Network segmentation
and separation

network architecture improvement to increase cybersecurity

Network segmentation and separation

network architecture network architecture improvement to increase cybersecurity

Challenges

ICS and critical infrastructure are becoming the targets of cyberattacks. The variety of producers, solutions, and often undocumented modernizations of network infrastructure, as well as the provision of Internet devices pose a threat to the security and continuity of production or availability of services.

Industrial networks should be designed and modernized in a way that considers cybersecurity. In accordance with the principle of the least permissions and transferring only necessary information, industrial automation systems should ensure the movement of only the necessary packets in areas where controllers, visualization systems, and actuators are located. The purpose of network segmentation and the best cybersecurity practices is minimizing the likelihood that a network incident will interfere with their proper functioning.

How can we help?

The implementation of network segmentation is one of the important elements of good practice mentioned in post-incident analyses. One of the key stages is conducting network monitoring, during which we identify communicating devices. The purpose of such activities is to verify the significance of individual elements and to assign them to appropriate network segments. The proper definition of the network segments, combined with the analysis of communication using our platform allows for our effective support in the network rule creation process.

Depending on the company’s needs and specifics, we offer:

  • passive network monitoring,
  • support in the logical isolation and assignment of devices to appropriate segments,
  • choosing the right segmentation solution (logical and / or physical) adapted to the application,
  • description of traffic rules for active network devices,
  • identification of communication methods for ICS and IT systems.

Benefits

limiting the possible attack scenarios and reduction of effects of potential violations of individual security measures

significantly impeding cyberattacks

organising the active rules on network devices

Read more

Articles connected to Network segmentation and separation