What is Macrosegmentation?
In cybersecurity, macrosegmentation is another way to describe standard network segmentation practices. Network segmentation is the division of an organization’s network into smaller segments that are protected by firewalls. This kind of segmentation is a security best practice recommended by the National Institute of Standards and Technology (NIST), the Purdue reference architecture, and other frameworks. The goal is to reduce the potential damage that intruders and malware can cause by preventing free movement and communication between different parts of the network.
For example, an industrial manufacturer will segment its programmable logic controllers (PLCs) so that they don’t communicate with the internet. Properly implemented plant microsegmentationcan prevent intrusions and remote takeover of the PLCs by attackers who gain access to the manufacturer’s IT network via an account takeover attack.
Understanding network segmentation security gaps
Macrosegmentation is only comprehensive when every device on the network or segment is known and monitored. That’s becoming more of a challenge with each passing year for two key reasons:
- The air gap between IT networks and operational technology (OT) systems is dissolving as IT and OT converge.
- Many OT devices aren’t discoverable with traditional, agented IT security scans. In fact, these types of scans can negatively affect the way unagented devices work or cause them to shut down, creating unplanned downtime.
Closing Macrosegmentation Security Gaps
Avoiding or remediating gaps in network segmentation starts with the proper identification of every device in the environment, whether those devices are on traditional IT networks, are in the cloud, or are connected devices like OT, industrial control systems (ICS), and Industrial Internet of Things (IIoT) assets that operate outside the standard IT framework. For example, in a health care setting, security may require segmentation of Internet of Things (IoT) devices, connected medical equipment, IT assets, and OT devices like building management controls.
The next step is to assess every device to understand its firmware, software, existing vulnerabilities, risk profile, proper place within the network, and expected behavior. With that information plus continuous device activity monitoring, security teams can see which devices are communicating with segments and which are communicating outside their designated segments — a flag for security risk.
Better Network Security, Total Visibility, Actionable Information
Armis Centrix™ helps organizations identify and close gaps in their network segmentation. Armis is built to discover every device across the environment. It deploys quickly and integrates easily with existing security solutions. Organizations rely on Armis to provide a comprehensive view of every device, monitor activity within and across network segments, identify potential threats in real time, and support the security team with alerts and automated policy enforcement.