Twice in recent weeks, I've been onsite at a company where a sizable division of the organization has been hit by a fast-roving computer worm. All that prevented the worm from quickly spreading across the enterprise was the company's isolated security zones. These scenarios served only to strengthen my belief that establishing isolated security zones is among the few strategies that reap a return on the investment of planning, resources, and money.
In one of the instances, a foreign subsidiary of the company I was visiting had been infected with the Conficker worm. Nearly every computer at the particular location was compromised. Outside the location, however, only eight additional machines were infected.

At the other company, I discovered that vast majority of the network traffic was malicious. If you're looking for malware to experiment with, this place was your dream. Still, even within the same VLAN segment, no one was infected. Even though the company had hundreds of bug-spewing workstations, none of them could talk to anyone else or even each other. While the network was the dirtiest I've ever come across, 99 percent of its production systems remained unaffected.

The link for this article located at InfoWorld is no longer available.