A glimpse of how three microsegmentation products work, key features, and differentiators. Credit: Getty Images Interest in microsegmentation is growing rapidly. Vendors are stepping forward to help enterprises update their infrastructure security to prevent catastrophic intrusions and data thefts. Here’s a look at three microsegmentation market players, showing what they offer, how they work and the ways they differ. Edgewise Networks zero-trust environment Product name: Edgewise Zero Trust Segmentation What it does: Edgewise takes the position that address-based controls aren’t sufficient to protect enterprise assets, particularly in cloud environments where security teams have only limited control over the network. The company says it’s the only vendor to offer a zero-trust platform that microsegments data and applications via a cryptographic identity fingerprint instead of with traditional address-based controls. Key features: Edgewise promises to eliminate unnecessary communication paths and shrink attack surfaces by more than 90%. The product automatically creates a compressed set of policies that enable organizations to build zero trust security. Users can review policies created by machine learning and simulate their effects prior to enforcement. As a network overlay, there’s no need for major architectural changes. Differentiation: Promises to place protection as close to data as possible. Application-aware policies travel with all applications and services to limit potential compromises to the affected asset, not the entire network. The product automatically identifies all communicating software and suggests zero-trust policies, which can be applied with a single click. VMware takes agentless approach Product name: VMware NSX What it does: VMware NSX is a networking and security platform that’s designed to deliver infrastructure microsegmentation across the entire data center. Adopters can prevent unauthorized lateral movements by using VMware NSX’s microsegmentation capabilities to define and enforce network security policies consistently on any workload hosted anywhere within their environment. Security policies are applied whenever a virtual machine spins up, can be moved when a VM is migrated, and removed when a VM is deprovisioned. NSX secures communication within a virtual network with flexible security policies that are designed to reflect business logic and workflows. Beyond using IP addresses, NSX policies incorporate identifiers such as virtual machine name, virtual network and OS. Key features: An agentless approach that supports layer 7 security policies. A single management pane. The ability to lock down critical apps. Users can create a logical DMZ in software. Flexible security policies are aligned to virtual network, VM, OS type and dynamic security tags for granularity of security down to the virtual NIC. Differentiation: Microsegmentation is provided as part of an integrated networking and security platform; agentless technology. ShieldX Networks emphasizes automation Product name: ShieldX Elastic Security Platform What it does: ShieldX’s microservices platform combines network-based security with application and infrastructure technologies. The product’s automated approach is designed to ensure that microservices are inserted only when and where they are needed. Microservices are inserted directly into infrastructures, allowing for automated intent-based security policies. Security features and microsegmentation can be scaled on demand to support business innovation, meet compliance requirements and protect organizations against the latest cyberattack methods. The product is also designed to ensure that no workloads in hybrid or multi-cloud environments are more vulnerable than others. Key features: Offers the ability to create policies using a machine-learning algorithm. Microservices can be upgraded without disrupting network traffic. A Global Threat Configuration display presents the total number of threats along with detailed information. An Event Explorer feature lets users deny connections and build zero trust policies. Visualization maps provide the ability to tie applications to view specific vulnerabilities and suggested protections. Differentiation: An automated infrastructure with security features and applications is designed to ensure that agents are inserted when and where they are needed. Microsegmentation scaling on demand. Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe