Microsegmentation
What is Microsegmentation?
MicrosegmentationA fine-grained form of segmentation that applies allow-list policies between individual workloads or applications, often via host or hypervisor enforcement.
Microsegmentation pushes the segmentation boundary down to the workload, container, or process level, using identity-aware policies rather than IP-based ACLs. Enforcement points are typically distributed at the hypervisor, cloud security group, eBPF/host firewall, or service mesh layer, allowing default-deny east-west policies that follow the workload wherever it runs. Because policies are tied to logical identity (labels, service accounts, namespaces), they survive autoscaling, IP changes, and cloud migrations. Microsegmentation is a key enabler of zero trust by removing the assumption that intra-network traffic is implicitly trusted.
● Examples
- 01
Allowing only the "checkout" service to call the "payments" service inside a Kubernetes cluster via mTLS and a service-mesh policy.
- 02
Hypervisor-enforced rules that prevent two VMs in the same VLAN from talking to each other.
● Frequently asked questions
What is Microsegmentation?
A fine-grained form of segmentation that applies allow-list policies between individual workloads or applications, often via host or hypervisor enforcement. It belongs to the Network Security category of cybersecurity.
What does Microsegmentation mean?
A fine-grained form of segmentation that applies allow-list policies between individual workloads or applications, often via host or hypervisor enforcement.
How do you defend against Microsegmentation?
Defences for Microsegmentation typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Microsegmentation?
Common alternative names include: Micro-segmentation, Workload segmentation.