“Network segmentation isn’t new. Companies have relied on firewalls, virtual local area networks (VLAN) and access control lists (ACL) for network segmentation for years. With micro-segmentation, policies are applied to individual workloads for greater attack resistance,” writes Ann Bednarz of Network World. Network micro-segmentation is the process of applying network segmentation to an individual data center or cloud workload. In a recent article Ms. Bednarz walks us through why this practice is on the rise and what are the benefits.
Why has micro-segmentation grown in use?
Ms. Bednarz reports that the increase in software-defined networks and use of network virtualization solutions has made it much easier to apply more granular segmentation to data center workloads. Also, as security threats have not only increased but become more complex, micro-segmentation strategies can be another tool to beef up security and protections. As Ms. Bednarz explains in her article, “The goal is to decrease the network attack surface: By applying segmentation rules down to the workload or application, IT can reduce the risk of an attacker moving from one compromised workload or application to another.”
North-South, East-West Traffic.
Traditional network security protections typically evaluate traffic coming in a north-south direction. The more valuable the area of the data center the more security to stop attacks in that direction. Unfortunately in today’s more complex world, east-west traffic can also pose a security risk. Once an attacker reaches a data center workload there may be nothing to stop the attack within that level, in other words no security to evaluate malicious east-west flow. Network micro-segmentation strategies have helped companies build up their east-west traffic security.
Increased efficiency and performance and less physical appliances, lowering potential hardware costs, are other benefits of using a micro-segmentation strategy.
Know before you go!
Just as with any network security technology, it is important to first evaluate your solution. Do you have the IT in place to support network micro-segmentation and do you have enough visibility into your network to know where to apply micro-segmentation?
A trusted IT-partner can help you not only understand your network solution but also ensure that you have the right solution and security processes in place to protect it.