microsegment.io

segment all the things

Ideas on Segmentation metrics (part three)

Please check out Part one and part two of this series

Continuing our series about metrics for segmentation, there are a couple more angles how you can measure the effectiveness of your segmentation.

Posted by     Alexander Goller on Wednesday, October 2, 2019

8 Microsegmentation pitfalls to avoid

I read a nice article by Ericka Chickowski on Darkreading the other day. The article gives some great guidance on what to do and not to do when starting your segmentation journey. Here are some comments.

The practice of microsegmentation takes the principles of least privilege to their logical conclusion by atomizing the isolating techniques of network segmentation. Security architects use microsegmentation to create security boundaries that can extend all the way into individual workloads by controlling East-West, or server-to-server, traffic flows between applications. The bulkheads put up through microsegmentation make it possible to better limit lateral movement of attackers, even in a cloudy world with no perimeter.

Posted by     Alexander Goller on Monday, September 30, 2019

The incomplete ITSA 2019 guide to segmentation

Next week it is the ITSA 2019 in Nuremberg and i thought it will be good to give you high priests of segmentation a overview of the companies exhibiting their solutions for segmentation and microsegmentation there.

Illumio

This one is special, because you will have the chance to meet me personally presenting the power of host-based microsegmentation to you for the three days of ITSA 2019. Feel free to come by and ask me anything about Illumio, this site or really anything that comes up.

Posted by     Alexander Goller on Monday, September 30, 2019

Microservices and Microsegmentation

Cohabitation is a good thing

The thing to remember is that just because dev has decided to leverage microservices does not in turn mean that the network somehow magically becomes microsegmented or that if microsegmentation is used to optimize the network service architecture that suddenly apps become microservices. Microsegmentation can be used to logically isolate monolithic applications as easily as it can microservices.

Article from DZone

“Micro is big these days” - The below statement is from an article showing the similarities and differences between microservices and microsegmentation. Of course we all know the differences, but we might have never thought about the similarities between the two approaches.

Posted by     Alexander Goller on Monday, September 16, 2019

Undivided We Fall: Decoupling Network Segmentation from Micro-Segmentation

@alissaknight has published a great article on LinkedIn that talks about the history of segmentation and the use-cases and differences of network segmentation and micro-segmentation.

What i like about the article is that Alissa shows that network segmentation and micro-segmentation can be mutually exclusive, but can also co-exist. They do different things and they have different use-cases, which are also highlighted in the article.

The conclusion though is what i wouldn’t agree to, a Software Defined Perimeter does not solve a lateral movement problem nor will it implement Micro-Segmentation. The underlying problem of having no visibility into what to segment and how to structure your policy so it does not break applications is not solved by moving to another solution.

Posted by     Alexander Goller on Thursday, September 12, 2019

avatar

Sales Droid, Security Nerd, Software Developer, Biker, Skier

FEATURED TAGS
attacks containers kubernetes links metrics microsegmentation microservices mitre segmentation zero-trust