Revision as of 11:42, 8 February 2023 edit HCIhistory (talk \| contribs) 234 edits →Challenges ← Previous edit		Revision as of 11:42, 8 February 2023 edit undo HCIhistory (talk \| contribs) 234 edits →Types of microsegmentation Next edit →
Line 5: * '''Host-agent segmentation''': This style of microsegmentation makes use of endpoint-based agents. By having a centralized manager with access to all data flows, the difficulty of detecting obscure protocols or encrypted communications is mitigated. The use of host-agent technology is commonly acknowledged as a powerful method of microsegmentation. Because infected devices act as hosts, a solid host strategy can prevent issues from manifesting in the first place. This software, however, must be installed on every host.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> * '''Hypervisor segmentation''': In this implementation of microsegmentation, all traffic passes through a hypervisor. Since hypervisor-level traffic monitoring is possible, existing firewalls can be used, and rules can be migrated to new hypervisors as instances are spun up and spun down. Hypervisor segmentation typically doesn't function with cloud environments, containers, or bare metal, which is a downside.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> * '''Network segmentation''': This approach builds on the current setup by using tried-and-true techniques like ~~access~~ [[Access-control ~~lists~~list]] (ACLs) for network segmentation.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> ==Challenges==

Microsegmentation (network security): Difference between revisions