Software-defined segmentation creates a decision point regarding whether a packet should be permitted through that network. This protection is enforced for all traffic in the CryptoniteNXT network, even traffic between two devices connected to the same switch, subnet, and VLAN. This policy enforcement point minimizes exposure and contains attacks while allowing legitimate communications to take place.
At a per-user and per-service level, CryptoniteNXT decides at line speed whether a given packet needs to be permitted through the network. Every packet not delivered to the endpoint prevents malicious packets from ever reaching a protected endpoint. As with MTD, this protection is fully configurable with a simple migration to place CryptoniteNXT into your network without disruption.