Engineer working with cybersecurity software on desktop computer

Reduce attack surface and contain damage with Microsegmentation

How microsegmentation traps hazardous or unwanted data traffic within the network, thus containing cyberattacks

Microsegmentation: Closing all the bulkheads within the network

Want to stop unauthorized data traffic in your network and increase your security by stopping cyber criminals from moving laterally throughout your network if they manage to gain access? Traditional network security tools like firewalls are made to monitor and block external traffic coming into your network. Microsegmentation works differently: it isolates traffic inside networks with the help of software-defined network segments, using predefined rules.

Creating impermeable security zones with segmentation

Digital visualization of a safety lock.

Hackers went undetected within company networks for an average of 66 days in 2020*. Plenty of time to exfiltrate data. Traditional perimeter protection using firewalls – also known as macrosegmentation  – has limited utility, since malware that does make it through the firewall can pass undetected from workload to workload. Whereas with microsegmentation – if an attacker has gained access to the network, they remain trapped in the security zone. In the event of ransomware attacks, this ensures that no additional data can be encrypted, and/or blocks the path of malicious insider operators.

* Source: FireEye

No entry for malware

Hands on laptop with symbolic firewall and security lock icon.

This is how microsegmentation works: To inhibit lateral movement within networks, servers, data center, systems, software, and workloads are isolated from one another. At the same time, there are robust zones within the IT infrastructure, in which workloads or applications can securely exchange data. The motto: Anything that does not need to communicate must not communicate. External attackers or malicious insider operators are quickly stopped in their tracks thanks to network segmentation. Companies, on the other hand, reduce their security risks and avoid the consequences associated with cyberattacks such as reputational damage or loss of business.

Targeted, precise protection for your network and IT

Two businessmen using laptop in office together.

In an intensive advisory discussion, our IT security experts will help you to identify how microsegmentation can protect your business and your IT. We develop dedicated solutions based on network segmentation, and install and operate them for you, in addition to providing support and further development. In doing so, we make data connections transparent and create individual security policies, which, for example, prohibit unnecessary communication. In this way, we reduce the number and complexity of communication relationships in your company network. Thanks to this new, clear structure, you can easily determine, whether and how unauthorized parties are moving through your network.

Zero Trust: Control is always better

To integrate microsegmentation into your infrastructure, we operate on the principle of Zero Trust. The goal of this Zero Trust security model is to ensure that, in our digitalised, connected world, access to valuable data is exclusively given to authorised users. Consequently, it is necessary to control all activity within the network. With microsegmentation, we apply the Zero Trust principle to the communication between your workloads, applications, and servers. We visualise data flows, and control and suppress them where needed.

White paper: Is your cloud really secure?

For the most part, digitalization and cloud transformation go hand in hand. But just how secure are your cloud services? What threats are you facing, where are potential gateways for cyberattacks lurking? Our white paper shows how to effectively protect your cloud.

Microsegmentation in practice

The biggest advantage of microsegmentation: The dynamic approach automatically maps changes in the network. This is considerably more flexible, quicker, and more cost-effective than using a conventional firewall. An example: A tour operator's booking system exchanges information with the customer database and financial software. If the company stores the booking system in the cloud, the existing policies remain in place and are automatically used for the cloud application. The principle: Security policies are always linked to the application and not to the technological platform.

This is how companies master IT security challenges

Greater transparency in the company network

Robust security zones based on microsegmentation make your data and communication pathways transparent, thereby safely containing cyberattacks. How exactly does this work? Our security experts explain!

Do you visit t-systems.com outside of China? Visit the local website for more information and offers for your country.