IT Blog

Segmentation

Imagine your company network as a large office complex. If a burglar gets through the front door, can he then simply get into every department, office or confidential document? Ideally not, because there are hopefully locked doors, access controls and specially protected areas. This is precisely the idea behind segmentation. Areas are demarcated in the network and protected separately so that attackers cannot simply move freely around the system and act as they please.

What is segmentation in IT?

The number and professionalism of cyber attacks is increasing dramatically, e.g. via phishing or ransomware. Today, companies no longer have to ask themselves whether they will be hit. The question is rather whether and how well they are protected in the event of an emergency. Effective segmentation is a basic prerequisite for this. To be more precise, segmentation means dividing the entire network into logically separate zones. This means that a device from department A cannot simply communicate with devices in departments B to Z. Unless this has been expressly permitted.

Each of these zones has its own rules, authorizations and security measures. Who is allowed to access and use which data and when? This question should be carefully thought through. This makes the “lateral movement” of attackers, i.e. the movement through the company network, much more difficult and slower. Traditionally, this is done on layers 2 and 3 of the OSI model, i.e. in the data connection and network layers, and usually with the help of VLANs (separation into different broadcast domains), subnets (logical partitions of an IP network) and firewalls (network security).

The aim is to place devices and systems that should not communicate directly with each other in separate network segments. Between these segments, rules (e.g. firewall ACLs) control which connections are permitted.

Too little protection, too many risks

Many company networks have grown historically, i.e. they have been expanded, supplemented and adapted, but not fundamentally restructured. This also means that they are not geared towards modern security requirements. This results in frequent vulnerabilities: a flat network architecture with too few or unclear security zones, low transparency for communication between systems, high administrative effort for manual segmentation and fear of business interruption due to changes in the infrastructure.

The result is that once attackers have penetrated the company network, they can move unnoticed and unhindered throughout the entire company. This is comparable to a burglar who has easy access to the server room and at the same time to the accounts department once he has entered the front door.

The next step: microsegmentation

Traditional segmentation works exclusively at network level, e.g. by department, location or network class (production network, office network, guest WLAN). This is good, but no longer sufficient. Micro-segmentation, on the other hand, starts one level deeper: It defines finely tuned communication rules at application, service or even user level. This means that only precisely defined connections are permitted - regardless of where a system is located (on site, in the cloud, hybrid solution). Micro-segmentation is a key component, particularly in the context of a zero-trust strategy, where no device or user is automatically trustworthy.

Our tip: intelligent microsegmentation without agents

At DTS, we don't believe in “standard”. We are a German-European IT innovator that is constantly exploring new security paths and combining an independent approach to the in-house development of security software with the best on the market in a spirit of partnership. Our new solution for microsegmentation is one such innovative, forward-looking approach. The solution is automated, dynamic and identity-based, in line with our Zero Trust strategy. It continuously analyzes network traffic and identifies which connections are actually necessary. Precise security guidelines are automatically created on this basis, without manual ACLs or rigid, manual rules. The special feature is that DTS Microsegmentation works agentlessly. The solution uses existing security mechanisms, e.g. an internal Windows firewall, and can therefore be implemented in your IT infrastructure with little effort. Communication is precisely controlled so that even internal systems cannot see each other unless this has been approved in advance. The rules are customizable and dynamic. They automatically adapt to user roles, time windows or device status. We effectively minimize your attack surface, strengthen your network transparency and create a leading basis for sustainable zero trust.
 

dts Microsegmentation

Back
Contact
Support
Newsletter
Cloud Portal

How to reach us:

+49 5221 1013-000info​@​dts.de
Contact

Support

Hotline

To open a ticket, simply call our 24/7 hotline:
 

+49 5221 1013-032

Email

To open a ticket, simply email us with your technical issue:
 

support​@​dts.de

Web frontend

Enter new tickets in the web frontend, view and classify all open tickets etc.

support.dts.de

Remote support

Enables remote connections to your endpoints:
 

support-remote.dts.de

Subscribe now!

Current information about DTS, our products, events and other news about the entire group of companies.

DTS in general

Login

DTS Systeme Muenster

Login

DTS Cloud Portal

The DTS Cloud Portal is our platform for you to easily and flexibly add and manage your DTS Cloud products and services. The intuitive platform allows you to configure selected products individually and thus adapt them exactly to your requirements.

to the Cloud Portal

The content on our pages can be shared on various social networks such as Facebook or Twitter. According to data protection authorities and courts, such automatic transmission of user data to the operators of the social networks is illegal. Therefore, such data transfer does not take place on our pages without the consent of the users.

We use a 2-click solution. If you do not agree with a forwarding / connection with the social network, simply close this page.

Open link