Network segmentation is a vital part of cybersecurity, but what exactly is it? In short, it’s putting different systems on different networks so that if one system is compromised, the incident is contained to that specific network and cannot spread to other systems. So, in the worst case scenario that a system gets hacked, the damage is as contained as possible. The easiest example is your guest network.
You want your guest network segmented because, by nature, it’s being accessed by devices that you have no control over. This opens you up to potential viruses, malware, etc. If you can’t go without that network, the next best thing is to contain it so that any damage would not be able to spread into your primary network.
Think about it this way. Nobody puts the entirety of his net worth into one area. People diversify so as to protect their money from risks. Some money goes into the bank, some may go into the stock market, some may go into other investments, some may go in a wallet, and some might even go under the mattress! Why? Because we understand there’s risk. We understand that one area might be vulnerable, so we spread out the risk by putting what’s important (our money) into different places. If someone looking to do us harm were to get part of our money, it would be unfortunate, of course, but that person wouldn’t be able to get to ALL of it. We could still function.
That’s what we’re doing with your network. We put different systems on different networks so access is restricted and any unwanted activity is as contained as it can be. Of course, we take measures to protect from unwanted activity in the first place, but we believe in preparing for every possible threat against your system. Your data is worth protecting. Don’t let it be vulnerable because your systems are all interconnected.