Enterprise Network Protection: Protecting Data through Network Segmentation

September 14, 2016

targeted attacks defensive measures View Securing Data Through Network Segmentation in Modern Enterprises

The previous enterprise guide on data protection discussed how enterprises could improve data security by applying data classification. This enterprise guide discusses another security strategy that enterprises need to apply in protecting their data: network segmentation.

Network segmentation is the task of creating networks for similar functioning machines or endpoints in a larger environment. For example, a company may choose to create a specific network for all printers, a dedicated network for finance, or a network just for servers. The purpose of network segmentation is to provide security for all data while making it convenient for IT administrators to monitor the environment. The creation of multiple networks effectively improves the security of networks that contain crucial files.

Combined with data classification, network segmentation can protect highly sensitive data from being accessed easily by either personnel without proper authentication or cybercriminals who have successfully infiltrated the network.

Enterprise Standards

Throughout the industry, there are many models that can be applied to implement network segmentation. These models are designed to protect highly sensitive data in the best way possible for their corresponding field. For example, the Purdue Model of Control Hierarchy consists of five different zones and six levels, and is widely used by industrial control systems. The Payment Card Industry Data Security Standard provides a set of rules for payment card companies that process, store, or transmit cardholder data. And Micro Segmentation is a network administrator guide for small office/home office (SOHO) networks which provides a good level of security. These are just a few of the models used by varying enterprises.

Common Network Threats

Network segmentation can also play a big part in preventing data breaches, and minimizing the damage of ransomware. Having a properly segmented network can help prevent a threat from spreading to other parts of the network. In a data breach scenario involving a network without segmentation, moving from one system to another would be easy for cybercriminals who are looking for data that they can sell in the underground.  Tracking suspicious movement would be difficult, and highly sensitive files would be easy to access.

Network segmentation gives IT admins a way to create tighter security options for networks with important data. They may choose to limit those who can access the network or apply whitelisting in order to specifically define acceptable communication paths and block the rest.

In a ransomware scenario where ransomware targets an enterprise, network segmentation can help minimize damages. In the scenario where an endpoint is infected with ransomware that can move across the network, a segmented network would prevent the threat from spreading elsewhere.

Benefits of Network Segmentation

For IT administrators, segmented networks can provide better visibility of the entire virtual corporate environment. This gives them an edge in terms of protecting each segment and monitoring threats. It also makes it easier to install or remove components of a network.

As much as network segmentation can help industries, this alone cannot stop all incoming threats. It should be complemented with protection from malware, vulnerabilities, and can detect suspicious movement or communication within the network.

To learn more about how network segmentation plays a big part in protecting data, read the attached primer, Securing Data through Network Segmentation in Modern Enterprises.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.