Network Segmentation
IT/OT Network Architecture
The increasing networking of systems and components in the course of progressive digitization requires the definition of zones with different protection requirements and their technical separation from each other (network segmentation). This means that even if a compromised component exists in the infrastructure, it does not have unrestricted access to further components and an attacker cannot spread unhindered.
The challenge in network segmentation is to avoid major restrictions on production operations. Communication between zones should be possible but regulated and documented. This applies both to vertical communication between different zones and to horizontal communication between different systems and plants in the same protection zone.
Network segmentation during ongoing production in grown brownfield environments is not a "big bang go-live" action, but rather an iterative process that matures together with the organization over defined periods of time.
Technologies such as Network Access Control (NAC), remote access best practices and cross-zone data exchange complete our service portfolio in this segment.