Network segmentation is vital, but often overlooked.
Network segmentation is a crucial component of cybersecurity. It’s not fancy. It doesn’t fight off attackers or use AI to target suspicious activity. Instead, it’s a powerful tool that separates a network into smaller subnetworks that are isolated from one another. If an attacker breaks into one part of the system, it’s nearly impossible for them to get very far, so damage is contained, easier to detect, and faster to eradicate.
Most organizations need to revamp their network segmentation, but don’t.
When we come in to help organizations meet PCI requirements or shore up their cybersecurity, we often find that most don’t have a basic network segmentation plan in place. In fact, one of our partners, Fortinet, found that only 29 percent of IT decision makers had a plan to implement network segmentation in 2018.
The reasons companies don’t have a compliant or functional network segmentation plan in place are pretty common and understandable:
- The network is built over time, organically, to meet immediate needs
- Multiple vendors and users make it daunting to think about untangling and reorganizing the network infrastructure
- Many other security solutions are in place, putting network segmentation on the backburner
Example: Separating retail and service networks.
One of our customers, a utility provider, had the same issue that many organizations have: they weren’t meeting PCI requirements by keeping customer credit card transaction information separate from all other data and processes on the network. They had already failed two audits, and had one more chance to pass.
The solution was complex. Matrix worked with the provider to break up the network both virtually and physically, which involved creating new domains, building and changing firewalls, and adding switches, servers and other hardware. The end result was two entirely separate networks that could talk to each other, but were impenetrable from the outside. In the end, the company passed their PCI compliance audit. Another failure would have been disastrous.
Questions to ask about your network segmentation situation.
If you’re wondering whether your current network segmentation has the strength to defend against adversaries, ask yourself these questions:
- Do you know what’s on your network?
- Do you have a feel for how the devices and technologies that use the network touch each other?
- Do you have a policy for the devices on your network?
In addition, you need to be up on industry requirements for network segmentation. Financial institutions need to fulfill one set of regulations, while healthcare, manufacturing, utilities, education and other industries may need to satisfy different compliance rules.
Ultimately, your network needs to be segmented, whether you have specific compliance requirements or not. It’s an essential tool in your arsenal against cyberattacks.
Get an overview of our capabilities in cybersecurity in this set of videos and our security solutions approach towards making your network and your business more secure. Want to know more? Contact us!