Jump to content

Microsegmentation (network security)

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by HCIhistory (talk | contribs) at 11:50, 8 February 2023 (Benefits). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Microsegmentation is a network security approach for separating and securing workloads in data centers and cloud deployments per machine.[1][2]

Types of microsegmentation

There are three main types of microsegmentation:

  • Host-agent segmentation: This style of microsegmentation makes use of endpoint-based agents. By having a centralized manager with access to all data flows, the difficulty of detecting obscure protocols or encrypted communications is mitigated.[3] The use of host-agent technology is commonly acknowledged as a powerful method of microsegmentation.[4] Because infected devices act as hosts, a solid host strategy can prevent issues from manifesting in the first place. This software, however, must be installed on every host.[5]
  • Hypervisor segmentation: In this implementation of microsegmentation, all traffic passes through a hypervisor.[6] Since hypervisor-level traffic monitoring is possible, existing firewalls can be used, and rules can be migrated to new hypervisors as instances are spun up and spun down.[7] Hypervisor segmentation typically doesn't function with cloud environments, containers, or bare metal, which is a downside.[8]
  • Network segmentation: This approach builds on the current setup by using tried-and-true techniques like access-control list (ACLs) for network segmentation.[9]

Benefits

Microsegmentation allows defenders to thwart almost any attack methods by closing off attack vectors within internal networks so that the attackers are stopped in their tracks.[10]

Microsegmentation in internet of things (IoT) environments can help businesses gain command over the increasing volume of lateral communication taking place between devices, which is currently unmanaged by perimeter-focused security measures.[11]

Challenges

Despite its useful features, implementing and maintaining microsegmentation can be difficult.[12] The first deployment is always the most challenging.[13] Some applications may not be able to support microsegmentation, and the process of implementing microsegmentation may cause other problems.[14]

Defining policies that meet the requirements of every internal system is another potential roadblock. Internal conflicts may occur as policies and their ramifications are considered and defined, making this a difficult and time-consuming process for certain adopters.[15]

Network connection between high and low-sensitivity assets inside the same security boundary requires knowledge of which ports and protocols must be open and in which direction. Inadvertent network disruptions are a risk of sloppy implementation.[16]

Microsegmentation is widely compatible with environments running common operating systems including Linux, Windows, and MacOS. However, this is not the case for companies that rely on mainframes or other outdated forms of technology.[17]

References

  1. ^ https://www.networkworld.com/article/3247672/what-is-microsegmentation-how-getting-granular-improves-network-security.html
  2. ^ https://www.nccoe.nist.gov/publication/1800-24/VolB/index.html
  3. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  4. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  5. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  6. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  7. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  8. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  9. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  10. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  11. ^ https://www.networkworld.com/article/3442753/iot-can-be-a-security-minefield-can-microsegmentation-help.html
  12. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  13. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  14. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  15. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  16. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
  17. ^ https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html
Retrieved from "https://en.wikipedia.org/w/index.php?title=Microsegmentation_(network_security)&oldid=1138173234"