GigaOm Key Criteria for Evaluating Microsegmentation Solutionsv1.0

1. Executive Summary

Microsegmentation solutions isolate single entities on networks by restricting inbound traffic, minimizing a malicious actor’s potential for lateral movement. A more efficient take compared to firewall-based network segmentation, microsegmentation provides administrators granular control over the allowed and restricted traffic at a workload level. This means they don’t need to define overly permissive policies to ensure all entities in a segment can be accessed.

Modern applications are distributed. They’re deployed both on-premises and in the cloud, or across multiple clouds, and critical workloads are no longer tidily kept in the data center where they can be protected by a perimeter firewall.

We use the term “entity” to describe any part of an IT environment that can process and store data. These can be virtual machines (VMs), servers, containers, cloud-based services, applications, end-user devices, and the like. Each entity type requires a different approach. For example, microsegmentation at a container level may have to be defined at the container networking interface level, either by running an agent in a sidecar container or by running an agent in the container image, whereas defining a microsegment for a VM may entail an agent running on the hypervisor or on the guest operating system.

Microsegmentation became its own category of solutions when enterprises experienced difficulties minimizing lateral movement and blast radius using firewall-based segmentation. Whether they’re physical or virtual, deploying, configuring, and maintaining firewalls is expensive and resource-intensive. Having a firewall isolate every entity or group of entities necessary is also excessive, especially when the required policies would be simple, such as blocking a port.

The lowest-hanging architectural fruit to replace firewall-based segmentation was to deploy firewall-like agents on the host. These agents provide very good granular control over the incoming and outgoing traffic, but they need to be individually managed and consume the host’s resources. As such, most solutions today have gravitated toward an agentless approach, by which solutions orchestrate existing infrastructure to enforce policies.

Business Imperative
Microsegmentation is a core component for any organization that wants to adopt a zero-trust security model. It is the defining technology that controls workload-to-workload policies, while also being suitable for user-to-workload use cases.

Microsegmentation assumes security breaches are imminent and encourages administrators to design a suite of preventative measures to minimize damage. Instead of creating very strong perimeters that, once breached, mean game over, microsegmentation assumes any entity can be compromised, but malicious actors have no possibility of accessing any other data or service.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of a microsegmentation solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a microsegmentation solution, we provide an overall Sector Adoption Score (Figure 1) of 3.8 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a microsegmentation solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for microsegmentation are explained in more detail in the Sector Brief section that follows.

Figure 1. Sector Adoption Score for Microsegmentation

This is the first year that GigaOm has reported on the microsegmentation space in the context of our Key Criteria and Radar reports. This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective microsegmentation solution. The companion GigaOm Radar report identifies vendors and products that excel in those capabilities and metrics. Together, these reports provide an overview of the market, identify leading microsegmentation offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.