Network Segmentation: What Is It and Why Do You Need It?

[vc_row][vc_column][vc_column_text]At its simplest, network segmentation divides a network into smaller sections or subnets and each network segment acts as an independent network. Network segmentation can be done two ways: 1) Physically – using separate hardware to isolate networks 2) Logically – by creating Virtual Local Area Networks (VLANs) on managed switches or firewalls. For example,…

Share

[vc_row][vc_column][vc_column_text]At its simplest, network segmentation divides a network into smaller sections or subnets and each network segment acts as an independent network. Network segmentation can be done two ways:

1) Physically – using separate hardware to isolate networks
2) Logically – by creating Virtual Local Area Networks (VLANs) on managed switches or firewalls.

For example, one network segment may only have servers, the second has workstations and laptops, and a third has Voice over Internet Protocol (VoIP) phones.

Benefits of Network Segmentation
Network segmentation offers many benefits for businesses, including but not limited to, reducing the attack surface, preventing attackers from achieving lateral movement through systems, and improving performance.

Reducing Attack Surface
Segmentation improves cybersecurity by limiting how far an attack can spread. If a device in one segment is compromised, it can only affect others in its segment.

Preventing Lateral Movement
Network segmentation can stop harmful traffic in one segment from reaching devices in another. For example, servers and workstations typically have security software installed to protect those devices. However, Internet of Things (IoT) devices like Camera DVRs, time clocks, and printers usually do not have a security layer. By segmenting these devices, we add a layer of security in case there is vulnerability exploitation. If an IoT device is compromised, network segmentation limits the ability of an attacker to move from that IoT device to devices on other segments, preventing lateral movement to critical devices in a business such as servers, phones, or manufacturing equipment.

Improving Performance
Traffic shaping ensures that critical network segments have the resources they need and are prioritized over non-critical network segments. Using VLAN prioritization on the network adds the ability to prioritize traffic on one segment over traffic on another. An example would be prioritizing the critical network traffic from the VOIP phones over the web traffic from devices connected to the guest Wi-Fi network.

Are you using network segmentation? If not, call us, tell us about your situation, and we’ll let you know how we can help.[/vc_column_text][/vc_column][/vc_row]

Share