What is network segmentation?

People demonstrating a figurative illustration of what network segmentation is.

Putting all your organization’s devices onto one public network and allowing VPN access to cloud-based resources without internal security is an ideal situation for hackers looking to steal data. But when internet connecting devices are everywhere from your phones to your printer, it can seem like there isn’t much choice. Yet, if even one of the devices in this scenario is compromised, it could spell disaster for all the devices involved. Network segmentation offers a possible solution to this problem that works by separating network resources. For this reason, learning what network segmentation is can be critical to your organization’s continued security.

But what is network segmentation really?

To be more specific than the brief explanation above, network segmentation involves dividing a large computer network into a number of smaller, isolated subnetworks. In some instances, networks can be so segmented as to have each device on its own isolated subnetwork. This limits the ability for malware to spread laterally across a network.

Why do you need network segmentation?

If your organization has a Wi-Fi and/or wired network that hosts many devices, then the threat of one of those devices being infected increases with each additional device. For this reason, it’s important to have internal means of keeping devices on your network from potentially spreading breaches between one another. This means relying on techniques like network segmentation and other methods recommended by the Zero Trust model, which outlines the need to protect not only the outside of your network, but from threats originating within your network as well.

In networks where devices aren’t kept isolated from one another, cyber criminals can spread their malicious code laterally across devices on a network until all the devices on that network are at risk. With network segmentation, the infection would likely be limited to a single device and not be able to spread.

How can I implement network segmentation?

A variety of technologies exist that can help your organization with network segmentation. A common technology deployed by solutions that help with network segmentation includes Next-Generation Firewalls (NGFWs). NGFWs enable networks to have firewalls within their internal infrastructure protecting their resources.

Another important consideration when implementing network segmentation is how segmented you would like your network to be. In general, the more segmented a network, the more secure it will be. However, segmenting too much can also make resources inaccessible to those who need them. It is, therefore, recommended to group similar resources. For example, all of the resources relating to SharePoint and other shareable file resources could be grouped together.

As for the implementation process itself, combining third-party services to segment your network is an option. Technologies like Network Access Control (NAC) can work to enforce network segmentation by managing which devices are granted access while technologies like Software Defined Perimeter (SDP) can work to implement network segmentation of resources even when they’re stored in the cloud and accessed by devices not using the corporate network itself.

How Impulse Can Help

Impulse’s SafeConnect NAC works to keep devices that are breaking security policies off your network, thereby helping internal network security practices like network segmentation. SafeConnect NAC also implements posture assessments that can help make sure devices connecting to your network follow your security policies such as those involving anti virus software.

For even more help with network segmentation, Impulse’s SafeConnect SDP functions as a more secure alternative to VPN. It can apply the concept of network segmentation beyond the scope of a single network to help protect network resources no matter which network a device uses to access them. SafeConnect SDP is even able to be so segmented that it can provide a perimeter of one around a user’s devices.

Are you a security superhero? Find out with Impulse’s Network Security Superhero Assessment!

Comments are closed.