Network microsegmentation is foundational to zero-trust architectures. In a microsegmented model, the network knows which systems are allowed to talk to which other systems, in which ways and under what circumstances. Network microsegmentation allows sanctioned traffic to pass, allows each network node to see only what it needs to talk to or listen to and hides the rest. …
In an SDN environment, some of this processing can be done using data plane devices as distributed policy enforcement points. Network functions virtualization (NFV) offers further help to the service provider implementing zero-trust models by making it easier to put security processing in virtual network function (VNF) packages and download it as needed to compute nodes immediately preceding or following (proximate) to the traffic being processed.
Read more at TechTarget