Network segmentation is implemented in networks to contain threats, reduce the attack surface and to provide points of control. Segmentation uses the physical network topology. It is typically enforced on layer 3 using firewalls in routers to manage the lateral traffic flows within the network. cognitix Threat Defender uses enriched network objects to add a logical overlay network to provide additional segmentation. Enriched network objects are static and offer a multilayered categorization of devices in the network based on the inclusion or exclusion of one or a combination of individual IP addresses and whole CIDR-notated networks in IPv6 and IPv4, the physical network interface on the firewall, VLAN tags and MAC addresses.
Additional logical segmentation allows a flatter topology, reducing the number of segmentations needed on layer 3. Fewer segmentation on layer 3 simplifies the network management. Devices can be added and removed without the need to change the network topology. The additional segmentation using enriched network objects isolates devices to dramatically reduce the attack surface of the network. The additional points of control provide additional information to enable greater transparency of the activity within the network. The additional information allows for a comprehensive security posture. The overlay network manages the flows within the layer 3 segment to ensure the hygiene within it, not just between segments. This disrupts the cyber kill chain by quarantining affected devices. Isolating devices on an individual level prevents the propagation of malware within the network.
Dynamic segmentation using device attributes and categories to group devices is flexible. A device can be assigned membership to multiple groups. This ability to overlap segments allows a granular application of firewall policies down to the single device. Group membership also ensures consistent firewall policies and simplifies the roll-out of new policies throughout the network. The use of intuitive group membership based on functions and behavior simplifies the assignment of devices to a policy to eliminate implementation errors.