I have network segmentation on the brain. Apparently, I am not the only one. Jack Koons posted a good summary. Please see them below

The Why!

…  Organization can achieve network resiliency and survivability through a strategy embracing network segmentation in general, and micro-segmentation in particular

Network segmentation removes the gooey inside, simultaneously reducing mean time to detection and mean time to remediation – the two most important metrics for security incidents. These steps make it very hard for any adversary to gain, maintain and further develop access and move freely across a network. In fact, this will significantly reduce attacker ROI, often making them look elsewhere for an easier target.

Segmentation is the solution to this problem with a particular focus on the emerging world of micro-segmentation. In this model, security profiles are adopted closer to the endpoint, thus replacing the traditional concept of a hardened single perimeter, and providing a dynamic and scalable perimeter wrapped around every workload.

Deployed correctly – particularly when combined with software defined networking and encryption – microsegmentation allows for the presentation of true “zero trust models” across the enterprise. This protects critical workload and business processes while reducing reliance on overly complex hardware-based infrastructure and rulesets (which bring their own vulnerabilities to the mix).

The key is to limit the extent by which the attacker retains any advantage inside the network, regain control and initiative, and reduce the impact of any attack across the enterprise. It’s a fact of life today that organizations will eventually be hit with a cyberattack.   But with the appropriate segmentation, they will survive if they are prepared and resilient

The Takeways

• Have you outlined your network segmentation strategy
• Is your company ready to support SDN  technology from an operational support perspective? That is, complete a gap analysis.