Macro Vs Micro Network Segmentation

We call this micro segmenting.

Macro vs micro network segmentation.

First macro and then micro basis of segmentation are employed while segmenting organizational markets. For example you might define two vns an employee vn with management hr security staff and. A great example of this is the failure of network technology to allow a server to live in multiple dimensions. The original segmentation model for the data center was the network security perimeter firewall.

The granularity level at which micro segmentation works is upto vms and individual hosts unlike network segmentation. Network segmentation and micro segmentation in modern enterprise environments a combination of hybrid and multi cloud infrastructure the acceleration of traffic and the increasing sophistication of attackers has made understanding and controlling your environment more difficult than ever to achieve. No one can guarantee that micro segmentation would have prevented every recent breach but i can argue that the obstacles to deploying fine grained security in the data center go away with micro segmentation. Using the age old and some security professionals might say tired analogy.

Network microsegmentation adds virtualization and control of software level abstraction to the subnetwork traffic controls of segmentation. To segment organizational market a company can use macro segmentation variables like an organization s size its location and the industry it is a part of. Vlans firewalls and acls network segmentation isn t new. Network segmentation is best for north south traffic and microsegmentation adds a layer of protection for east west traffic server to server application to server web to server etc.

The result is better network performance and a simpler architecture in complex virtualized and software defined data centers with fluctuating workloads. Don t sell me micro when you mean macro. Network segmentation creates sub networks using vlans subnets and security zones within the overall network to prevent attackers from moving inside the perimeter and attack the production workload. Companies have relied on firewalls virtual local area networks vlan and access control lists acl for network.

Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks each being a network segment advantages of such splitting are primarily for boosting performance and improving security. So while macro segmenting isolates traffic between vns micro segmenting controls communications between different groups or members of the same group within the vn. What s at stake is the security of today s data centers as well as the ability for security administrators to defend against breaches.