Simplicity Across Clouds Is Rare
91% of executives are looking to improve “consistency across [their] public cloud environments."
Applications Need to Be Modernized
68% of developers want to expand use of modern application frameworks, APIs and services.
Distributed Work Models Are Here to Stay
72% of enterprise employees are working from non-traditional environments.
Security Is a Top-Down Concern
Risk related to security, data and privacy issues remains the #1 multi-cloud challenge.
Get on a Faster Path to Prod
Build and deploy quickly and securely on any public cloud or on-premises Kubernetes cluster.
Simplify Kubernetes Operations
Build and operate a secure, multi-cloud container infrastructure at scale.
Pair with App Development Experts
Unlock value by modernizing your existing apps and building innovative new products.
Connect and Run with Confidence
Reduce time-to-value, lower costs, and enhance security while modernizing your private and public cloud infrastructure.
Enhance Digital Experiences
Securely, reliably, and optimally connect applications in the cloud and at the edge to deliver unique experiences.
Run enterprise apps at scale with a consistent cloud infrastructure across public clouds, data centers and edge environments.
Deliver an Engaging Experience
Put employees first with device choice, flexibility, and seamless, consistent, high-quality experiences.
Secure Today’s Anywhere Workspace
Ease the move to Zero Trust with situational intelligence and connected control points.
Accelerate IT Modernization
Manage to outcomes — not tasks — with intelligent compliance, workflow and performance management.
Secure & Connect Workloads
Operationalize consistent security and networking across apps, users, and entities with transparency built into our tools.
Protect APIs — the New Endpoints
Increase app velocity and centrally manage, secure, connect, and govern your clusters no matter where they reside.
Get built-in threat intelligence spanning users, endpoints and networks to evolve your protection in a dynamic landscape.
Deliver security and networking as a built-in distributed service across users, apps, devices, and workloads in any cloud.
Work with a VMware Partner
Partners deliver outcomes with their expertise and VMware technology, creating exceptional value for our mutual customers.
Become a Partner
Together with our partners, VMware is building the new multi-cloud ecosystem positioned to become essential to our customers.
Network segmentation is a network security technique that divides a network into smaller, distinct sub-networks that enable network teams to compartmentalize the sub-networks and deliver unique security controls and services to each sub-network.
The process of network segmentation involves partitioning a physical network into different logical sub-networks. Once the network has been subdivided into smaller more manageable units, controls are applied to the individual, compartmentalized segments
Network segmentation provides unique security services per network segment, delivering more control over network traffic, optimizing network performance, and improving security posture.
First, better security. We all know that with security, you are only as strong as your weakest link. A large flat network inevitably presents a large attack surface. However, when a large network is split into smaller sub-networks, the isolation of network traffic within the sub-networks reduces the attack surface and impedes lateral movement. Thus, if the network perimeter is breached, network segments prevent attackers from moving laterally throughout the network.
Furthermore, segmentation provides a logical way to isolate an active attack before it spreads across the network. For example, segmentation ensures malware in one segment does not affect systems in another. Creating segments limits how far an attack can spread and reduces the attack surface to an absolute minimum.
Next, let’s talk about performance. Segmentation reduces network congestion which improves network performance by removing unnecessary traffic in a particular segment. For example, a hospital's medical devices can be segmented from its visitor network so that medical devices are unaffected by guest web browsing traffic.
As a result of network segmentation, we have fewer hosts per subnetwork, minimize local traffic per sub-network and limit external traffic only to that designated for the sub-network.
Network segmentation creates multiple, isolated segments within a larger network, each of which can have varying security requirements and policy. These segments hold specific application or endpoint types with the same trust level.
There are multiple ways to perform network segmentation. We’ll look at perimeter-based segmentation implemented with VLANs, and then segmentation performed deeper in the network with network virtualization techniques.
Perimeter-based segmentation creates internal and external segments based on trust: what’s internal to the network segment is trusted and anything external is not. As a result, there are few restrictions on internal resources, which commonly operate over a flat network with minimal internal network segmentation. Filtering and segmentation are at fixed network points.
Originally, VLANs were introduced to divide broadcast domains to improve network performance. Over time VLANs grew to be used as a security tool – but they were never meant to be used as a security tool. The problem with VLANs is there is no intra-VLAN filtering; they have a very broad level of access.
Furthermore, to move between segments, there needs to be a policy. With policy, you can either stop the traffic flow from one segment to another or limit the traffic (based on the traffic type, source, and destination).
The network firewall is a common tool used for perimeter-based segmentation. It was originally employed to control the north–south movement of network traffic while permitting any-to-any communication within a segment.
Today, many organizations maintain a variety of network areas with specific functions that require segmentation at numerous network points. In addition, the endpoints the network must support have grown to include numerous endpoint types, each with varying trust levels.
As a result, perimeter-based segmentation is no longer sufficient. With the advent of, for example, cloud, BYOD, and mobile, the perimeter is now blurred with no clear demarcation points. We now require more segmentation, deeper into the network, to achieve better security and network performance. Moreover, with today's east–west traffic patterns, still more network segmentation is needed. This is where network virtualization comes into play, as it takes segmentation to the next level.
In its simplest form, network virtualization is the provisioning of network and security services independent of the physical infrastructure. By enabling network segmentation in the entire network and not just at the perimeter, network virtualization plays a key role in driving efficient network segmentation. In effect, the perimeter-based segmentation that we were used to in the past is now virtualized and distributed — along with flexible, fine-grained security policies — down to each and every segment in the network.