Learn How Micro-segmentation can improve security?
Network security is a growing problem in the enterprise: Infrastructure complexity, higher traffic volumes, more applications and data stores, and an unending array of threats put the business at ever-increasing risk. Enter micro-segmentation. Micro-segmentation is a security technique that enables fine-grained security policies to be assigned to data center applications, down to the workload level. This approach enables security models to be deployed deep inside a data center, using a virtualized, software-only approach. One major benefit of micro-segmentation is that it integrates security directly into a virtualized workload without requiring a hardware-based firewall. This means that security policies can be synchronized with a virtual network, virtual machine (VM), operating system (OS), or other virtual security targets. Security can be assigned down the level of a network interface, and the security policies can move with the VM or workload, in case of migration or reconfiguration of the network.
With micro-segmentation, IT pros can tailor security settings to different types of traffic, creating policies that limit network and application flows between workloads to those that are explicitly permitted. In this zero-trust security model, a company could set up a policy, for example, that states medical devices can only talk to other medical devices. And if a device or workload moves, the security policies and attributes move with it.
The goal is to decrease the network attack surface: By applying segmentation rules down to the workload or application, IT can reduce the risk of an attacker moving from one compromised workload or application to another.
Another driver is operational efficiency. Access control lists, routing rules and firewall policies can get unwieldy and introduce a lot of management overhead, making policies difficult to scale in rapidly changing environments.