Micro-segmentation For Dummies VMWare

Introduction

Traditional approaches to securing data centers have focused on strong perimeter defenses to keep threats on the outside of the network — not unlike castle defenses during medieval times! Towering castle walls were fortified with battlements and bastions, and access was controlled with a firewall — uh, drawbridge. For an attacking force, breaching the perimeter and gaining entry to the castle was the key to victory. Once inside the castle, defenses were practically nonexistent, and the attackers were free to burn and pillage!

However, this model is ineffective for handling today’s new and evolving threats — including advanced persistent threats (APTs) and coordinated attacks. What’s needed is a more modern, sophisticated approach to data center security:
one that assumes threats can be anywhere — and are probably
everywhere — and then acts accordingly.

Micro-segmentation
not only adopts such an approach, but also delivers the operational agility of network virtualization that is foundational to a modern software-defined data center.

Cyber threats today are coordinated attacks that often include months of reconnaissance, vulnerability exploits, and “sleeper” malware agents that can lie dormant until activated by remote control. Despite increasing types of protection at the edge of data center networks — including firewalls, intrusion prevention systems, and network-based malware detection — attacks are succeeding in penetrating the perimeter,
and breaches continue to occur.