DLAN: A New Approach to Network Segmentation and Zero-Trust in Industrial Security

Download

DLAN: A New Approach to Network Segmentation and Zero-Trust in Industrial Security

In 2014, the foundational BeyondCorp whitepaper challenged traditional firewall-based security, noting: “Virtually every company today uses firewalls to enforce perimeter security. However, this security model is problematic because, when that perimeter is breached, an attacker has relatively easy access to a company’s privileged intranet.” While zero-trust principles have gained widespread adoption in IT and DevOps, their implementation in industrial networks has remained slow and complex.

Industrial environments face significant hurdles in adopting zero-trust network segmentation. Legacy systems, vendor-controlled assets, and the high cost of reconfiguring physical networks make it difficult for manufacturers to implement modern security frameworks. However, with digital transformation driving greater connectivity—on-premises and remote—traditional tools like firewalls and VLANs are struggling to address the rising complexity of industrial cybersecurity.

At Trout Software, we believe industrial networks need a new solution. By assuming that all industrial networks are inherently insecure, we advocate for a Demilitarized LAN (DLAN) Overlay, a modern approach to achieving zero-trust security and advanced network segmentation.

The Future of Firewalls and Zero-Trust in Industrial Networks

The DLAN overlay offers a scalable framework for industrial manufacturers, focusing on:

  1. Securely Identifying Devices: Establishing trust at the device level, even with vendor-controlled assets.
  2. Securely Identifying Users: Ensuring only authorized personnel access critical systems.
  3. Building a Network Overlay: Creating a logical, flexible network structure that adapts to industrial demands without costly physical changes.
  4. Enforcing Granular Control: Applying zero-trust principles to monitor and restrict access dynamically.

This framework offers a scalable and practical solution for securing industrial environments, even in the face of growing complexity and connectivity demands.