Prevent Breaches with Micro Segmentation

Michael Vizard at discusses the rising trend of using software defined networking/network virtualization to increase network security. Though most SDN deployments have been focused on automation/orchestration of tedious network tasks, many SDN tools have a much better security architecture than traditional networking products. VMware’s NSX is a datacenter SDN product that is spear heading the “micro segmentation” architecture. Segmenting the networks by application or service reduces the attack surface to the individual application or service exposed. It implicitly denies all other traffic in that segment. Trustgrid’s architecture is very similar for the WAN but extends it even further. Only traffic authenticated with a certificate is permitted on the network at all. Then only traffic on specified ports and between authorized nodes is permitted. The Cloud Secure Alliance called software defined perimeters like Trustgrid “unhackable” for these reasons.