Microsegmentation

Security+ 🏆 • Network Security 🌐 • Security Operations 🛡️ • Difficulty: premium

Definition

Microsegmentation is a security approach that applies very granular network access controls, often at the workload or application level, to restrict which systems can communicate. It reduces lateral movement by enforcing least privilege connectivity, so even systems in the same network segment cannot freely talk to each other.

Examples

Only an application server can connect to its database on a specific port, while all other east-west traffic to the database is blocked.
A data center enforces workload-to-workload policies so two servers on the same subnet cannot communicate unless explicitly allowed.

Discover 🔎

Traditional network segmentation divides environments into zones like user networks and server networks. That helps, but attackers often still move freely inside a zone once they get in. Microsegmentation pushes the same idea further. Instead of trusting everything inside a segment, it limits connectivity down to what each workload actually needs.

This can drastically reduce lateral movement. If a single server is compromised, microsegmentation can prevent the attacker from reaching other servers, even if they share the same subnet.

Remember: Microsegmentation is least privilege for network connections. It limits who can talk to who inside a segment, not just between segments.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.