Micro-Segmentation and Software-Defined Perimeters
Design network micro-segments that limit lateral movement and learn how software-defined perimeters make internal resources invisible to unauthorized users.
Why Flat Networks Are Dangerous
In a flat network, once an attacker gains access to one endpoint, they can communicate freely with almost every other system. This enables rapid lateral movement — the technique attackers use to pivot from a compromised workstation to sensitive servers, domain controllers, and data stores. Micro-segmentation directly addresses this by dividing the network into small, isolated zones.
What Is Micro-Segmentation?
Micro-segmentation divides the network into fine-grained segments where workloads communicate only with explicitly authorized peers. Unlike traditional VLANs that segment at a coarse level, micro-segmentation applies policies at the workload or application level — often down to individual containers or virtual machines. Traffic is denied by default, and only permitted flows are explicitly allowed.
All lessons in this course
- Zero Trust Principles: Never Trust, Always Verify
- Micro-Segmentation and Software-Defined Perimeters
- Identity as the New Perimeter: Conditional Access
- Zero Trust Maturity Model and Migration Planning