Log in
Enquire now
Microsegmentation

Microsegmentation

Microsegmentation is a network security method that divides data centers and cloud networks into independently-defined zones.

OverviewStructured DataIssuesContributors

Contents

OverviewAdvantages of MicrosegmentationBreach containmentAttack surface reductionCritical application protectionRegulatory complianceMicrosegmentation compared to other security systemsApplication scenariosResponse to cyber attacksDevelopment and production infrastructureSoft asset protectionPhases of Microsegmentation ImplementationTimelineTable: Companies in this industryTable: Further ResourcesReferences
Is a
Software
Software
Industry
Industry
Overview

Microsegmentation is a network virtualization (NV) technology-based network security technique that enables the creation of zones in data centers and cloud networks for the purpose of isolating workloads and defining their security protocols on an individual level.

This method of data protection inhibits the lateral movement of breach threats on the basis of a zero-trust security model, meaning every distinct application workload is isolated from other workloads and assessed individually. Dynamic adaptation, visibility, and granular, east-west traffic control are the key principles of microsegmentation.

Microsegmentation explained

Advantages of Microsegmentation

Microsegmentation can be beneficial to network systems by positively impacting breach containment, reducing the total attack surface, protecting critical applications, and improving regulatory compliance.

Breach containment

In theory, the response time to breach emergencies should be shortened, and remediation simplified as the magnitude of security incidents is confined to particular containers within the network.

Attack surface reduction

By virtue of the lateral movement design, microsegmentation limits breach risks by reducing the total attack surface of the data center or cloud network.

Critical application protection

Microsegmentation aims to improve threat visibility and protection of critical applications and workloads by limiting the lateral spread of cyberattacks.

Regulatory compliance

Microsegmentation can reduce risks associated with non-compliant usage through the adoption of policies that isolate regulation-vulnerable systems. Thus, adherence to regulations such as PCI-DSS, HIPAA, and SWIFT as well as jurisdictional regulations such as the EU GDPR (General Data Protection Regulation) may be simplified.

Microsegmentation compared to other security systems

Microsegmentation is a form of application segmentation. Traditional application segmentation approaches have been limited by their reliance on Level 4 controls. Microsegmentation technologies enable the integration of Level 7 controls and provide additional visualization functionality to assist security experts in assessing the status of network policy coverage.

VLANs (Virtual LAN), ACLs (Access Control List), intrusion prevention systems (IPS), and firewalls are known as “coarse-grained segmentation” methods since they do not operate on the principle of granular partitioning. These and other traditional security systems scan and secure data center and cloud traffic in a north-south direction.

Microsegmentation differs with its individual approach to workloads, which is known as “fine-grained” and limits traffic movement to an east-west orientation. Microsegmentation has become a viable security solution, owing to advancements in software-defined networks and network virtualization.

Application scenarios
Response to cyber attacks

Microsegmentation enables precise assessment of cyber-attacks, based on detailed log information that specifies policy violations and identifies affected applications.

Development and production infrastructure

Although organizations may keep development and production environments segregated, unless microsegmentation or another complex application segmentation/granular separation method is implemented, there remains the risk of jeopardizing activity; for instance, the unauthorized transfer of sensitive customer data from the production database for testing purposes.

Soft asset protection

Microsegmentation reduces the risk of soft assets being stolen, such as intellectual property, company financial data, and customer or employee information. Non-segmentary network security methods leave soft assets more vulnerable, potentially causing downtime in operations and significant costs.

Phases of Microsegmentation Implementation

This is a general outline of how microsegmentation is implemented:

  • Location and identification of applications operating within the data center
  • Designation of applications that must be connected
  • Development of a hierarchy of precisely defined logical groups which will inform security policies
  • Creation, testing and refining of policies
  • Policy deployment across prioritized workloads and applications
  • Early operative phase, monitoring of all ports and east-west traffic enabled

Timeline

No Timeline data yet.

Companies in this industry

Further Resources

Title
Author
Link
Type
Date

What is Microsegmentation? Definition & FAQs | Avi Networks

https://avinetworks.com/glossary/microsegmentation/

Web

References

Find more entities like Microsegmentation

Use the Golden Query Tool to find similar entities by any field in the Knowledge Graph, including industry, location, and more.
Open Query Tool
Access by API
Golden Query Tool
Golden logo

Company

  • Home
  • Press & Media
  • Blog
  • Careers
  • WE'RE HIRING

Products

  • Knowledge Graph
  • Query Tool
  • Data Requests
  • Knowledge Storage
  • API
  • Pricing
  • Enterprise
  • ChatGPT Plugin

Legal

  • Terms of Service
  • Enterprise Terms of Service
  • Privacy Policy

Help

  • Help center
  • API Documentation
  • Contact Us
By using this site, you agree to our Terms of Service.