GigaOm Radar for Microsegmentationv1.0

1. Executive Summary

Microsegmentation solutions define and enforce per-entity communications policies. In this context, an entity can be any information technology (IT) or operational technology (OT) resource that processes and stores data. Entities can range from workloads hosted in the cloud to containers running in an on-premises data center, as well as OT systems, applications, services, and end-user devices. By defining policies for single entities, microsegmentation becomes a key technology for enforcing least privilege access.

While the concept of isolating individual entities is simple, two requirements of today’s microsegmentation solutions make them much more nuanced and complex:

1. Microsegmentation policies are always applicable to interaction between two entities: every entity is isolated from others, and depending on the identity of the “from” entity, policies will look different. For example, administrators may want to block all traffic from a category of workloads and only allow traffic on a specific port from others. If we’re isolating entity A, we need to consider the policies between A and B, A and C, and so on.
2. All entities are subject to microsegmentation. In heterogeneous environments, this makes microsegmentation exercises very complex because different underlying technologies require different types of policies. For example, the way containers communicate with each other is different from the way a developer accesses a server, so a solution supporting both instances must develop use case-specific features.

The scope for microsegmentation is enormous, and while all the vendors featured in this report offer microsegmentation capabilities, they employ different approaches. For example, some vendors have developed purpose-built microsegmentation products with an architecture that is applicable across as many use cases as feasible. Others have created purpose-built solutions that focus on specific goals. Other vendors offer solutions that are part of the networking and virtualization stack, and they enforce microsegmentation from that vantage point. For IT buyers, the decision criteria defined below are indicative rather than prescriptive about what a solution needs to support.

This is our first year evaluating the microsegmentation space in the context of our Key Criteria and Radar reports. This GigaOm Radar report examines 13 of the top microsegmentation solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading microsegmentation offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.