Network Zone Definitions: Enhanced Risk Accuracy

This advanced feature enables precise definitions of network zones, leading to more accurate risk assessments and management, customized for the unique configurations of your environment.

RFC 1918 addresses are designated for private networks. CloudFlow typically identifies these addresses as local IPs, setting them apart from public IPs in risk calculations. This binary classification, however, may not reflect the operational realities of all customers.

Our advanced approach enables custom zone definitions for our customers whose network configurations extend beyond the scope of RFC 1918's definitions of private IP definitions.

With the implementation of new zone definitions, affected risk profiles will undergo significant changes. The reclassification of network zones will affect the perceived security posture, and as a result, the risks associated with different segments of your network may increase or decrease.

The following diagram shows how risk levels vary based on the zone classifications within the network environment:

It is important to review your security policies and risk management strategies in light of these updated classifications. The more detailed the network segmentation, the more granular the risk assessment will be, allowing for a sharper focus on potential vulnerabilities.

How does it work?

When you create a Risk Profile excel file, you can define these zones on the Network tab of the spreadsheet.

Using specific naming conventions for zones enables you to categorize them as internal, DMZ, or external. This method supersedes the default IP-based zone definitions within the RFC 1918 scope.

Networks are assigned to zones based on the following naming conventions:

Internal	Networks names containing the string 'Internal', regardless of case, are classified as internal. For example, Internal_Net1
DMZ	Networks names containing the string 'DMZ', regardless of case, are designated as DMZ zones. For example, Net2_DMZ
External	Networks names containing the string 'External', regardless of case, are marked as external zones. For example, Net3_External

Networks whose names do not include the zone definition will behave as internal. These include networks whose names do not include the zone naming convention.