Microsegmentation Definition & Meaning

Microsegmentation is a method for creating granular secure zones in data centers and cloud deployments down to individual workloads using virtualization technology to monitor and protect lateral traffic. Traditional security solutions, such as firewalls, VPNs and network access control (NAC), are focused primarily on protecting the perimeter of a network, also known as north-south traffic. Microsegmentation, on the other hand, monitors and secures east-west, or lateral, traffic. This includes server-to-server, application-to-server and web-to-server connections within the network.

The growing adoption of software-defined networks and network virtualization have created the need for more granular internal security measures. Microsegmentation is at the core of Zero Trust security.

Microsegmentation vs network segmentation

Organizations with hardware-based environments use firewalls, VPNs and VLANs for network segmentation. This method protects the perimeter but does not secure internal traffic. It relies on coarse policies that offer limited control of traffic. If an attacker is able to gain access, they would be trusted to move freely throughout the network. Microsegmentation aims to block these unauthorized connections.

Granular security policies are assigned to each segment with microsegmentation to move security parameters away from networks and IP addresses and focus them on user identity and applications. These policies prevent unauthorized users and applications from moving laterally throughout a network. Policies can be defined according to real-world constructs, such as user groups, access groups and network groups. If a policy violation is detected, microsegmentation tools will send an alert and in some cases block unsanctioned activity. Thousands of coarse policies for each segment would be required to achieve the same lateral traffic protection that microsegmentation can provide.

Core to zero trust security

Microsegmentation is key to implementing a zero trust framework. This model relies on the concept of “trust nothing and verify everything.” It aims to authenticate every single connection made inside the network to prevent attackers moving from one compromised workload to another. By segmenting workloads and applying fine-grained security policies, all the way down to single machines and applications, the overall attack surface of a network is reduced.






Avatar
Kyle Guercio
Kyle Guercio has worked in content creation for six years contributing blog posts, featured news articles, press releases, white papers and more for a wide variety of subjects in the technology space.

Top Articles

The Complete List of Text Abbreviations & Acronyms

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How to Create a Website Shortcut on Your Desktop

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

Hotmail [Outlook] Email Accounts

By Vangie Beal Hotmail was one of the first public webmail services that could be accessed from any web browser. Since 2011, Hotmail, in terms...

Data Corruption Definition &...

Data corruption is the process of data becoming unreadable or invalid. It typically...

Subschema Definition & Meaning

A subschema is a database view that filters or organizes all data to...

Fileless Malware Meaning &...

Fileless malware is a type of malicious software that uses legitimate applications already...