1.Protection
+ A 'managed boundary' for all user across access to application and systems
+ Implement granular role-based controls on traffic,users and assets.
+ Manage Inter-Zone communications
+ Including between sub-zones
+ Enforce policy and regulations
+ Data confidentiality and integrity rules for data stored within a zone.
PROTECT --> DETECT --> CONTAIN
2.Detection
+ Monitor Inter-zone communications
+ Gain visibility of traffic,users and assets
+ Logging and Event correlation
+ Elevant alerts for using a SIEM / Analytics
+ Prevent Inter-zone data leakage using a DLP solution.
3.Containment
+ Control communications and resources on both inbound and outbound requests.
+ Set a default deny policy on all inter-segment connections.