Microsegmentation and Zero Trust: Introduction
When you implement Zero Trust micro-segmentation, all ingress/egress traffic hitting your virtual NIC cards will be compared against a configured list of firewall policies. The packet will be dropped if there is no rule matching the specific traffic flow. A default deny rule at the end ensures that all unrecognized traffic is denied at the vNIC itself. From a security perspective this is called whitelisting or a positive security model, whereby only things that are specifically allowed are accepted—everything else is rejected.