Microsegmentation Definition & Meaning
Microsegmentation is a method for creating granular secure zones in data centers and cloud deployments down to individual workloads using virtualization technology to monitor and protect lateral traffic. Traditional security solutions, such as firewalls, VPNs and network access control (NAC), are focused primarily on protecting the perimeter of a network, also known as north-south traffic. Microsegmentation, on the other hand, monitors and secures east-west, or lateral, traffic. This includes server-to-server, application-to-server and web-to-server connections within the network.
The growing adoption of software-defined networks and network virtualization have created the need for more granular internal security measures. Microsegmentation is at the core of Zero Trust security.
Microsegmentation vs network segmentation
Organizations with hardware-based environments use firewalls, VPNs and VLANs for network segmentation. This method protects the perimeter but does not secure internal traffic. It relies on coarse policies that offer limited control of traffic. If an attacker is able to gain access, they would be trusted to move freely throughout the network. Microsegmentation aims to block these unauthorized connections.
Granular security policies are assigned to each segment with microsegmentation to move security parameters away from networks and IP addresses and focus them on user identity and applications. These policies prevent unauthorized users and applications from moving laterally throughout a network. Policies can be defined according to real-world constructs, such as user groups, access groups and network groups. If a policy violation is detected, microsegmentation tools will send an alert and in some cases block unsanctioned activity. Thousands of coarse policies for each segment would be required to achieve the same lateral traffic protection that microsegmentation can provide.
Core to zero trust security
Microsegmentation is key to implementing a zero trust framework. This model relies on the concept of "trust nothing and verify everything." It aims to authenticate every single connection made inside the network to prevent attackers moving from one compromised workload to another. By segmenting workloads and applying fine-grained security policies, all the way down to single machines and applications, the overall attack surface of a network is reduced.
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top... Read More »Huge List of Computer Certifications
Have you heard about a computer certification program but can't figure out if it's right for you? Use this handy list to help you decide. Read More »
Computer architecture provides an introduction to system design basics for most computer science students. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »The Five Generations of Computers
Learn about each of the five generations of computers and major technology developments that have led to the computing devices that we use... Read More »