Segmentation: A Fire Code For Network Security
New technologies like software-defined segmentation are making it easier to prevent a compromise from spreading by separating users and network resources into zones.
October 5, 2015
Cybersecurity panic seems to be on the rise in 2015. Hacked cars,compromised healthcare records and one of the largest breaches in U.S. history have left many people wringing their hands in anxiety.
This scenario reminds me of the reactions to the large fires of the industrial revolution and the changes that happened afterward. In 1871 a fire broke out in Chicago, America’s fastest growing city at the time. Aided by high winds, the fire jumped from building to building until roughly one third of the city was destroyed. The event received immense media attention, and large-scale fires would later affect other urban centers such as London and Boston.
At the time, many criticized the rush to industrialize or blamed the catastrophe on divine retribution for a lack of morality – sound familiar? Despite the panic, the ultimate solution to the problem was constructing buildings a little farther from each other, utilizing flame-resistant materials and implementing quick response to fires. Fire codes are meant to create an environment that limits the spread of a fire, and the concept is equally effective when applied to network security.
In many networks, there is little stopping an attacker from accessing everything once they are inside. Like a fire, they spread from area to area until nothing is left and all of the data is compromised. Network segmentation is akin to bringing your network up to code. By separating users and network resources into separate zones, it prevents a compromise from spreading. And just as the invention of automatic sprinklers and quick response systems made firefighting more effective, new technologies are making segmentation easier, smarter and more dynamic.
Read the rest of the article at Dark Reading.
About the Author
You May Also Like