I will first admit, that the term microsegmentation is very badly chosen. All the available solutions will be able to segment things. Granularity is where the term microsegmentation comes in.
Network infrastructure based segmentation
- Cisco ACI
- Juniper
- Firewalls
a note on firewall vendors
A lot of work is required to do finer grained segmentation with firewalls and switches because of the nature of these things. Firewalls and switches are built to divide a network into zones, not into individual workloads or even services. Therefore it will be hard to get anything finer grained done with a firewall unless you are willing to physically or virtually move things to the right zone or interface.
Hypervisor based segmentation
- VMWare NSX
- Nutanix
Host based segmentation
- Illumio
- Guardicore
- many other products, partly specializing in just this or just that
Policy management vendors
A lot of policy management software vendors hop on the microsegmentation train. I will list the ones i know:
- Tufin
- AlgoSec
I am not convinced of the value of using network firewalls as a enforcement point for doing fine grained segmentation, the above companies should at least make that daunting task a bit easier by orchestrating them to at least have one policy across all your firewalls.
more niche players
- vArmour
- Edgewise networks
- Colortokens
- ShieldX