Most organizations that I talk to still have their networks designed for 90's era attacks. A hard perimeter and little to nothing on the inside. The one common exception is the part of the network that processes credit card data since PCI DSS specifically identifies the Cardholder Data Network (CDN) and requires controls around it.
But that is woefully inadequate in the face of modern, persistent attacks which invariably begin with a single, “low value” endpoint like a laptop in Human Resources. Once an attacker gains control of workstation like that, he can usually move around the network with impunity – never being challenged.
Endpoints get compromised, it’s what they do. We have to change network architecture to barricade the network from attackers that have gained access to internal endpoints.
The answer of course is internal network segmentation. The extreme is microsegmentation where each and every machine operates in a zero-trust model in terms of what packets are allowed to and from it. That’s great but it really only addresses VMs and is beyond what most organizations can do right now. Segmentation doesn’t need to be an all-or-nothing proposition. And this doesn’t require re-architecting the physical structure of your network. It just requires a method of looking at your network, analyzing the pathways, and seeing the impact of rules and security controls.
Every organization already has a ton of network devices with ACLs in place including routers, switches and wireless access points. For all practical purposes, these are internal firewalls that just need to be configured to limit certain kinds of traffic. It’s a matter of impact analysis and what-if scenarios to ensure you don’t break legitimate traffic flows.
In this webinar, I’ll show you how valuable segmentation can be within your internal network. And I’ll discuss the different approaches and techniques available.
Then with help from our sponsor FireMon, we’ll dive into the impact analysis challenge of segmenting your network. Their technology is simple yet so powerful for helping you understand the thousands of rules already in your firewalls and for successfully segmenting without breaking the flow of business.