Gartner defines microsegmentation as the ability to insert a security policy into the access layer between any two workloads in the same extended data center. Microsegmentation technologies enable the definition of fine-grained network zones, down to individual assets and applications. Core capabilities include: - Flow mapping, which is the ability to gather and show North/South and East/West traffic flows and use them in the policy definition (it can present this data in a visual manner) - Workload isolation, which is isolation from other workloads based on security policy - Policy enforcement, including the definition of rules based on different factors - The ability to deploy in the virtualized and infrastructure as a service environments Some of the most frequent optional capabilities of microsegmentation technologies include: - Automation of the deployment as part of a continuous integration/continuous deployment (CI/CD) pipeline - Integration with cloud infrastructure to ease deployment, enforce rules or automate policy updates when new assets are deployed - Asset discovery: adjacent to the flow mapping, microsegmentation tools can show more advanced context for the assets - Policy recommendation engine: complementary to the asset discovery, microsegmentation technology can suggest policy rules to authorize discovered flows - Threat detection: based on threat intelligence, layer seven protocol inspection and anomaly detection - Interoperability through direct integration with third-party products, such as a firewall, and hardware, such as switches and routers - Internet of Things (IoT)/operational technology (OT) coverage — the solution supports microsegmentation for IoT/OT infrastructure - Kubernetes/Container coverage — the solution supports microsegmentation for containers/K8s
VA solutions identify, categorize and prioritize vulnerabilities as well as orchestrate their remediation or mitigation. Their primary focus is vulnerability and security configuration assessments for enterprise risk identification and reduction, and reporting against various compliance standards. VA can be delivered via on-premises, hosted and cloud-based solutions, and it may use appliances and agents. Core capabilities include: - Discovery, identification and reporting on device, OS, software vulnerabilities and configuration against security-related criteria - Establishing a baseline for systems, applications and databases to identify and track changes in state - Reporting options for compliance, control frameworks and multiple roles Standard capabilities include: - Pragmatic remediation prioritization with the ability to correlate vulnerability severity, asset context and threat context that then presents a better picture of true risk for your specific environment - Guidance for remediating and configuring compensating controls - Management of scanner instances, agents and gateways - Direct integration with, or API access to, asset management tools, workflow management tools and patch management tools