February 26, 2024
April 2, 2024

From the Front Lines: Microsegmenting your network doesn’t have to be hard

From the Front Lines: Microsegmenting your network doesn’t have to be hard

I have been following the discussions around network segmentation that were kicked off with the issuance of the new NSA guidance on Zero Trust Maturity, where they highly recommended implementing microsegmentation. It echoed the Akamai State of Segmentation Report, which concluded:

Segmentation is good. Microsegmentation is better.

When surveyed about why companies had not implemented microsegmentation, the report results matched the customer sentiment I heard when we presented the BlastWave solution.

Lack of skills and resources is a very legitimate issue for OT organizations. Many OT customers view cybersecurity as an additional duty, not a full-time role (which differs greatly from IT).

Complexity, cost, and performance are also legitimate complaints. However, in the scheme of a business or critical infrastructure facility, the cost of NOT doing it is very high. The Akamai report also showed that segmentation has significant benefits. After a breach, recovery happens 11 hours faster with segmentation, and attacks can be stopped in less than 4 hours rather than 15 hours.

That is the bad news. The good news is that almost all of the challenges above can be solved with the proper application of OT cybersecurity technology, say, with someone like BlastWave ;-)

What if I told you that you can microsegment your network simply by switching your layer 2 switch to port isolation mode?

I talked about BlastWave being easy to use in my previous blog, and the ease of use extends to microsegmentation. Our concept of a software-defined perimeter (SDP) includes the ability to slowly microsegment a network by importing lists of the devices on the network, creating groups of devices and users, and setting access policies down to the device level (if desired).

That sounds daunting and complicated, but configuring “Let Tom access all cameras and sensors” is way better than typing in long lists of IP addresses, protocols, and port numbers in an ACL or firewall rule configuration. 

Many BlastWave customers have microsegmented down to the device level, all with a single OT network administrator simply adding segmentation configurations over time. No rearchitecting of the network, no re-IP addressing, and no complex configurations.

At BlastWave, we simply protect OT networks.

Want to try it in your network? Schedule a demo.

OT Secure Remote Access
Network Cloaking
Network Segmentation

Experience the simplicity of BlastShield to secure your OT network and legacy infrastructure.

Schedule a Demo