Network segmentation
A network can have the most sophisticated security mechanisms implemented, but without network segmentation, their value will be greatly undermined, if not invalidated. Internal segmentation is often overlooked, because focus is on the external threat. Unfortunately, the external threat is counting on weak internal network segmentation to spread malware throughout the enterprise and gain a foothold for exfiltration of critical enterprise data.
Significant investment has been made in network access control (NAC) and perimeter technologies, meanwhile the latest threat introduced to the network through a trusted host is wreaking havoc on internal client systems and the most critical systems in the enterprise. The need to segment the user base of systems from server systems is a must; or else any slight deviation of the end client security posture can put the entire enterprise at risk.
More advanced threats are introduced through infected consultant systems on the network...
