Security·2024·Network Security Engineer
Zero-Trust Segmentation
Rolled out identity-based micro-segmentation across a data center without disrupting live workloads.
[ segmentation map — hero image ]
Overview
A flat data-center network meant a single compromised host could reach everything. Leadership wanted least-privilege access between workloads.
The challenge
Segmentation traditionally means downtime and broken dependencies. We had to map thousands of undocumented east-west flows first.
The approach
I used flow telemetry to build a real dependency map, then enforced identity-based policy with Cisco ISE and TrustSec, rolling out in monitor-mode before enforcing.
Results
Lateral movement is now contained by policy, audit scope shrank dramatically, and new workloads inherit segmentation automatically at onboarding.