Network Segmentation Review

Segmentation helps you focus your efforts around protecting your most critical data, mitigating the adverse effects of an incident or breach.

SecureState performs Network Segmentation Reviews to determine the types of data being processed, the impact of the data in the event of leakage, classified based on the sensitivity, and provide data control recommendations through the use of segmentation. Segmentation restricts access to critical information, limiting access to only those individuals and/or applications which have a valid and trusted requirement to the information being protected.


Through the use of network segmentation, an organization turn the security focus on areas that matter most. This ability to focus on specific areas reduces the cost of compliance and regulations, while also limiting the intensive costs of hardening the entire network infrastructure. Employing segmentation provides an organization the ability to only allow access to the sensitive information by those employees who need it, which reduces the negative effects of a data breach, should one occur.


SecureState’s experience in in segmenting networks ranges from government to commercial, from small retail organizations to large Fortune 200 financial institutions. Our consultants specialize not only in the securing of enterprise level networks, but the understanding that building reliability and performance within those networks are just as important.

Approach and Methodology

A network segmentation review can be broken into three phases:

  • Data Discovery
  • Data Classification
  • Recommend Changes

Data Discovery is the process to determine the threat, affected resources, and any impact of a potential data leakage, interception, and / or theft.  Data Discovery depends on the ability to determine the scope of the engagement by identifying data and classify the processes around the data, escalation procedures, resources involved, the risk, impact, and prioritization to the organization. During this initial phase, SecureState brings experts in the related subject matter, such as consultants who specialize in defending, attacking, audit, and compliance.

Data Classification is the process of categorizing all the data, and / or the assets associated to the data, based on nominal values according to its sensitivity.  An example is data that is classified as public, internal, confidential, highly confidential, restricted, regulatory data, or top secret.

Assets associated with the data are classified respective of the risk to unauthorized disclosure, modification, or access.  High risk data, typically classified “Confidential”, requires a greater level of protection, while lower risk data, classified as “internal” requires proportionately less protections.

In order to begin the Data Classification, SecureState conducts interviews with the organizations staff, such as the IT staff, to get an understanding of the current data flow through the organization’s network infrastructure. Once the mapping of the data flows is completed, SecureState reviews all the existing controls which are applicable to the segmentation of the data in question, and then provides recommendations. Recommendations and / or modifications to existing controls to increase the effectiveness while taking into account any new controls that should be configured as a means to help lower the probability of the data exposure.

Get Started!