microsegment.io

segment all the things

Undivided We Fall: Decoupling Network Segmentation from Micro-Segmentation

@alissaknight has published a great article on LinkedIn that talks about the history of segmentation and the use-cases and differences of network segmentation and micro-segmentation.

What i like about the article is that Alissa shows that network segmentation and micro-segmentation can be mutually exclusive, but can also co-exist. They do different things and they have different use-cases, which are also highlighted in the article.

The conclusion though is what i wouldn’t agree to, a Software Defined Perimeter does not solve a lateral movement problem nor will it implement Micro-Segmentation. The underlying problem of having no visibility into what to segment and how to structure your policy so it does not break applications is not solved by moving to another solution.

Posted by     Alexander Goller on Thursday, September 12, 2019

Demystifying the Windows Firewall

A talk by Jessica Payne

What a great talk by Jessica Payne that talks about why network segmentation is so important and how to apply these principles to your host-based Windows Firewall (that you probably never use). It is from 2016 and still true.

Posted by     Alexander Goller on Tuesday, September 10, 2019

Scaling up vs scaling out your security segmentation

Scale-up-vs-scale-out

If you follow discussion on running cloud native, monolithic or more traditional applications you may have stumbled over the terms “scale up“ and “scale out“. Don’t feel bad if you don’t know these, because they were formerly just “vertical scaling“ (scale up) and “horizontal scaling“ (scale out).

What is scale up?

Scale up means, if you have e.g. a server in your datacenter running your database, to make the database faster or have more concurrent client getting served, you would add more hardware to that server and just make it the biggest machine available.

Posted by     Alexander Goller on Monday, September 9, 2019

Segment-O-Pedia

Encyclopedia segmentata

This page is work in progress. If there is something missing feel free to comment or send me a mail.

Posted by     Alexander Goller on Friday, September 6, 2019

Ideas on Segmentation metrics (part two)

Please check out Part one of this series of articles

Metric One: Do you have more than one segment?

This question is, of course, more of a rhetorical question, but there is a point about this one. Of course almost all companies have more than one segment. Most companies use VLANs extensively. We break out DMZs and internal data center LANs of course. Sometimes we use firewall interfaces between those VLANs or segments and treat them as zones.

Posted by     Alexander Goller on Monday, September 2, 2019

avatar

Sales Droid, Security Nerd, Software Developer, Biker, Skier

FEATURED TAGS
attacks containers kubernetes links metrics microsegmentation microservices mitre segmentation zero-trust