Page 49 - index
P. 49
Employing A Security Zone Matrix keeps you in control of your network security
Enterprises have hundreds of applications serving multiple lines of business, which adds to the
order of magnitude and complexity of any change, and must be factored in to any segmenting
exercise.
For example, when an organization rolls out a new application that requires interaction with
several other resources in the network, a visual map of how this application interacts with other
resources can help ensure that only the business required communications are allowed, while
other types of communication are blocked.
One customer we work with has segmented their network into 40 zones, split based on risk
assessments, business and compliance requirements. Some of the key segmentation they do
includes separation of the development network from the Internet, and even the general
enterprise network, so as to minimize any leakages of intellectual property or risk any viruses
entering that network.
In addition, organizations need to consider how they can be alerted on policy violations, so that
changes made ‘out of band’ can be immediately remediated, and security administrators made
aware of gaps between desired and actual segmentation. Organizations should consider
obtaining the ability to visually validate that the desired segmentation is the same as the actual
(or enforced) segmentation.
And they should analyze every network change across multi-vendor firewalls against the
corporate security policies and segmentation policies, for continuous governance and
compliance.
Recent breaches should have served as a wake-up call to those not closely watching their
network segmenting policies. Organizations should consider adopting a matrix approach to
network segmentation, to enable a clear baseline and set of rules for all ongoing changes. Once
this is established, they can consider enabling automation of these rules and policies as much
as possible, in order to reduce the risk of policy violations going unnoticed for days, weeks, or
months.
! " $
! # ! "
