What Is Network Segmentation?
Segmentation divides a computer network into smaller parts. The purpose is to improve network performance and security. Other terms that often mean the same thing are network segregation, network partitioning, and network isolation.
How does segmentation work?
Segmentation works by controlling how traffic flows among the parts. You could choose to stop all traffic in one part from reaching another, or you can limit the flow by traffic type, source, destination, and many other options. How you decide to segment your network is called a segmentation policy.
What is an example of segmentation?
Imagine a large bank with several branch offices. The bank’s security policy restricts branch employees from accessing its financial reporting system. Network segmentation can enforce the security policy by preventing all branch traffic from reaching the financial system. And by reducing overall network traffic, the financial system will work better for the financial analysts who use it.
What enforces segmentation policy?
Some traditional technologies for segmentation included internal firewalls, and Access Control List (ACL) and Virtual Local Area Network (VLAN) configurations on networking equipment. However, these approaches are costly and difficult.
Today, software-defined access technology simplifies segmentation by grouping and tagging network traffic. It then uses traffic tags to enforce segmentation policy directly on the network equipment, yet without the complexity of traditional approaches.
What is microsegmentation?
Micro-segmentation uses much more information in segmentation policies like application-layer information. It enables policies that are more granular and flexible to meet the highly-specific needs of an organization or business application.