Micro-segmentation, also known as Zero Trust (Forrester), BeyondCorp at Google rejects the traditional perimeter security model in place of a new, trust-less architecture. Any pretense that the perimeter was actually secure has long since been disproved. This eliminates the concepts of “trusted” and “untrusted” networks. Everything is untrusted.
By disabling all network traffic, an “implicit deny,” only specific services or applications are permitted. This is contrary to most
This concept is not new, even if the application of the idea is. Application whitelisting has been around for a decade. By permitting only specific applications to execute on a system overall security can be greatly enhanced. Similar challenges can be encountered when applying a whitelist model to networking. However there are many cases where those challenges are few and the security posture is much improved.
The key elements of micro-segmentation are:
- All connections are untrusted regardless of location
- Implicit denial of network access for all but essential traffic
- Inspect and log everything