Lead Image © Chalong Tawan, 123RF.com
Microsegmentation in the data center
Improved Separation
Microsegmentation breaks a network or data center into various segments to enhance its efficiency or security. The idea behind segmentation became an established technique once virtual local area networks (VLANs) came into use. From the very beginning, security was a central focus for VLAN segmentation, because it divided network domains into smaller parts and then protected movement of data among the parts.
Traditional VLANs quickly reach their limits, however, when confronted with more extreme levels of segmentation, especially with regard to the management of security and configuration settings, because managing these settings becomes increasingly complex as the number of segments grows. Moreover, configuration tends to be rather static, whereas security orients more toward the IP layer of communication control, rather than to the application level.
New Challenges for Security
Perimeter protection alone no longer suffices to secure a network. When a company network or the company data center network (which should be equipped with protection) or an individual VLAN suffers a breach, the attacker gains free reign within the invaded domain and perhaps beyond. Traditionally, protection against breaches has been set up according to the "north-south data traffic" (client to server) principle, with an eye toward protecting incoming data. Once an attacker violates these barriers, the "east-west data traffic" (server to server) within the domain becomes vulnerable. Solutions involving microsegmentation are intended to offer more security and easier configuration.
These solutions are currently offered by various providers, including Cisco (ACI), Unisys (Stealth), and VMware (NSX). The conceptual differences among these offerings are considerable. Cisco is focused on support for virtual and physical platforms. VMware, on the other hand, emphasizes virtualized
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Microsegmentation with VMware NSX and vRealize Automation
VMware's NSX for vSphere platform adds security to microsegmentation, allowing security components to analyze traffic within the hypervisor. -
Zero trust planning and implementation
The many facets of the zero trust implementation process can be a source of frustration, which is why we offer a step-by-step guide to implementing zero trust models to help you make state-of-the-art IT security become a reality. -
Software-defined networking for the future
The history, technical underpinnings, and possible future standards of software-defined networking for 5G, IoT, and edge computing. - Total Defense Releases Cloud Security Solution
-
Purdue Model for industrial networking
The Purdue Model maps the challenges of networking industrial systems to five levels, helping to target and mitigate risk and address vulnerabilities. We look at the Purdue Model in detail, investigate an implementation tool, and explain the role of zero trust.