Wikipedia

Microsegmentation (network security): Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
HCIhistory (talk | contribs)
234 edits
HCIhistory (talk | contribs)
234 edits
Line 4:
There are three main types of microsegmentation:
* '''Host-agent segmentation''': This style of microsegmentation makes use of endpoint-based agents. By having a centralized manager with access to all data flows, the difficulty of detecting obscure protocols or [[secure communication|encrypted communication]]s is mitigated.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> The use of host-agent technology is commonly acknowledged as a powerful method of microsegmentation.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> Because infected devices act as hosts, a solid host strategy can prevent issues from manifesting in the first place. This software, however, must be installed on every host.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref>
* '''Hypervisor segmentation''': In this implementation of microsegmentation, all traffic passes through a [[hypervisor]].<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> Since hypervisor-level traffic monitoring is possible, existing [[firewall (computing)|firewall]]s can be used, and rules can be migrated to new hypervisors as instances are spun up and spun down.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref> Hypervisor segmentation typically doesn't function with cloud environments, containers, or bare metal, which is a downside.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref>
* '''Network segmentation''': This approach builds on the current setup by using tried-and-true techniques like [[access-control list]] (ACLs) for network segmentation.<ref>https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html</ref>
 
Retrieved from "https://en.wikipedia.org/wiki/Microsegmentation_(network_security)"