Microsegmentation (network security): Difference between revisions

* '''Host-agent segmentation''': This style of microsegmentation makes use of endpoint-based agents. By having a centralized manager with access to all data flows, the difficulty of detecting obscure protocols or [[secure communication|encrypted communicationscommunication]]s is mitigated.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> The use of host-agent technology is commonly acknowledged as a powerful method of microsegmentation.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> Because infected devices act as hosts, a solid host strategy can prevent issues from manifesting in the first place. This software, however, must be installed on every host.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref>

* '''Hypervisor segmentation''': In this implementation of microsegmentation, all traffic passes through a hypervisor.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> Since hypervisor-level traffic monitoring is possible, existing firewalls can be used, and rules can be migrated to new hypervisors as instances are spun up and spun down.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> Hypervisor segmentation typically doesn't function with cloud environments, containers, or bare metal, which is a downside.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref>