implementing-microsegmentation-with-guardicore

# Implementing Microsegmentation with Guardicore ## When to Use - When implementing east-west traffic controls to prevent lateral movement within data centers - When needing application-level visibility into network communication patterns before writing segmentation policies - When segmenting workloads across heterogeneous environments (VMs, containers, bare metal, cloud) - When compliance frameworks (PCI DSS, HIPAA) require network segmentation validation - When deploying zero trust at the network layer with process-level granularity **Do not use** for perimeter-only security (use traditional firewalls), for environments with fewer than 50 workloads where VLANs/security groups suffice, or when network team lacks capacity for ongoing policy management. ## Prerequisites - Akamai Guardicore Segmentation license (Enterprise or Premium) - Guardicore Management Server deployed (on-prem or SaaS) - Agent deployment access to target workloads (Linux, Windows, Kubernetes) - Network visibility: SPAN/TAP ports or VPC flow logs for agentless collection - Application owner engagement for dependency validation ## Workflow ### Step 1: Deploy Guardicore Agents on Workloads Install agents to collect process-level network communication data. ```bash # Linux agent installation curl -sSL https://management.guardicore.com/api/v3.0/agents/download/linux \ -H "Authorization: Bearer ${GC_API_TOKEN}" \ -o gc-agent-installer.sh chmod +x gc-agent-installer.sh sudo ./gc-agent-installer.sh \...