Years ago, many companies relied on a perimeter defense strategy, assuming that would be enough to protect their network. But in today’s cyber-security landscape, threats can just as easily come from inside the network. According to the IBM 2015 Cyber Security Intelligence Index, 55 percent of all attacks were carried out by either malicious insiders or inadvertent actors. For example, modern malware can be unwittingly downloaded onto a remote employee’s laptop, lie dormant until the employee reconnects to the corporate network, and then spread to other endpoints on the network.
Network segmentation is key to containing the damage from such cyber threats. Simply put, network segmentation is the act of splitting a network into many “sub networks” known as segments. This approach allows organizations to group applications and like data together for access by a specific group (e.g., finance). It also limits the range of access provided to an insider, partner, or a third party.
By creating different network segments and enabling users and devices to access only the information and servers based on their role or type, an organization can prevent the malware from spreading laterally to other endpoints and servers with sensitive data. Network segmentation provides the essential layer of security designed to protect valuable corporate assets from unauthorized access.