Cybercriminals have many tactics for attacking your organization’s systems and networks, and while many attacks fail, some do succeed — there were more than 800 publicly reported breaches in the first three quarters of 2020 alone, according to the Identity Theft Resource Center, and there were likely more that went unreported.
While preventing attacks is the goal of cybersecurity, it’s also important to realize an attack can happen and make plans to mitigate the impact of a successful breach. Network segmentation is a way to decrease the damage of an attack before it even happens.
What is network segmentation and why do you need it?
Network segmentation improves security and performance by dividing a computer network into subsystems — or segments — to control how traffic flows across the network. This means that the IT team can control who has access to each segment of the network. It also means that once a bad actor or malware gets into the system, they won’t have access to the entire network.
Why does this matter? According to Ponemon’s Cost of a Data Breach report, once a network is breached, it takes an average of 280 days to locate the breach and shut it down. That means the attacker is in your system, with access to your data and systems for more than half a year.
Network segmentation ensures that the attacker will be restricted to one subset of the network, where they can only do a limited amount of damage.
Best practices for network segmentation
1. Know who is connecting to your network (and what data they need to do their jobs)
You can’t segment correctly if you don’t know exactly who has access to the network, or what precisely they need access to, in order to perform their jobs. Before you begin any segmentation project, know which data needs to be accessed by whom so that you don’t have to re-architect the segmentation process later.
2. Don’t under-segment or over-segment
Segmentation projects can be tricky. A good successful segmentation plan has a few necessary and separate subsections. Too many can be too complicated. Too few can threaten your system’s security.
This is why knowing who needs what data is important. If you don’t have a good idea of your users and what they need to do their jobs, you may end up over-segmenting or under-segmenting. This is a common issue, and it means you might have to eventually go in and change the whole network. A few years ago, Gartner found that more than 70% of segmentation projects had to be redone because of over-segmentation.
3. Isolate access portals for your third-parties
Some of the highest-profile breaches in recent history happened because a bad actor used a third-party to access a company’s data. More alarmingly, when a third-party is involved in a breach, it takes longer to find the breach and costs an average of $207,411 more.
For those third-parties who need data to provide services, segment by creating isolated portals. That way they have access to what they need, but nothing else.
4. Make sure the legitimate path to data is easier than the illegitimate path
When segmenting your network, keep the architecture of your network in mind. You might create a path that requires a third-party to get past a number of firewalls to access the data they’re looking for — but what would a hacker do to get at the same data?
If there are only two firewalls between a bad actor and the data you need to be protected, but three or four between your vendors and the same data, it’s time to reorganize your architecture, so that the illegitimate path is the more difficult one.
5. Audit your network regularly
Regular network audits are key to protecting your networks and ensuring that no attackers can slip from one sub-segment to another. If you’re not regularly monitoring your network, you’re at risk of missing gaps in your architecture that might be exploited by a bad actor.
Audits are important for another reason as well; when new people or resources have been added to the network, or if your business needs have changed, your old segmentation plan may no longer work efficiently. By regularly monitoring your users, needs, and network, you can update your architecture so that it continues to work for you rather than against you.
How SecurityScorecard can help
It’s important to keep an eye on the doors through which bad actors enter your network: your endpoints and stolen credentials.
SecurityScorecard’s Ratings allow you and your organization’s business stakeholders to clearly understand and continuously monitor the most important cybersecurity KPIs for your company and your third-parties. Our ratings continuously monitor metrics like endpoint security, network security, and application security. Our ratings also monitor the web for hacker chatter and stolen credentials so you know what your vulnerabilities are, and can manage them in real-time.
