Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Firewall » What is microsegmentation? How getting granular improves network security

What is microsegmentation? How getting granular improves network security

Microsegmentation is a way to create secure zones in data centers and cloud deployments that allow you to isolate workloads and protect them individually.

Microsegmentation is a method of creating secure zones in data centers and cloud deployments that allows companies to isolate workloads from one another and secure them individually. It’s aimed at making network security more granular.

Microsegmentation vs. VLANs, firewalls and ACLs

Network segmentation isn’t new. Companies have relied on firewalls, virtual local area networks (VLAN) and access control lists (ACL) for network segmentation for years. With microsegmentation, policies are applied to individual workloads for greater attack resistance.

“Where VLANs let you do very coarse-grained segmentation, microsegmentation lets you do more fine-grained segmentation. So anywhere you need to get down to granular partitioning of traffic, that’s where you’ll find it,” says analyst Zeus Kerravala, founder of ZK Research and a contributor to Network World.

The rise of software-defined networks and network virtualisation has paved the way for microsegmentation. “We can do things in software, in a layer that’s decoupled from the underlying hardware,” Kerravala says. “That makes segmentation much easier to deploy.”

How microsegmentation manages data centre traffic

Traditional firewalls, intrusion prevention systems (IPS) and other security systems are designed to inspect and secure traffic coming into the data center in a north-south direction. Microsegmentation gives companies greater control over the growing amount of east-west or lateral communication that occurs between servers, bypassing perimeter-focused security tools. If breaches occur, microsegmentation limits potential lateral exploration of networks by hackers.

“Most companies put all their high value security tools in the core of the data center: firewalls, IPSes. And so the traffic moving north-south has to pass through those firewalls. If it’s moving east-west, it’s bypassing those security tools,” Kerravala says. “You could put firewalls up at every interconnection point, but that would be prohibitively expensive. It’s also not very agile.”

Do network or security pros drive microsegmentation? 

Microsegmentation is gaining momentum, but there are still questions about who should own it. In a large enterprise, a network security engineer might lead the effort. In smaller companies, a team involving security and network operations might spearhead microsegmentation deployments.

“I don’t know if there’s really one group that’s in charge of it. I think it depends what you’re using it for,” Kerravala says. He sees interest from security and network pros.

“I think because it operates as a network overlay, in most cases, it’s easy for security operations to deploy and then run it over the top of the network. And I see network operations people doing it too, as a way to secure IoT devices, for example. Those are really the two primary audiences.”

Microsegmentation benefits and security challenges

With microsegmentation, IT pros can tailor security settings to different types of traffic, creating policies that limit network and application flows between workloads to those that are explicitly permitted. In this zero-trust security model, a company could set up a policy, for example, that states medical devices can only talk to other medical devices. And if a device or workload moves, the security policies and attributes move with it.

The goal is to decrease the network attack surface: By applying segmentation rules down to the workload or application, IT can reduce the risk of an attacker moving from one compromised workload or application to another.

Another driver is operational efficiency. Access control lists, routing rules and firewall policies can get unwieldy and introduce a lot of management overhead, making policies difficult to scale in rapidly changing environments.

Microsegmentation is typically done in software, which makes it easier to define fine-grained segments. And with microsegmentation, IT can work to centralize network segmentation policy and reduce the number of firewall rules needed.

Granted, that’s no small task – it won’t be easy to consolidate years of firewall rules and access control lists and translate them into policies that can be enforced across today’s complex, distributed enterprise environments.

For starters, mapping the connections between workloads, applications, and environments requires visibility that many enterprises lack.

“One of the big challenges with segmentation is you have to know what to segment. My research shows that 50% of companies have little or no confidence that they know what IT devices are on the network. If you don’t even know what devices are on the network, how do you know what kind of segments to create? There’s a lack of visibility into data center flows,” Kerravala says.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket