’s forthcoming IoT guidance … should also include cybersecurity best practices beyond those specified in the bill’s text, like network segmentation

FCW: IoT cyber law signed amid growing vulnerabilities