the microsegment

segment all the things

Implementing Sensible Network Segmentation

Packet Pushers Tech Bytes about Network Segmentation with Tufin A new week, a new Tech Bytes Packet Pushers podcast. This time Tufin markets their policy management, which was a interesting show, but i have some comments. i think it’s a valid point to say that automated firewall policy management can make a business more agile, especially considering how long the change process normally takes and how we do it today the whole point about understanding the topology sounds like this is really very slow to implement it’s hard to get any visibility from what i hear and how i understand the Tufin platform Zoning or very wide segmentation is nice, but what you really want is to be able to do finer grained segmentation without modifying or rearchitecting the network relying on hardware firewalls will never be able to free you from the constraints of those devices, especially throughput limits, the hardware cycle that will just happen every three or five years and the inability of a firewall to really be point to point and not zone to zone i would assume that the integration of this is very hard, thanks god it is usually owned by just one team, but what about outsourcers and system integrators?

Sage Data Security on why network segmentation is important

Nice article from Sage Data Security on why network segmentation is important.

8 Microsegmentation pitfalls to avoid

I read a nice article by Ericka Chickowski on Darkreading the other day. The article gives some great guidance on what to do and not to do when starting your segmentation journey. Here are some comments. The practice of microsegmentation takes the principles of least privilege to their logical conclusion by atomizing the isolating techniques of network segmentation. Security architects use microsegmentation to create security boundaries that can extend all the way into individual workloads by controlling East-West, or server-to-server, traffic flows between applications.

Undivided We Fall: Decoupling Network Segmentation from Micro-Segmentation

@alissaknight has published a great article on LinkedIn that talks about the history of segmentation and the use-cases and differences of network segmentation and micro-segmentation. What i like about the article is that Alissa shows that network segmentation and micro-segmentation can be mutually exclusive, but can also co-exist. They do different things and they have different use-cases, which are also highlighted in the article. The conclusion though is what i wouldn’t agree to, a Software Defined Perimeter does not solve a lateral movement problem nor will it implement Micro-Segmentation.

ACT IAC on Zero Trust trends

The American Council for Technology-Industry Advisory Council (ACT-IAC), a non commercial organisation for creating a more innovative government published a paper on Zero Trust I would recommend this paper for anybody remotely thinking about Zero Trust, be it because you start thinking about introducing it or because it is just one of those trends that you want to catch up on. There is a huge amount of truth and knowledge in this document and it is not having any marketing in it.

Microservices and microsegmentation

Microsegmentation and microservices found this article on DZone and wanted to quickly share my thoughts on it. “Micro is big these days” - This statement is from a article showing the similarities and differences between microservices and microsegmentation. Of course we all know the differences, but we might have never thought about the similarities between the two approaches. Microservices are about dissecting applications to smaller units and run those units independently instead of running them in a monolithic application.