Network Segmentation - East-west vs North-south

Network segmentation is an essential aspect of network security, and there are two types of network segmentation approaches: east-west and north-south. In this post, we'll be comparing these two approaches and how they differ.

North-South Network Segmentation

North-south segmentation is a traditional approach to network segmentation, sometimes also known as perimeter-based segmentation. The idea here is that all traffic is routed through a network perimeter, where security measures like firewalls and intrusion detection systems can be implemented to filter and monitor traffic going in and out of the network.

One of the advantages of north-south network segmentation is its simplicity. Since all traffic goes through a single network perimeter, it's easy to implement security policies and apply consistent security measures across the entire network.

However, as networks have become increasingly complex, traditional perimeter-based security has become less effective. With the rise of cloud computing, mobile devices, and other technologies, many of the applications and services we rely on are accessed from outside the network perimeter, making them difficult to protect using traditional security approaches.

East-West Network Segmentation

East-west network segmentation, also known as micro-segmentation, takes a different approach to network security. Instead of relying on a single network perimeter, east-west segmentation creates micro-perimeters around each device or application within the network.

This allows for more granular control over network traffic, making it easier to enforce security policies and prevent lateral movement of threats within the network. By limiting communication between devices and applications to only what's necessary, east-west segmentation can also help prevent data exfiltration and other types of data breaches.

Comparison

While both north-south and east-west segmentation aim to improve network security, they have some key differences. North-south segmentation is simpler to implement but more limited in its ability to protect against modern threats, while east-west segmentation is more complex but can provide a higher degree of security and control.

According to a research report from MarketsandMarkets, the east-west segmentation market is expected to grow from $2.84 billion in 2017 to $9.69 billion by 2022, representing a CAGR of 27.6%.

Conclusion

In conclusion, whether to implement north-south or east-west network segmentation depends on the unique needs of your organization. While north-south segmentation is simpler and can be effective at protecting against some types of threats, east-west segmentation provides a more granular level of control and can better protect against modern, sophisticated attacks.

Regardless of which approach you choose, it's crucial to keep network segmentation in mind as a crucial defense layer within your information security strategy.

References

1. MarketsandMarkets. (2017). Micro-Segmentation market - Global Forecast to 2022. Retrieved from https://www.marketsandmarkets.com/Market-Reports/micro-segmentation-market-253860795.html