Macro Vs Micro Network Segmentation

Network microsegmentation adds virtualization and control of software level abstraction to the subnetwork traffic controls of segmentation.

Macro vs micro network segmentation.

Network segmentation is the thick walls and wide moats of the castle while. The original segmentation model for the data center was the network security perimeter firewall. Can a database serve two different applications that live on different network segments. Using the age old and some security professionals might say tired analogy.

So while macro segmenting isolates traffic between vns micro segmenting controls communications between different groups or members of the same group within the vn. Companies have relied on firewalls virtual local area networks vlan and access control lists acl for network. We call this micro segmenting. Network segmentation creates sub networks using vlans subnets and security zones within the overall network to prevent attackers from moving inside the perimeter and attack the production workload.

For example you might define two vns an employee vn with management hr security staff and. First macro and then micro basis of segmentation are employed while segmenting organizational markets. The granularity level at which micro segmentation works is upto vms and individual hosts unlike network segmentation. Don t sell me micro when you mean macro.

Network segmentation is best for north south traffic and microsegmentation adds a layer of protection for east west traffic server to server application to server web to server etc. Network segmentation and micro segmentation in modern enterprise environments a combination of hybrid and multi cloud infrastructure the acceleration of traffic and the increasing sophistication of attackers has made understanding and controlling your environment more difficult than ever to achieve. Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks each being a network segment advantages of such splitting are primarily for boosting performance and improving security. To segment organizational market a company can use macro segmentation variables like an organization s size its location and the industry it is a part of.

A great example of this is the failure of network technology to allow a server to live in multiple dimensions. No one can guarantee that micro segmentation would have prevented every recent breach but i can argue that the obstacles to deploying fine grained security in the data center go away with micro segmentation. The result is better network performance and a simpler architecture in complex virtualized and software defined data centers with fluctuating workloads.