Back
Micro segmentation vs Network Segmentation

Micro segmentation vs Network Segmentation

Micro segmentation vs Network Segmentation

Over many years, Perimeter security has been considered the key to presenting a robust and secured network ecosystem . This was considered a suitable methodology when the network attacks were not so advanced and North-South traffic was the major traffic type. However, with advancement in technology, new attack types are knocking the doors. Infact, substantial growth in East-West traffic communication across workloads has diverted the attention towards rollout of what we call microsegmentation. In this article we will brief through Network Segmentation and Micro-segmentation and what are their differences.

To start with,  concept of Micro-segmentation logically divides the Data Centre into distinct security segments upto individual workload level. The granularity level at which micro-segmentation works is upto VMs and individual hosts unlike Network Segmentation. Network segmentation creates sub-networks  (using VLANs, Subnets and Security Zones) within the overall network to prevent attackers from moving inside the perimeter and attack the  production workload.

Related – Microsegmentation vs Zero Trust

Microsegmentation works on the notion that by controlling this traffic, you can minimize the risk of security threats and create a zero-trust security model. It requires centralized management and can be applied to individual machines providing a more secure environment without the additional overhead of host-specific configuration. If the centralized management is not used , it would become cumbersome (rather nightmare) to attend the security policies across various VMs or hosts. When it comes to network segmentation, it is not mandatory to perform central management via orchestrators. Infact, Policies in former are pretty granular while in latter, policies are network/ Zone or segment level. Further, policies and permissions for microsementation are based on resource identity

Below are some of key benefits we can achieve via microsegmentation –

  • Enforce granular tier-level segmentation within the same application group. Hence greater security
  • Enforce policy upto Layer 7
  • Critical applications will keep safe, even in the case of a breach at perimeter

On the other hand, Network segmentation provides below benefits –

  • Enforce security at perimeter to protect against entry of attacks.
  • Simpler to implement than Micro-segmentation

Another thing to note here is that microsegmentation requires highly Skilled resources who understand application level visibility to employ Microsegmentation. While medium level of proficiency is required to deploy network based segmentation solution.

Comparison Table: Micro segmentation vs Network Segmentation

Below table enumerates difference between Microsegmentation and Network Segmentation –

Parameter

Micro Segmentation

Network Segmentation

TerminologyMicro-segmentation is used to logically divide the data centre into distinct security segments upto individual workload level.Network segmentation creates sub-networks within the overall network to prevent attackers from moving inside the perimeter and attack the  production workload.
Related terminologiesfirewalls, virtual LANs (VLANs), and access control lists (ACLs)VMs, containers, Cloud, Data Centers
SDN based controlEssentialOptional
Management and controlCentralized. This reduces overhead of managing security for individual hostsNot mandatory to perform central management via orchestrators
PoliciesGranular policiesNetwork/segment level policies
Policy enforcement onSubnets and VLANs.VMs and hosts
Network VirtualizationRequiredNot required
ScopeMore Granular since controls lateral movement across hostsMore on perimeter level and across Zones and subnets
Host to Host communication controlMicrosegmentation can be useful tool in this caseNetwork Segmentation will not be able to control/detect security threat
Traffic path controlEat-West traffic (lateral traffic movement)North-South
Benefits•Enforce granular tier-level segmentation within the same application group. Hence greater security

•Enforce policy upto Layer 7

•Critical applications will keep safe, even in the case of a breach

•Enforce security at perimeter to protect against entry of attacks.

•Simpler to implement than Micro-segmentation

DisadvantagesHigh Skill required including application level visibility to employ Microsegmentation.Less proficient skill requirement for deploying network based segmentation solution

Download the Comparison table.

 

Tag:,

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being - "The more you share, the more you learn."

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that "learning is a constant process of discovering yourself."
- Rashmi Bhardwaj (Author/Editor)

You may also like

Simplifying Power over Ethernet PoE Installation
Simplifying Power over Ethernet PoE Installation
19 November, 2024
Cloudflare – What is it
What is Cloudflare? Working, Uses, Pros & Cons
14 November, 2024
Configure DHCP Relay Traffic to Use SD-WAN Rules
Configure DHCP Relay Traffic to Use SD-WAN Rules
12 November, 2024

Leave A Reply

Your email address will not be published. Required fields are marked *

fourteen + 4 =

Select your currency
USD United States (US) dollar
INR Indian rupee