The topic of segmentation has always had great appeal to IT and security professionals as it allows an open “everything talks to everything” environment to be shifted to one with secure “zones” where devices can’t see any other unless specifically permitted. Historically, businesses tried using virtual local area networks (VLAN) and access control lists (ACL) and those worked in static environments, but as businesses have become increasingly more dynamic, those methods proved too slow to scale.
Then along came software-based solutions that did two things to make large-scale segmentation possible. First, by doing it in software, segmentation becomes dynamic so policies can follow devices. For example, with VLANs, if the company has a policy to put all medical devices in “Zone A” and the endpoints moves outside of where the zone is defined, the network would need to be reprogrammed. With software segmentation, the policy follows the device so it’s easier to implement segmentation in highly dynamic businesses.
Copyright 2017 NETWORKFIGHTS.COM