Revision as of 13:09, 27 February 2023 edit Wissenks (talk \| contribs) 24 edits No edit summary ← Previous edit		Revision as of 18:47, 28 April 2023 edit undo GoutComplex (talk \| contribs) Extended confirmed users 2,277 edits No edit summary Tag: Visual edit Next edit →
Line 7: There are three main types of microsegmentation: * '''Native OS host-based firewall segmentation''' employs OS firewalls to regulate network traffic between network segments. Instead of using a router or network firewalls or deploying agents, each host firewall is used to perform both auditing and enforcement, preventing attackers from moving laterally between network machines. While Native OS host-based firewalls can implement many segmentation schemes, including microsegmentation, only recent innovations in the space have made implementation and management achievable at scale.<ref>{{Cite book\|url=https://www.taylorfrancis.com/chapters/mono/10.1201/9781351210768-8/microsegmentation-dijiang-huang-ankur-chowdhary-sandeep-pisharody\|title=Software-Defined Networking and Security\|first1=Dijiang\|last1=Huang\|first2=Ankur\|last2=Chowdhary\|first3=Sandeep\|last3=Pisharody\|doi=10.1201/9781351210768-8/microsegmentation-dijiang-huang-ankur-chowdhary-sandeep-pisharody}}</ref> * '''Host-agent segmentation''': This style of microsegmentation makes use of endpoint-based agents. By having a centralized manager with access to all data flows, the difficulty of detecting obscure protocols or [[secure communication\|encrypted communication]]s is mitigated.<ref name="auto">{{Cite web \|last=Edwards \|first=John \|date=April 16, 2020 \|title=How microsegmentation can limit the damage that hackers do \|url=https://www.networkworld.com/article/3537672/microsegmentation-architecture-choices-and-how-they-differ.html~~\|title=How~~ ~~microsegmentation can limit the damage that hackers do\|first=John\|last=Edwards\|date=April 16, 2020~~\|website=[[Network World]]}}</ref> The use of host-agent technology is commonly acknowledged as a powerful method of microsegmentation.<ref name="auto"/> Because infected devices act as hosts, a solid host strategy can prevent issues from manifesting in the first place. This software, however, must be installed on every host.<ref name="auto"/> * '''Hypervisor segmentation''': In this implementation of microsegmentation, all traffic passes through a [[hypervisor]].<ref name="auto"/> Since hypervisor-level traffic monitoring is possible, existing [[firewall (computing)\|firewall]]s can be used, and rules can be migrated to new hypervisors as instances are spun up and spun down.<ref name="auto"/> Hypervisor segmentation typically doesn't function with cloud environments, containers, or bare metal, which is a downside.<ref name="auto"/> * '''Network segmentation''': This approach builds on the current setup by using tried-and-true techniques like [[access-control list]] (ACLs) for network segmentation.<ref name="auto"/> Line 14: Microsegmentation allows defenders to thwart almost any attack methods by closing off attack vectors within [[internal network]]s so that the attackers are stopped in their tracks.<ref name="auto"/> Microsegmentation in [[internet of things]] (IoT) environments can help businesses gain command over the increasing volume of [[lateral communication]] taking place between devices, which is currently unmanaged by perimeter-focused security measures.<ref>{{Cite web \|last=Violino \|first=Bob \|date=October 10, 2019 \|title=Can microsegmentation help IoT security? \|url=https://www.networkworld.com/article/3442753/iot-can-be-a-security-minefield-can-microsegmentation-help.html~~\|title=Can~~ ~~microsegmentation help IoT security?\|first=Bob\|last=Violino\|date=October 10, 2019~~\|website=[[Network World]]}}</ref> ==Challenges==

Microsegmentation (network security): Difference between revisions