What is Microsegmentation?
A security technique that divides a network into granular segments, enforcing least-privilege access policies between individual workloads rather than relying on broad network perimeters.
Microsegmentation moves firewall policy from the network perimeter to the workload level. Instead of allowing all traffic within a VLAN and blocking at the perimeter, microsegmentation enforces allow-list policies between individual virtual machines, containers, or application tiers. A web server can talk to its database on port 3306 but cannot reach the HR application's database, even though both sit on the same network.
Implementation approaches vary: host-based firewalls managed by a central policy engine, hypervisor-level distributed firewalls (like VMware NSX), or agent-based overlay networks. Cloud-native options include AWS security groups, Azure NSGs, and Kubernetes network policies, though these provide coarser granularity than dedicated microsegmentation platforms.
Microsegmentation is the Zero Trust control for east-west traffic, complementing ZTNA which handles north-south access. The implementation challenge is visibility: you cannot write allow-list rules without first understanding application communication patterns. Most successful microsegmentation projects start with a discovery phase that maps actual traffic flows, then build policies in monitor-only mode before switching to enforcement. Attempting to enforce microsegmentation without thorough flow mapping will break applications.
A security model that eliminates implicit trust based on network location, requiring continuous verification of identity, device posture, and context for every access request.
The technique by which attackers move from an initially compromised system to other systems within a network, escalating privileges and expanding access to reach high-value targets.
An access model that grants users connectivity to specific applications, not networks, based on identity and device posture, verified continuously per session.
A technology that enforces security policies on devices attempting to connect to a network, controlling access based on device identity, health, and compliance status.
One email per publish. Unsubscribe anytime.