Network security segmentation is a mess


I am about to make a presumptuous statement…

I believe the vast majority of enterprise networks are a convoluted mess because of security segmentation.

Yes, I said it, network security is a horrible mess. Cisco, Juniper, or insert any other large vendor, make a network engineers life miserable. There is no good single solution when it comes to designing and implementing good security practices. Ask 100 engineers and you will get 99 different answers.

Ponder this question. If network segmentation was not necessary, could we all agree on a standard network topology?

I believe the answer is yes. There would be different levels of high availability and throughput requirements. But the overall topology and underlying protocols could easily be reused at almost any enterprise.

The network is not the underlying problem. Maybe we should stop using it to solve software problems?

Thoughts?