In October I had the honor of speaking at the Lancope Vision conference about my experience in network segmentation. I have spent the last few months establishing a program to segment a very large network. It is based heavily on netflow and algorithmic identification of where enclaves should be. I have finally cleaned up the slides for publishing. Please read the notes along with each slide as they will be hard to understand otherwise.
Since giving the talk, I have done additional work. I am currently working on other methods for cluster creation as well as identifying the interactions between clusters to help identify groupings of hosts. This all also eventually leads to algorithmic profiling of a network, predominantly the legitimate usage. The profiling algorithms could then easily be run against packet captures of malicious network traffic and new traffic compare to both the legitimate and malicious profiles to identify malice on a network. This work is still ongoing.