ICS Network Segmentation

  • Tuesday, 07 Jun 2016 1:00PM EDT (07 Jun 2016 17:00 UTC)
  • Speakers: Brett Young, Dan Morrow

The value of segmenting local area networks into security zones is widely recognized yet rarely done well. Many large production environments are susceptible to today's sophisticated attacks due to a focus on perimeter security, leaving internal networks as a \flat" architecture, and difficult to defend from well-designed exploits. Attacks on poorly segmented networks are often the result of Malware having found the easiest path in, then moving to penetrate more valuable assets within the enterprise WAN.

Segmenting into defined security zones improves an organization's defensibility by:

  • Reducing attack surface
  • Limiting exposure of critical production assets
  • Using access controls to restrict movement from segment to segment
  • Focusing security monitoring and controls on the zones where they are most effective
  • Improving detection and mitigation capabilities tied to Incident and forensics support