What is OT/ICS network segmentation?

OT/ICS network segmentation is the process of dividing a network into component parts so administrators can limit access and flows to only required communication. 

Core elements of network configuration include:

  • Analysis of current and required flows and connections
  • Design of hardware and configuration rules to enable least privilege access to each subnet
  • Implementation of hardware, software, and configuration rules as designed
  • Monitoring of changes to rules to ensure segmentation is sustained over time

 

OT/ICS network segmentation is challenging for several reasons:

  • Often dealing with older networking equipment without modern management functions
  • In many cases, there is little asset inventory visibility to know what should be on each subnet
  • Networks often have physical wiring or IP-addressing limitations
  • Some communications may only be required in infrequent circumstances, but segmentation needs to account for those
  • Different OEM vendors require different network standards that must be aligned

 

Verve’s team of technicians has over 25 years of experience working across different industries and almost every OEM system. Using the Verve Security Center’s asset inventory and flow analysis, we begin with a robust mapping of the current status. We then use our knowledge of the underlying process and OEM systems to design a secure and reliable approach to network segmentation. Finally, we have the hands-on capabilities to implement the hardware, software and rules necessary to deliver on the newly designed network.

Effective Network Segmentation in ICS Security

Effective segmentation requires the right building blocks, technology, and talent along with close partnership with our clients

Read our Data Sheet

Asset Inventory

Asset Inventory creates the baseline to enable proper understanding of what needs to communicate and where segmentation gaps exist.

Learn More

Configuration/ Rules/ Flows Analysis

Based on the current state of assets and network architecture, Verve analyzes current and required flows and rules. The result of this is a summary of the baseline and objectives of change.

Learn More

Architecture Design

The next phase includes designing the appropriate hardware and software, as well as rules, configurations, etc. to achieve the desired outcome. This includes elements such as hardware recommendations, necessary cabling, required re-IPing, new rules and configurations, etc.

Schedule a Call

Implementation & Testing

Our hands-on team programs the necessary hardware and develops the rules necessary to ensure reliability and security. This process includes robust testing and monitoring to tune the final outcome.

Learn More

Vendor Agnostic

Verve has experience with all networking equipment vendors and expertise working on almost every ICS OEM system

Schedule a call

Turnkey

Verve provides support from asset inventory through design, procurement, implementation and documentation

Learn More

Schedule a consultation

If you are curious how network segmentation, design and configuration can accelerate your security maturity, schedule a call with our experts for a free consultation

Book a Call