Attackers or APT groups need lateral movement capabilities both to get in from their initial entry point to their target network in the victims’ environment and to exfiltrate data outside or plan other attacks. Strict segmentation controls ensure limited propagation of malware and lateral movement attempts. This is why all regulations like PCI DSS and SWIFT-CSP make effective segmentation a mandatory control. NetSentries, through its Segmentation Penetration testing, offers your institution a comprehensive Hybrid assessment comprising both Passive Control Validation and Active Penetration testing to ensure the network segments are isolated in reality, as envisioned in your Design.
Let’s StartNetSentries employs a robust and versatile testing methodology that transcends conventional limitations. Our approach is designed to accommodate diverse segmentation techniques, extending beyond the confines of traditional firewall rule-based isolation. This methodology validates effectiveness of segmentation controls achieved through strategies like:
PCI-DSS Segmentation Penetration Testing starts with a scoping exercise to identify the VLAN segments to be included from CDE and non-CDE environments. Typically, all VLANs of the CDE environment are added to the scope, and a set of VLANs from non-CDE environments will be handpicked, considering the threat landscape of the client. Physical connectivity, wireless connectivity, and virtualized connectivity options in the environment are considered for defining the scope and test cases of segmentation testing.
SWIFT CSP mandates two levels of segmentation controls to isolate SWIFT applications from the rest of the infrastructure.
1.There should be proper segmentation between your SWIFT environment and other networks.
2.There should be segmentation controls in place between the components of your swift environment.
NetSentries Segmentation Penetration Testing ensures that SWIFT-CSP-mandated segmentation controls are effectively implemented.
Segmentation Penetration Testing is not just about rule testing of firewalls. As part of the assessment, NetSentries measures the effectiveness of different kinds of segmentation methods ranging from L2 and L3 components, routers, firewalls, host modules, security gateways, micro segmentation with Zero Trust, Hypervisor-specific segmentation methods like VMware NSX, Cloud Security Provider segmentation features etc.
