Network segmentation is a network security strategy that involves splitting up your company’s network into disconnected segments.
Malware threats are evolving – many malicious software is designed with the worm capability. Wormable malware has the ability to spread throughout a network without additional input from the victim once it has infiltrated an unprotected system. The advantage of dividing a network into disconnected segments is that if a security breach were to occur in one section, the other areas of the company can remain safe from the attack.
Segmentation Policy is the strategy that you use to split your network. Every company should enforce a segmentation policy that is unique to their IT security needs. For instance, computers containing sensitive customer information may be kept offline to prevent malware from infecting it via the internet. Using network segmentation, critical computers with sensitive information can be kept away from the edges of the network, protecting them from the most vulnerable areas.
Air Gapped Machines
Air gapped machines are computers that are completely detached from the internet. The only way to transfer information to and from the system is physical drives such as USBs and external hard drives. The advantage of an air gapped computer is that as long as the devices being connected to it are kept clean of malware, there is no way that a cyberattacker can gain access to the PC using the internet. However, keeping the computer updated with the latest manufacturer security patches becomes a major complication.
Disadvantages of network segmentation
While network segmentation is a good method of protecting critical areas of a company’s network, it can also come with many productivity disadvantages. For instance, because traffic between segments has been cut off, deploying network apps on the company server can become a difficult process.
A solution that can be used to overcome this is to strategically segment parts of a company network that would have little impact on daily productivity. This would allow for employee computers to use cloud apps for collaboration. Meanwhile, redundant backups of sensitive data can be kept segmented from the internet, protecting it from cyberattacks such as ransomware.