Micro-segmentation for Dummies
Cyber threats today often include months of reconnaissance, vulnerability exploits, and “sleeper” malware agents that can lie dormant until activated by remote control. Despite increasing layers of protection at the edge of data center
networks — including firewalls, intrusion prevention systems, and network‐based malware detection — attacks are succeeding in penetrating (or simply going around) the perimeter, and breaches continue to occur.
The primary issue is that once an attack gets into the network, there are few controls to prevent threats from moving laterally from system to system. The best way to solve this is to adopt a stricter, more granular security model with the ability to tie security to individual workloads and the agility to provision policies automatically. Forrester Research calls this the “Zero Trust” security model — in other words, the principle of least privilege applied to the network. Micro‐segmentation embodies this approach.
This whitepaper, commissioned by VMware, provides a broad overview of
micro‐segmentation in the data center.