Micro-segmentation is a flexible network security approach using software-defined policies, relying on various architectural models such as hybrid, overlay, third-party, and native models. It offers benefits like extensibility, ubiquity, and persistence in the face of changing data center environments. Effective implementation requires a thorough understanding of network behavior, a zero-trust approach, and regular analysis of traffic and policies.

1. Definition: Micro-segmentation is the art of using software-defined
policies, instead of hardware network configurations, to make
network security more flexible. It can only work if implemented
with right tools and forethought.
FIELDENGINEER.COM
A GLOBAL ON-DEMAND FREELANCE MARKETPLACE FOR THE TELECOM INDUSTRY
WHAT IS MICRO
SEGMENTATION?

2. There are four architectural
models used in micro
segmentation.
They are:

3. 1. Hybrid model
It is a combination of third-party and native controls.

4. 2. Overlay model
Usually uses a type of software or agent within every host, instead
of using moderating communications. Vendors of this model include
Unisys, vArmour, Vmware NSX, ShieldX, Juniper, Illumio,
Guardicore, Drawbridge Networks, CloudPassage, and Cisco.

5. 3. Third-party model
Mainly based on a virtual firewall presented by third-party firewall
vendors. They include Huawei, Sophos, SonicWall, Palo Alto,
Juniper, Fortinet, Checkpoint, and Cisco.

6. 4. Native model
Makes use of included or inherent capabilities provided within
various areas such as infrastructure, operating hypervisor/system,
IaaS, or virtualization platform.

7. Benefits of Micro
segmentation
Now you know what is micro segmentation. The next step is
getting information on its benefits. This will help you understand
why it is important in data centers and other IT/ICT platforms.
The following are benefits of micro segmentation.

8. 1. Extensibility
Security administrators depend on micro segmentation to make adaptations to
unfolding new scenarios, as threat topologies in data center are constantly changing
and micro segmentation ensures sharing of intelligence between security functions
is enabled. The end result is a security infrastructure working concertedly to design
response to different situations.

9. 2. Ubiquity
Managing and deploying traditional security in virtual networking is costly.
The cost forces data center administrators to ration security. Intruders take
advantage of the low security in low-priority systems to infiltrate the data
center. To have a sufficient defense level, security administrators rely on
micro segmentation because it embeds security functions into the
infrastructure itself.

10. 3. Persistence
Due to constant changes in data center topologies like workloads are
moved, server pools are expanded, networks are re-numbered and so
on the constants in all this change are need for security and the workload.
With micro segmentation administrators can describe inherent characteristics
of a workload instead of depending on IP address. The information is then tied
back to the security policy. Once this is done, the policy can answer questions
such as: what kind of data will this workload handle (personally identifiable
information, financial, or low-sensitivity)?, or what will the workload be used
for (production, staging, or development)? Additionally, administrators can
combine these characteristics to describe inherited policy attributes. For
instance, a production workload handling financial data may get a higher
level of security than a workload handling financial data.

11. How to Make
Micro Segmentation Work
Similar to conventional virtualization, there are many ways to implement network
micro segmentation. Basically, there are three major considerations when it
comes to adoption of micro segmentation technology they are:

12. 1. Visibility
Potential adopters need to thoroughly understand communication
patterns and network traffic flow within, from, and to the data center.

13. 2. Zero trust approach
This is a complete lock down of communications. Throughout the
deployment of micro segmentation, zero-trust policies should be
followed. Across the network, communication should be only allowed
carefully using the results of previous analysis. It is the best practice
for anyone who wants to ensure application security and connectivity.

14. 3. Repeat the process regularly
Distilling rules and analyzing traffic is not a deployment effort that is
done once. It needs to be a continuous activity that has to be done
often to make sure policies and workloads do not change suddenly
and any current analytical results can be used to effectively tune micro
segmentation rules. Current analytical results may come from changes
in traffic patterns or new applications. All these are consideration putting
an emphasis on the choice of tools and hypervisor used in micro
segmentation facilitation.

15. Secure your data center
A well protected data center requires micro segmentation rules.
With filedengineer.com its finally possible to hire freelance data
center engineers to implement micro segmentation.

16. www.fieldengineer.com
Field Engineer
77 Water Street, Suite 7000, New York, NY 10005 USA
GET THE APP
FIELDENGINEER.COM
A GLOBAL ON-DEMAND FREELANCE
MARKETPLACE
FOR THE TELECOM INDUSTRY