When done right, network segmentation brings rewards
96% of organizations report implementing segmentation in their networks, but only 2% of these organizations segment the six critical asset classes, including mission-critical applications, consumer applications, domain controllers, points of termination, servers and critical business / data assets, with segmentation, according to a Vanson Bourne survey.
The study interviewed 1,000 IT security decision makers in seven countries, detailing current trends in segmentation between enterprises and the security benefits associated with strong segmentation implementations.
Segmentation is an IT approach that separates critical areas of the network to control east-west traffic, prevent lateral movement, and ultimately reduce the attack surface. Traditionally, this has been done through an architectural approach – relying on hardware, firewalls, and manual labor. This can often prove to be tedious and labor intensive, which is a contributing factor with 82% of respondents saying network segmentation is a ‘huge task’.
The benefits of implementing network segmentation
Research reveals that segmentation strategies are often limited in breadth and depth, in part for the reasons mentioned above. Modern segmentation uses a software approach that is easier to use, faster to implement, and capable of securing more critical assets. Research shows that organizations that take advantage of the latest approach to segmentation will experience critical security benefits, such as identifying more ransomware attacks and reducing the time it takes to mitigate. the attacks.
âThe report’s findings demonstrate how valuable a strong segmentation strategy can be for organizations looking to reduce their attack surface and stop damaging attacks such as ransomware,â said Pavel Gurvich, SVP, Akamai Enterprise Security.
âIn the past, implementing segmentation at the infrastructure level was difficult, but we see a lot of interest and opportunity for organizations to implement software segmentation that greatly simplifies deployment and speeds up business. projects. Software segmentation will be a key security approach in adopting zero trust frameworks and urgent ransomware protection in the years to come. “
Current segmentation strategies are limited
Although 96% of respondents say segmentation is implemented in their networks, 75% say their organization uses segmentation over two or fewer critical areas that companies need to protect, and 50% claim to segment only one critical area. Many of these organizations have felt the impact of insufficient segmentation of mission critical assets.
According to the survey, companies have experienced an average of 43 ransomware attacks in the past 12 months. 14 of these attacks have reached the lateral movement stage, demonstrating that the segmentation protections put in place by organizations are not as strong as they could be.
Leaving networks unsegmented increases business risk
92% of respondents believe that the implementation of network segmentation has prevented cyber attacks on their organization from causing significant damage or stealing substantial amounts of data. This sentiment is why 96% of respondents believe that leaving networks unsegmented will lead to more risk.
Additionally, respondents identified faster spreading external attacks (49%) and ease of internal attacks (44%) as the most likely risks from unsegmented networks.
Lack of implementation of network segmentation amid COVID-19
43% of respondents say that network segmentation has not taken place in their organization or not in the past two years. These statistics are significant, given the significant and sudden global shift to hybrid cloud environments as businesses suited to remote working due to COVID-19.
Based on the data, it’s possible that misconceptions about traditional segmentation approaches have prevented security managers from implementing segmentation projects in their new hybrid cloud environments. Fortunately for businesses, modern software approaches to segmentation are much easier to implement in these new IT environments and offer better security benefits, such as northwest traffic control and process-level details. .
Segmentation stops cyber attacks
Organizations implementing a segmentation of five or more critical assets could identify nearly twice as many ransomware attacks in the past 12 months (78 attacks) compared to those that have neither secured any nor a class of ransomware. ‘critical assets (48 attacks).
Additionally, the average time required to limit lateral movement and completely prevent ransomware attacks is lower on average for organizations that rely more on segmentation to protect their critical assets.