Content deleted Content added
HCIhistory (talk | contribs) |
HCIhistory (talk | contribs) |
||
Line 6:
* '''Hypervisor segmentation''': In this implementation of microsegmentation, all traffic passes through a hypervisor.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> Since hypervisor-level traffic monitoring is possible, existing [[firewall (computing)|firewall]]s can be used, and rules can be migrated to new hypervisors as instances are spun up and spun down.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> Hypervisor segmentation typically doesn't function with cloud environments, containers, or bare metal, which is a downside.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref>
* '''Network segmentation''': This approach builds on the current setup by using tried-and-true techniques like [[access-control list]] (ACLs) for network segmentation.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref>
==Benefits==
Microsegmentation allows defenders to thwart almost any attack methods by closing off attack vectors within internal networks so that the attackers are stopped in their tracks.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html </ref>
Microsegmentation in IoT environments can help businesses gain command over the increasing volume of lateral communication taking place between devices, which is currently unmanaged by perimeter-focused security measures.<ref>https://www.networkworld.com/article/3442753/iot-can-be-a-security-minefield-can-microsegmentation-help.html</ref>
==Challenges==
| |||