Micro-segmentation is a network security technique that enables security architects to logically divide the data center into distinct security segments down to the individual workload level, and then define security controls and deliver services for each unique segment. Micro-segmentation enables IT to deploy flexible security policies deep inside a data center using network virtualization technology instead of installing multiple physical firewalls. Also, micro-segmentation can be used to protect every virtual machine (VM) in an enterprise network with policy-driven, application-level security controls. Because security policies are applied to separate workloads, micro-segmentation software can significantly bolster a company’s resistance to attack.
Micro-segmentation helps in networking by creating “demilitarized zones” for security within one data center and across multiple data centers. By tying fine-grained security policies to individual workloads, micro-segmentation software limits an attacker’s ability to move laterally through a data center, even after infiltrating the perimeter defenses. This means that it can eliminate server-to-server threats within the data center, securely isolate networks from each other, and reduce the total attack surface of a network security incident.