Network segmentation  is a simple-to-understand and effective tool for reducing the attack surface and, as a result, the risk to applications, groups of servers, and other critical IT assets. The idea is simple – instead of having a flat anyone-can-talk-to-anyone-on-any-port environment where an infected server has unlimited access to all other servers, with network segmentation you can limit the connection possibilities. \r\n There are three basic approaches to network segmentation. These are: \r\n 1) Coarse segmentation, which is the segmentation of different environments, such as the separation of the production environment from the development environment; \r\n2) “Ring-fencing”, which is the separation of a specific, critical application from the rest of the operating environment, and \r\n3) Fine-grained microsegmentation, where each server is only allowed to make connections necessary for its designed purpose (whitelisting).…