microsegment.io

segment all the things

Scaling up vs scaling out your security segmentation

Scale-up-vs-scale-out

If you follow discussion on running cloud native, monolithic or more traditional applications you may have stumbled over the terms “scale up“ and “scale out“. Don’t feel bad if you don’t know these, because they were formerly just “vertical scaling“ (scale up) and “horizontal scaling“ (scale out).

What is scale up?

Scale up means, if you have e.g. a server in your datacenter running your database, to make the database faster or have more concurrent client getting served, you would add more hardware to that server and just make it the biggest machine available.

Posted by     Alexander Goller on Monday, September 9, 2019

Ideas on Segmentation metrics (part two)

Please check out Part one of this series of articles

Metric One: Do you have more than one segment?

This question is, of course, more of a rhetorical question, but there is a point about this one. Of course almost all companies have more than one segment. Most companies use VLANs extensively. We break out DMZs and internal data center LANs of course. Sometimes we use firewall interfaces between those VLANs or segments and treat them as zones.

Posted by     Alexander Goller on Monday, September 2, 2019

Ideas on segmentation metrics (part one)

What you measure is what you get

If you are like me and live and breath IT or IT security, the above statement probably does not ring a bell and you don’t realize the source of this. It is from a person called Robert. S. Kaplan who developed something you may have heard of, the balanced scorecard.

I will not dig into economics, because we are not in business school, but the essence of the scorecard is that you need metrics on which you can measure success or failure to be successful or be able to reach your objectives.

Posted by     Alexander Goller on Thursday, August 22, 2019

A short history of segmentation

The ethernet timeline

Let’s start this with quoting wikipedia on what network segmentation is according to a encyclopedia.

Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for boosting performance and improving security.

How did this start?

First ethernet draft

Some of the readers might actually be old enough to remember how local area networks started out in the early 90s.

Posted by     Alexander Goller on Monday, August 19, 2019

avatar

Sales Droid, Security Nerd, Software Developer, Biker, Skier

FEATURED TAGS
attacks containers kubernetes links metrics microsegmentation microservices mitre segmentation zero-trust