Hackers went undetected within company networks for an average of 66 days in 2020*. Plenty of time to exfiltrate data. Traditional perimeter protection using firewalls – also known as macrosegmentation – has limited utility, since malware that does make it through the firewall can pass undetected from workload to workload. Whereas with SD segmentation – also known as microsegmentation – if an attacker has gained access to the network, they remain trapped in the security zone. In the event of ransomware attacks, this ensures that no additional data can be encrypted, and/or blocks the path of malicious insider operators.
* Source: FireEye
This is how SD segmentation works: In order to inhibit lateral movement within networks, servers, systems, software, and workloads are isolated from one another. At the same time, there are robust zones within the IT infrastructure, in which workloads or applications can securely exchange data. The motto: Anything that does not need to communicate must not communicate. External attackers or malicious insider operators are quickly stopped in their tracks thanks to network segmentation. Companies, on the other hand, reduce their security risks and avoid the consequences associated with cyberattacks such as reputational damage or loss of business.
In an intensive advisory discussion, our IT security experts will help you to identify how software-defined segmentation can protect your business and your IT. We develop dedicated solutions based on network segmentation, install and operate them for you, in addition to providing support and further development. In doing so, we make data connections transparent and create individual policies, which, for example, prohibit unnecessary communication. In this way, we reduce the number and complexity of communication relationships in your company network. Thanks to this new, clear structure, you can easily determine, whether and how unauthorized parties are moving through your network.