Russian Federation
The article presents a comparative analysis of network segmentation methods to counteract the lateral movement of intruders in isolated environments. Based on the analysis, the concept of overcoming the systemic limitations of existing network segmentation approaches is proposed. The methodology is based on a critical analysis of the evolution of security paradigms – from traditional virtual local area network and access control list solutions to modern concepts of microsegmentation and zero-trust architecture – using attack chain analytics based on the MITRE ATT&CK framework to evaluate effectiveness against key relocation techniques. As a solution to functional contradictions, the concept of adaptive dynamic segmentation has been developed, integrating a hierarchy of protection levels, a declarative policy ontology, and a mechanism for preventive border orchestration based on threat analytics.
network segmentation, horizontal movement, microsegmentation, VLAN, SDN, Zero Trust, information security, isolated computer networks
1. Itogi proektov po rassledovaniyu incidentov i retrospektivnomu analizu – 2023–2024 // Oficial'nyj sajt Positive Technologies. URL: https://www.ptsecurity.com/ru-ru/research/analytics/itogi-proektov-po-rassledovaniyu-inczidentov-i-retrospektivnomu-analizu-2023-2024/#id1 (data obrashcheniya: 06.11.2024).
2. Nurudinov G.M. Adaptivnoe upravlenie trafikom v SDN-setyah s primeneniem mashinnogo obucheniya // Ekonomika i kachestvo sistem svyazi. 2024. № 1 (31). S. 114–122. EDN SXEGZB.
3. Noj A.I., Limanova N.I., Kozlov V.V. Primenenie SDN i NFV v sovremennyh setyah, preimushchestva i nedostatki // Byulleten' nauki i praktiki. 2024. T. 10. № 7. S. 387–391. DOI:https://doi.org/10.33619/2414-2948/104/41. EDN DBTRPD.
4. Van S. Metody snizheniya vozniknoveniya riskov informacionnoj bezopasnosti v setyah SDN // Sovremennaya nauka: aktual'nye problemy teorii i praktiki. Ser.: Estestvennye i tekhnicheskie nauki. 2024. № 1. S. 42–45. DOI:https://doi.org/10.37882/2223-2966.2024.01.11. EDN UNCXOV.
5. Ocenka i regulirovanie riskov narusheniya dostupnosti informacii pri realizacii atak na seti Interneta veshchej, postroennye na baze tekhnologii SDN / S.A. Ermakov [i dr.] // Informaciya i bezopasnost'. 2023. T. 26. № 1. S. 31–38. DOI:https://doi.org/10.36622/VSTU.2023.26.1.004. EDN TXOKSA.
6. NIST. (2020). Special Publication 800-207, Zero Trust Architecture. National Institute of Standards and Technology. URL: https://doi.org/10.6028/NIST.SP.800-207 (data obrashcheniya: 08.07.2025).
7. Ivanov P.A., Kapger I.V., Shaburov A.S. Model' realizacii upravleniya dostupom k informacionnym aktivam v koncepcii nulevogo doveriya // Vestnik Permskogo nacional'nogo issledovatel'skogo politekhnicheskogo universiteta. Elektrotekhnika, informacionnye tekhnologii, sistemy upravleniya. 2023. № 45. S. 147–163. DOI:https://doi.org/10.15593/2224-9397/2023.1.07. EDN ZHSITI.
8. Nguen F.H., Nguen T.A., Zaripova R.S. Zero Trust kak instrument zashchity informacionnyh aktivov kompanij // Nauchno-tekhnicheskij vestnik Povolzh'ya. 2023. № 12. S. 656–658. EDN CECSSU.
9. Enterprise Matrix MITRE ATT&CK. URL: https://attack.mitre.org/matrices/enterprise/ (data obrashcheniya: 08.07.2025).
