Microsegmentation in a network will allow for stronger security controls by dividing the data center into segments. Secure zones are created for very specific workloads. Traditional physical segmentation through the use of VLANs let you separate portions of your network, but with microsegmentation you are able to be more granular. Security architects can establish the controls and policies for each unique segment.
More Than a Firewall
Instead of installing multiple firewalls within a network, microsegmentation enables security policies to be deployed using virtualization, resulting in a major cost saving. Microsegmentation is a security technique that can detect and prevent malicious lateral movement within network and cloud systems. Reduce the attack surface by designing security policies in the environment where only approved activity can take place. The policies will dictate which applications can communicate with each other, and any unauthorized communication will be blocked.
This fine-grained approach is identity and workload based. It is a way to moderate lateral (east-west) traffic in a network. Hardware segmentation is designed to control north-south traffic. Once an intruder bypasses the hardware controls of the firewall and attempts to traverse the network, microsegmentation policies can control what resources that person has access to.
A Zero-Trust Architecture
Combining the techniques of segmentation and microsegmentation can fortify your network defenses and establish a zero-trust environment. However, microsegmentation comes with a bit of a learning curve as it is implemented in a very different manner than traditional network segmentation.