What Is Micro-Segmentation?

Micro-segmentation creates secure zones across cloud and data center environments to isolate application workloads from one another and secure them individually. With micro-segmentation, firewall policies limit east-west traffic between workloads based on a zero-trust security approach to reduce attack surfaces, prevent the lateral movement of threats to contain breaches, and strengthen regulatory compliance.  Micro-segmentation is also referred to as application segmentation or east-west segmentation in a multicloud data center. 

Contact Cisco

  • Get a call from Sales
  • Call Sales:
  • 1-800-553-6387
  • US/CAN | 5am-5pm PT
  • Product / Technical Support
  • Training & Certification

How does micro-segmentation work?

Micro-segmentation secures applications by expressly allowing particular application traffic and, by default, denying all other traffic. Micro-segmentation is the foundation for implementing a zero-trust security model for application workloads in the data center and cloud.

What are the primary challenges with implementing micro-segmentation?

Micro-segmentation is the implementation of granular firewall policy controls using the host workload firewall as the enforcement point across any workload type (virtual machines, bare metal servers, containers). Policy lifecycle management is the most challenging part of implementing an effective micro-segmentation policy that adapts to support changes to your applications and your business. You begin at the macro level and continually refine through policy automation, leveraging application and workload context and behavior.

What can micro-segmentation do that a firewall cannot?

Micro-segmentation is implemented as granular firewall policies at the application workload level. Granular east-west policy control provides a scalable way to create a secure perimeter zone around each workload with consistency across different workload types and environments. This enhances and extends the visibility and control from network or zone-based firewalls.

Benefits of micro-segmentation

Reduce your attack surface

As organizations virtualize their on-premises data centers and adopt cloud environments, their network perimeters vanish and attack surfaces increase. Workloads, automation, and API-based attacks become new threat vectors. Micro-segmentation uses an allow-list model to significantly reduce this attack surface across different workload types and environments.

Protect critical applications

Micro-segmentation helps you gain better threat visibility and enforcement for critical workloads and applications across different platforms and environments, limiting lateral movement of a security incident from one compromised VM, service, or container to another.

Achieve regulatory compliance

Micro-segmentation allows for better security and ensures compliance for applications with regulatory mandates. Granular visibility and control over sensitive workloads demonstrate proper security and data separation to simplify audits and document compliance.

Get started

Related network security topics