Partner Program Overview
Designed to deliver unparalleled customer value and accelerated mutual growth by harnessing partner expertise and ColorTokens cybersecurity technology.Learn More
In today’s evolving IT landscape, organizations can no longer assume that perimeter protection will defend against all cyber threats. With more than 80 percent of traffic now east-west (i.e. within the network), it’s critical that businesses also protect against growing lateral threats.
Micro-segmentation has emerged as an effective tool to combat lateral threats because it helps security teams visualize and manage east-west traffic. Micro-segmentation reduces the attack surface to a minimum and introduces access controls to isolated segments, enabling organizations to monitor and control traffic to each segment.
There are three primary approaches to micro-segmentation. These differ based on the network layer selected for implementation.
In this blog, we’ll explore the benefits of each approach to micro-segmentation to help you choose the method best-suited for your organization.
Network-based micro-segmentation is implemented using network devices as enforcement points. It relies on subnets, VLANs, or some other tagging technology to create segments. From there, policies are configured and enforced using IP constructs or ACLs — policies are generally applied to subnets or VLANs as opposed to individual hosts.
Hypervisor-based micro-segmentation is implemented using hypervisors in a virtualized environment. It relies on overlay networks created by hypervisors to enforce micro-segmentation. Hypervisor-based micro-segmentation is relatively similar to network-based micro-segmentation; the main difference is that it relies on hypervisor devices instead of network devices.
Host-based micro-segmentation uses the native firewall functionality built in the operating system to provide distributed and fine-grained micro-segmentation. Using an agent, host-based micro-segmentation can be implemented across data centers, cloud, bare metal, and hybrid environments.
Host-based micro-segmentation is built on a zero trust security architecture and includes a single-pane-of-glass to manage, orchestrate, and automate resource access policies across dynamic application environments.
Although IT needs vary widely by business and industry, many organizations are moving toward host-based micro-segmentation to efficiently protect against evolving cyber threats. That’s because it provides the right combination of deep visibility and automated implementation – without disrupting business operations.