@inproceedings{26b65a62e2b1479299ba48ddb1ce1d73,
title = "Towards a zero-trust micro-segmentation network security strategy: an evaluation framework",
abstract = "Micro-segmentation is an emerging security technique that separates physical networks into isolated logical micro-segments (workloads). By tying fine-grained security policies to individual workloads, it limits the attacker's ability to move laterally through the network, even after infiltrating the perimeter defences. While micro-segmentation is proved to be effective for shrinking enterprise networks attack surface, its impact assessment is almost absent in the literature. This research is dedicated to developing an analytical framework to characterise and quantify the effectiveness of micro-segmentation on enhancing networks security. We rely on a twofold graph-feature-based framework of the network connectivity and attack graphs to evaluate the network exposure and robustness, respectively. Tracking the variations of formulated metrics values post the deployment of micro-segmentation reveals exposure reduction and robustness improvement in the range of 60% - 90%.",
author = "Nardine Basta and Muhammad Ikram and Kaafar, {Mohamed Ali} and Andy Walker",
year = "2022",
doi = "10.1109/NOMS54207.2022.9789888",
language = "English",
isbn = "9781665406024",
publisher = "Institute of Electrical and Electronics Engineers (IEEE)",
editor = "Pal Varga and Granville, {Lisandro Zambenedetti} and Alex Galis and Istvan Godor and Noura Limam and Prosper Chemouil and J{\'e}r{\^o}me Fran{\c c}ois and Marc-Oliver Pahl",
booktitle = "Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022",
address = "United States",
note = "2022 IEEE/IFIP Network Operations and Management Symposium, NOMS 2022 ; Conference date: 25-04-2022 Through 29-04-2022",
}