microsegment.io

segment all the things

The microsegmentation landscape in 2025

Current state and future directions

The Microsegmentation Landscape in 2025: Current State and Future Directions Introduction Microsegmentation has evolved significantly since its early days as a network security approach, becoming a cornerstone of modern zero trust security architectures. As we move through 2025, the microsegmentation landscape continues to mature with new technologies, integration capabilities, and use cases expanding beyond traditional data center environments. This overview examines the current state of microsegmentation, key trends, leading vendors, and future directions.

Posted by "Alex Goller" on Thursday, April 17, 2025

Thoughts on the Attack matrix for Kubernetes

This is just a datacenter

Introduction In a recent blog post Yossi Weizman talks about the Attack matrix for Kubernetes and i had a couple of thoughts about it. As Yossi rightly says, Kubernetes is becoming a vital part in the compute stack of many companies. What i hear in my network and during sessions with IT security teams is that they face new challenges with Kubernetes-based orchestration platforms. The container platforms are also perceived like a black box for traditional networking and IT security folks, so it makes sense to understand the security risks that are inherent to those platforms first.

Posted by "Alexander Goller" on Tuesday, April 14, 2020

The Service Mesh

What Every Software Engineer Needs to Know about the World's Most Over-Hyped Technology

Whenever you hear people speak about containers and container networking, there is a high chance of the Service Mesh coming up as a topic. It is a real hype and while being on the twitters i discovered this great article by William Morgan of @BuoyantIO, the creator of Linkerd. William does a great job of explaining the technology, the use cases, what to use it for and what not and i have a couple of comments to add:

Posted by Alexander Goller on Saturday, November 23, 2019

Mitre ATT&CK and Segmentation

When people think about their strategic IT security projects, they often think of the last incident they were affected of and try to mitigate that, often by using technology only. This is a valid approach and probably is not so wrong, because we often see waves of incidents rolling in, the wannacry wave, other ransomware waves, certain exploit kits or malware waves. So it makes some sense to concentrate on those threats when they happen. Of course you should have done something long before it hit you or other people, but the nature of IT security is that this hardly ever happens.

Posted by Alexander Goller on Friday, November 8, 2019

The importance of outbound policy

Bill Cheswick, a pioneer in internet firewalls got, besides establishing what we today know as the perimeter firewall, famous for the below quote to describe his ideas on perimeter firewalls: A sort of crunchy shell around a soft, chewy center. The quote and metaphor is still used a lot by security professionals around the world, to describe the state of the internal network behind the perimeter firewall. A crunchy shell in the 1990s was exactly the thing you needed to be more secure from the threats found at that time. A lot of it was attacks against servers, buffer and heap overflows on services directly exposed to the internet when not consumed directly from the internet. People could easily DoS or even better, hack, those services. Exposed sendmail servers been a huge target at that time. Everything was exposed and routed, it is hard to imagine today. The perimeter firewall did a great job and shielded the vulnerable services from the evil internet and helped to secure them from the outside world. The internet grew exponentially and threats changed quite significantly and we all know that most threats today focus on endpoints rather than datacenter services as a entry vector.

Posted by Alexander Goller on Tuesday, November 5, 2019