the microsegment

segment all the things

Ideas on Segmentation metrics (part three)

Please check out Part one and part two of this series Continuing our series about metrics for segmentation, there are a couple more angles how you can measure the effectiveness of your segmentation. Metrics from previous parts In the two previous parts, i introduced a couple of examples on how to measure your security segmentation. How many segments do you have? How exposed is something? How big is the blast radius if things go wrong?

Ideas on Segmentation metrics (part two)

Please check out Part one of this series of articles Metric One: Do you have more than one segment? This question is, of course, more of a rhetorical question, but there is a point about this one. Of course almost all companies have more than one segment. Most companies use VLANs extensively. We break out DMZs and internal data center LANs of course. Sometimes we use firewall interfaces between those VLANs or segments and treat them as zones.

Ideas on segmentation metrics (part one)

What you measure is what you get If you are like me and live and breath IT or IT security, the above statement probably does not ring a bell and you don’t realize the source of this. It is from a person called Robert. S. Kaplan who developed something you may have heard of, the balanced scorecard. I will not dig into economics, because we are not in business school, but the essence of the scorecard is that you need metrics on which you can measure success or failure to be successful or be able to reach your objectives.