Defining micro-segmentation...that’s straightforward. How to select the right technology to get the full benefit from micro-segmentation...not quite as simple.
The Truth About Micro-Segmentation breaks down the components of today’s micro-segmentation technologies (VMware NSX, Cisco, Illumio, etc.) to give you the knowledge you need to determine the right approach for you.
Micro-segmentation is fast becoming a foundational layer of the security architecture for today’s data center and cloud computing environments. It has seen a big push by a range of vendors as well as growing recommendations from leading analyst firms such as Gartner, ESG, and the 451 Group. There are three reasons why organizations of all sizes are considering this technology in their data center and cloud security plans:
- It is a core compensating control that complements patching, vulnerability scanning, and identity in reducing attack surface, particularly for east-west traffic;
- Because it is based on a zero-trust or least-privilege model, it actually reduces the number of false positives pinning down security operations teams today;
- If implemented correctly, it can keep up with increasing the heterogeneous, hybrid, and dynamic nature of today’s computing.
Since the first micro-segmentation technology for data center security was introduced about five years ago by Nicira, the security and networking industries have been racing to introduce competing approaches to reduce the lateral spread of bad actors in the data center and cloud. One of the key insights of VMware’s NSX team, to which my team fully subscribes, is that traditional networking technology presents a boatload of limitations to implementing micro-segmentation at scale. As they noted in August 2014...