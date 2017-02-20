The free Micro‐segmentation For Dummies®, VMware Special Edition ebook by Lawrence Miller, CISSP, and Joshua Soto provides a broad overview of micro-segmentation, including how it can help you defend your data center from attack, automating security workflows, as well as steps to getting started.

But before you can get started, you need to understand the essential elements of micro-segmentation, which they explain in Chapter 2:

Micro-segmentation enables organizations to logically divide the data center into distinct security segments down to the individual workload level, and then define security controls and deliver services for each unique segment. This restricts an attacker’s ability to move laterally in the data center, even after the perimeter has been breached — much like safe deposit boxes in a bank vault protect the valuables of individual bank customers, even if the safe has been cracked…. …the network hypervisor is uniquely positioned to provide both context and isolation throughout the SDDC — not too close to the workload where it can be disabled by an attack, and not so far removed that it doesn’t have context into the workload. Thus, the network hypervisor is ideally suited to implement three key elements of micro-segmentation: persistence, ubiquity, and extensibility.

