As the industry was reminded in the wake of recent high profile security breaches such as Target, being able to limit a hacker’s access to resources within the corporate network once they’ve penetrated the perimeter defense is almost as important as keeping them out to begin with. Of course, we’re talking about the value of trusted network segmentation. Unfortunately, this long-time best practice has created some very real challenges for organizations looking to created layered defense. Not only is it complex, but many myths and misconceptions exist surrounding what qualifies as real network segmentation.
Five such myths include:
- That role-based authentication is segmentation.
- That switches and WLANs provide adequate network segmentation.
- That passing PCI-DSS means a company’s segmentation is strong.
- That setting up my network segmentation is expensive and requires multiple security devices and firewalls.
- Finally, and scariest of all, that network segmentation just isn’t a priority for business.
Read the entire “Myths of Network Segmentation” infographic here.
Effective internal network segmentation allows administrators to place different levels of security on key corporate assets inside the perimeter, in effect establishing multiple layers of firewalls as additional barriers to entry. While segmentation isn’t something new, it is misunderstood. And, with the Internet of Things looming, and with employees wanting anytime, anywhere access, it’s more important than ever.
To help organizations simplify network segmentation, WatchGuard today announced the Firebox M440, the first appliance rich in truly independent ports, which helps reduce the complexity of segmentation and instantly simplifies the critical process of applying security policies across multiple network segments.
The WatchGuard Firebox M440 delivers 25 1Gb Ethernet ports, eight that deliver Power over Ethernet (PoE), plus two 10 Gb SFP+ (fiber) ports.
When combined with WatchGuard’s visibility solution, Dimension™, the Firebox M440 provides the industry’s only real-time, single-pane-of-glass view of the effect each policy is having on a specific segment of the network. For example, in the Policy Map image below you can see what type of network traffic travels across each network segment, and IT pros can drill down to get real time information on application usage, security services, and more.
IT pros can get real-time visibility into how policies are performing across different segments network of the network.
In conclusion, John Stengel, President of J Stengel Consulting, a network security, management and training firm, said it best. “Effective segmentation has never been more critical. The common misconception that strategies such as role-based authentication, or basic VLAN switching and routing constitutes effective network segmentation delivers a false sense of security. With the increased expectation for anytime employee access and advances around embedded Internet devices (IoT) and recent breaches like Target tied to a lack of proper segmentation, it has never been a better time for organizations to reevaluate how they segment the network and ensure they have the right policies applied.”
For complete product information, click here.