What is Macrosegmentation?

In cybersecurity, macrosegmentation is another way to describe standard network segmentation practices. Network segmentation is the division of an organization’s network into smaller segments that are protected by firewalls. This kind of segmentation is a security best practice recommended by the National Institute of Standards and Technology (NIST), the Purdue reference architecture, and other frameworks. The goal is to reduce the potential damage that intruders and malware can cause by preventing free movement and communication between different parts of the network.

For example, an industrial manufacturer will segment its programmable logic controllers (PLCs) so that they don’t communicate with the internet. Properly implemented plant microsegmentationcan prevent intrusions and remote takeover of the PLCs by attackers who gain access to the manufacturer’s IT network via an account takeover attack.

Closing Macrosegmentation Security Gaps

Avoiding or remediating gaps in network segmentation starts with the proper identification of every device in the environment, whether those devices are on traditional IT networks, are in the cloud, or are connected devices like OT, industrial control systems (ICS), and Industrial Internet of Things (IIoT) assets that operate outside the standard IT framework. For example, in a health care setting, security may require segmentation of Internet of Things (IoT) devices, connected medical equipment, IT assets, and OT devices like building management controls.

The next step is to assess every device to understand its firmware, software, existing vulnerabilities, risk profile, proper place within the network, and expected behavior. With that information plus continuous device activity monitoring, security teams can see which devices are communicating with segments and which are communicating outside their designated segments — a flag for security risk.