MAKE YOUR NETWORK YOUR FIRST LINE OF DEFENCE
In ‘traditional’ network design, flat or semi-flat networks include devices and end points that can communicate with each other directly, via switches, without impedance. These sorts of network are very convenient and easy to administer, but offer little protection when the network is penetrated, as compromised devices are able to connect directly with endpoints on the network which, ideally, should be isolated and protected. NetOS®’s network slicing enables precisely that.
TRADITIONAL SECURITY SOLUTIONS HAVE AN INHERENT WEAKNESS
Conventional network security solutions have one significant limitation:
- Endpoint protection (antivirus)
- Network firewalls
- Intrusion Protection Systems (IPS)
Whilst these types of solution can block known patterns of malware, they unable to detect day-zero malwares (i.e. malware that uses penetration techniques not previously seen).
The only way to be sure of protecting critical network endpoints from day-zero malware is to isolate them within a ‘ring-fended’ sub-network, ensuring they cannot be compromised if any other network device is infected.
NETWORK SLICING – THE SIMPLE WAY TO ISOLATE ENDPOINTS
Network slicing sits at the heart of Zeetta Networks’ innovative NetOS® technology, and the concept of network slicing is as a key element of emerging 5G network architectures, yet is also applicable in many other network domains. Organisations can create network slices for endpoints and services that logically isolate network traffic flows from specific hosts to specific parts of a network.
For example, a network slice designed for your tills and relevant servers can only allow communication between tills to the server, and can prevent till to till, i.e. host to host, communication.
A network can be sliced into sub-networks, each of which is isolated from the next. The devices contained within any given sub-network are unable to communicate with those of another sub-network, services can be provisioned to each sub-network independently of another, and rules can be applied to the addition of new devices to ensure security.