Macro Vs Micro Network Segmentation

Using the age old and some security professionals might say tired analogy.

Macro vs micro network segmentation.

The original segmentation model for the data center was the network security perimeter firewall. The result is better network performance and a simpler architecture in complex virtualized and software defined data centers with fluctuating workloads. To segment organizational market a company can use macro segmentation variables like an organization s size its location and the industry it is a part of. Network segmentation is the thick walls and wide moats of the castle while.

Network segmentation and micro segmentation in modern enterprise environments a combination of hybrid and multi cloud infrastructure the acceleration of traffic and the increasing sophistication of attackers has made understanding and controlling your environment more difficult than ever to achieve. The two levels of network segmentation. Don t sell me micro when you mean macro. So while macro segmenting isolates traffic between vns micro segmenting controls communications between different groups or members of the same group within the vn.

Network segmentation is best for north south traffic and microsegmentation adds a layer of protection for east west traffic server to server application to server web to server etc. Vlans firewalls and acls network segmentation isn t new. First macro and then micro basis of segmentation are employed while segmenting organizational markets. Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks each being a network segment advantages of such splitting are primarily for boosting performance and improving security.

For example you might define two vns an employee vn with management hr security staff and. Network segmentation creates sub networks using vlans subnets and security zones within the overall network to prevent attackers from moving inside the perimeter and attack the production workload. What s at stake is the security of today s data centers as well as the ability for security administrators to defend against breaches. We call this micro segmenting.

Can a database serve two different applications that live on different network segments. Companies have relied on firewalls virtual local area networks vlan and access control lists acl for network. A great example of this is the failure of network technology to allow a server to live in multiple dimensions.