Microsegmentation

Microsegmentation is a method for creating granular secure zones in data centers and cloud deployments down to individual workloads using virtualization technology to monitor and protect lateral traffic. Traditional security solutions, such as firewalls, VPNs and network access control (NAC), are focused primarily on protecting the perimeter of a network, also known as north-south traffic. Microsegmentation, on the other hand, monitors and secures east-west, or lateral, traffic. This includes server-to-server, application-to-server and web-to-server connections within the network.

The growing adoption of software-defined networks and network virtualization have created the need for more granular internal security measures. Microsegmentation is at the core of Zero Trust security.

Microsegmentation vs network segmentation

Organizations with hardware-based environments use firewalls, VPNs and VLANs for network segmentation. This method protects the perimeter but does not secure internal traffic. It relies on coarse policies that offer limited control of traffic. If an attacker is able to gain access, they would be trusted to move freely throughout the network. Microsegmentation aims to block these unauthorized connections.

Granular security policies are assigned to each segment with microsegmentation to move security parameters away from networks and IP addresses and focus them on user identity and applications. These policies prevent unauthorized users and applications from moving laterally throughout a network. Policies can be defined according to real-world constructs, such as user groups, access groups and network groups. If a policy violation is detected, microsegmentation tools will send an alert and in some cases block unsanctioned activity. Thousands of coarse policies for each segment would be required to achieve the same lateral traffic protection that microsegmentation can provide.

Core to zero trust security

Microsegmentation is key to implementing a zero trust framework. This model relies on the concept of “trust nothing and verify everything.” It aims to authenticate every single connection made inside the network to prevent attackers moving from one compromised workload to another. By segmenting workloads and applying fine-grained security policies, all the way down to single machines and applications, the overall attack surface of a network is reduced.






Kyle Guercio
Kyle Guercio
Kyle Guercio has worked in content creation for six years contributing blog posts, featured news articles, press releases, white papers and more for a wide variety of subjects in the technology space.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

Input Sanitization

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and...

IT Asset Management Software

IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...