Microsegmentation Definition & Meaning

Microsegmentation is a method for creating granular secure zones in data centers and cloud deployments down to individual workloads using virtualization technology to monitor and protect lateral traffic. Traditional security solutions, such as firewalls, VPNs and network access control (NAC), are focused primarily on protecting the perimeter of a network, also known as north-south traffic. Microsegmentation, on the other hand, monitors and secures east-west, or lateral, traffic. This includes server-to-server, application-to-server and web-to-server connections within the network.

The growing adoption of software-defined networks and network virtualization have created the need for more granular internal security measures. Microsegmentation is at the core of Zero Trust security.

Microsegmentation vs network segmentation

Organizations with hardware-based environments use firewalls, VPNs and VLANs for network segmentation. This method protects the perimeter but does not secure internal traffic. It relies on coarse policies that offer limited control of traffic. If an attacker is able to gain access, they would be trusted to move freely throughout the network. Microsegmentation aims to block these unauthorized connections.

Granular security policies are assigned to each segment with microsegmentation to move security parameters away from networks and IP addresses and focus them on user identity and applications. These policies prevent unauthorized users and applications from moving laterally throughout a network. Policies can be defined according to real-world constructs, such as user groups, access groups and network groups. If a policy violation is detected, microsegmentation tools will send an alert and in some cases block unsanctioned activity. Thousands of coarse policies for each segment would be required to achieve the same lateral traffic protection that microsegmentation can provide.

Core to zero trust security

Microsegmentation is key to implementing a zero trust framework. This model relies on the concept of “trust nothing and verify everything.” It aims to authenticate every single connection made inside the network to prevent attackers moving from one compromised workload to another. By segmenting workloads and applying fine-grained security policies, all the way down to single machines and applications, the overall attack surface of a network is reduced.






Avatar
Kyle Guercio
Kyle Guercio has worked in content creation for six years contributing blog posts, featured news articles, press releases, white papers and more for a wide variety of subjects in the technology space.

Top Articles

Huge List Of Texting and Online Chat Abbreviations

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How To Create A Desktop Shortcut To A Website

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

The History Of Windows Operating Systems

Microsoft Windows is a family of operating systems. We look at the history of Microsoft's Windows operating systems (Windows OS) from 1985 to present...

Hotmail [Outlook] Email Accounts

  By Vangie Beal Hotmail is one of the first public webmail services that can be accessed from any web browser. Prior to Hotmail and its...

Abacus Definition & Meaning

An abacus, also known as a counting frame, is a mechanical device used...

Legacy Code Definition &...

Legacy code refers to source code that has been inherited from a previous...

Unregulated Power Supply Definition...

An unregulated power supply is a system that transforms input voltage into direct...