Capturing the security effects of network segmentation via a continuous-time markov chain model

Segmentation or compartmentalization of a computer network is a commonly used defensive mitigation against cyber attack. Its goal is to limit the damage an attacker can cause by partitioning a network into sections or enclaves and restricting communications between them. While this technique is widely advocated as critical to the security of a network, no clear guidance currently exists on how to appropriately implement it. Additionally, the cost of testing candidate segmentation architectures on a live network or a cyber test environment is prohibitively expensive. This study examines an alternative method for evaluating segmentation architectures utilizing a continuous-time Markov chain to model changes in network state based on relevant network parameters such as vulnerability arrival rate, patch rate, etc. The model is realized by an event-based network simulation and demonstrated via a case study that evaluates a range of candidate architectures.