004
The first step in securing the enterprise is to identify where to implement enforcement points
on both the network and hosts in order to mediate interactions between users and systems.
Such segmentation is critical for the survival of an organization under attack and is therefore the
main principle behind the Enforcement Layer. Segmentation in the SDP architecture prevents
a threat from proliferating within the network, so that an attack targeting a single network
component will not be able to undermine the entire enterprise security infrastructure.
Segmentation is the cornerstone of security enforcement. It aims to achieve the following :
Support a simpler and modular security policy on various segments of the network
Allow for the creation of security architecture templates for different segments
Enforce containment policies on compromised hosts within a segment
Define intra-segment interactions that do not require mediation by security controls
The first step in
securing the
enterprise is to
identify where
to implement
enforcement
points
Enforcement
Layer
01
