The good, the bad and the segmented

“Network Segmentation” is a simple concept of 20 characters (space included). Doing it in practice and doing it right is much more difficult. Proper segmentation is much, much more than just adding a firewall.

Over the last years we spend a lot of time and money on designing and implementing network segmentation for our multi-site IT and multi-site OT networks. Not only in technical solutions, but also in the required processes for maintaining the new environment. We made some (costly) mistakes and had to rethink our design based on physical and organizational boundaries.

In this talk, we would like to present lessons-learned on the multi-million, multi-year project. It is not an official report-out, but a hands-on and practical presentation. We hope this talk will give the audience a feeling for the challenges of a proper segmentation program and help them to prevent some of the mistakes we made.

The following questions will be answered

  • How did we convince Senior Management to allocate the budget
  • What underlying architecture did we choose and why?
  • What use cases did we envision and how did we work them out?
  • What design choices were made?
  • How did this work out in reality?
  • What did we learn?
  • What would we recommend?
  • What would we do differently?