Data Center Security based on Micro-segmentation

“Protect traffic between VMs up to application level”


The challenge

Data centers are typically protected using perimeter security technologies such as firewalls and IDS/IPS. These products focus north-south traffic, in and out of the data center. While they are very effective protecting the perimeter, they are not built for securing east-west traffic within the data center. This is becoming an issue since east-west traffic could represent 5x the amount of north-south traffic, due to an increasing number of communicating web, application, and database servers. This means that if a malware penetrates the outer security perimeter, it can launch further attacks inside a vulnerable data center.


Strengthening the solution with Qosmos

Micro-segmentation divides the data center into smaller zones which can be protected separately.  The advantage is that in case of a breach, the damage can quickly be contained to a small number of compromised devices. This new approach requires a real-time association between applications and security policies. Therefore, east-west traffic between VMs must be analyzed in real-time, up to the Layer 7 application.

Using your own development resources or with the assistance of Qosmos Professional Services, Qosmos ixEngine can be integrated inside the hypervisor and extend vSwitch visibility from Layer 1-4 all the way up to Layer 7. The vSwitch strengthens access control rules between VMs based on application traffic.



L7 Classifier embedded ixE.png



  • Ready-to-use Layer 7 visibility for developers of data center security products
  • Continuously updated protocols and applications
  • Natively integrated with new virtualized architectures and frameworks (e.g. ODL Group-Based Policy)
  • Enables automated provisioning and move/add/change of policies + quarantine of infected VMs



“All the benefits of Layer 7 visibility in a traditional network architecture open up when adding Layer 7 classification in a virtualized environment: administrators can see traffic based on applications or even components of applications, providing the ability to build a wide variety of security policies.”

Jeff Wilson, Research Director, Cybersecurity Technology, IHS Technology (Infonetics)

IHS Markit Logo

We use cookies to improve and personalize your browsing experience. This site may also include cookies from third parties. By using this site, you consent to the use of cookies. Read more

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.