filmov
tv
Network Segmentation
Показать описание
What is Network Segmentation?
Network Segmentation is the security practice of dividing a network into smaller segments or subnetworks with limited inter-connectivity between them. Network Segmentation can be implemented logically (for example, VLANs) or physically (Firewalls, Routers, Switches, or other security devices). It allows network administrators the ability to control the flow of traffic between segments.
Segmentation separates the systems and applications within a larger network and allows each subnet to function as its own network. Devices within the same subnet can freely communicate, but those outside the subnet must pass through an appliance that helps ensure the out-of-network device does not pose a threat or other problems. This limited communication and activity between east-west or lateral systems improve the network in several ways, including:
• Increased security due to reducing the size of the larger network and decreasing the attack plane.
• Better containment by preventing the lateral movements of threat.
• Performance Improvements by limiting the number of users within an individual subnet.
• Better network visibility and monitoring.
• Access Control, preventing unauthorized users from accessing sensitive devices, applications, and data.
We want to point out that Network Segmentation is not the same as Micro-segmentation. Micro-segmentation is the security technique that enables security architects to logically divide their data center into distinct security segments down to the individual workload level and then define security controls and deliver service for each unique segment. If you would like to know more about Micro-segmentation, we cover it in a separate video.
Why is Network Segmentation Necessary?
One word – Cybersecurity. Every business with a network infrastructure should be deploying some form of Network Segmentation and Zero-Trust service due to the massive increase in cyberattacks. Cybercriminals are targeting all organizations, and the cost of a data breach has climbed into the multi-millions.
Most networks were designed to protect the internal systems, applications, information, and devices from the outside world. All services, functions, and activities within the internal perimeter were considered safe and trustworthy. Unfortunately, this is no longer true; due to phishing emails and Bring Your Own Devices (BYOD) inadvertently causing security breaches as well as deliberate attacks from disgruntled employees.
Zero-Trust Network Access
In today’s environment, Network Segmentation is deployed along with Zero-trust Network Access (ZTNA). Why? Well administrating Network Segmentation requires many device configurations and change management, so it is put in place as a secondary line of defense with ZTNA as the primary. One of the most significant benefits of ZTNA is that it assumes no one or no devices are inherently trusted outside or inside the perimeter and grants access based on privileges defined by set policies. ZTNA also requires no network connection, so there is no exposure of internal application to the outside world.
Network Segmentation is the security practice of dividing a network into smaller segments or subnetworks with limited inter-connectivity between them. Network Segmentation can be implemented logically (for example, VLANs) or physically (Firewalls, Routers, Switches, or other security devices). It allows network administrators the ability to control the flow of traffic between segments.
Segmentation separates the systems and applications within a larger network and allows each subnet to function as its own network. Devices within the same subnet can freely communicate, but those outside the subnet must pass through an appliance that helps ensure the out-of-network device does not pose a threat or other problems. This limited communication and activity between east-west or lateral systems improve the network in several ways, including:
• Increased security due to reducing the size of the larger network and decreasing the attack plane.
• Better containment by preventing the lateral movements of threat.
• Performance Improvements by limiting the number of users within an individual subnet.
• Better network visibility and monitoring.
• Access Control, preventing unauthorized users from accessing sensitive devices, applications, and data.
We want to point out that Network Segmentation is not the same as Micro-segmentation. Micro-segmentation is the security technique that enables security architects to logically divide their data center into distinct security segments down to the individual workload level and then define security controls and deliver service for each unique segment. If you would like to know more about Micro-segmentation, we cover it in a separate video.
Why is Network Segmentation Necessary?
One word – Cybersecurity. Every business with a network infrastructure should be deploying some form of Network Segmentation and Zero-Trust service due to the massive increase in cyberattacks. Cybercriminals are targeting all organizations, and the cost of a data breach has climbed into the multi-millions.
Most networks were designed to protect the internal systems, applications, information, and devices from the outside world. All services, functions, and activities within the internal perimeter were considered safe and trustworthy. Unfortunately, this is no longer true; due to phishing emails and Bring Your Own Devices (BYOD) inadvertently causing security breaches as well as deliberate attacks from disgruntled employees.
Zero-Trust Network Access
In today’s environment, Network Segmentation is deployed along with Zero-trust Network Access (ZTNA). Why? Well administrating Network Segmentation requires many device configurations and change management, so it is put in place as a secondary line of defense with ZTNA as the primary. One of the most significant benefits of ZTNA is that it assumes no one or no devices are inherently trusted outside or inside the perimeter and grants access based on privileges defined by set policies. ZTNA also requires no network connection, so there is no exposure of internal application to the outside world.
0:12:03
0:03:25
0:02:23
0:09:49
0:11:54
0:09:40
0:27:31
0:02:55
0:01:27
0:18:29
0:05:51
0:05:53
0:01:08
0:08:56
0:01:44
0:02:53
0:16:38
0:02:37
0:06:57
0:06:06
0:10:28
0:08:26
0:13:16