Network Segmentation
What is Network Segmentation?
Network SegmentationThe practice of splitting a network into multiple zones with controlled traffic between them to contain breaches and enforce least privilege.
Network segmentation partitions a flat enterprise network into smaller security zones — for example user, server, OT, payment, and management VLANs — each with its own access policy on a firewall, router ACL, or SDN controller. By limiting east-west traffic and forcing it through inspection points, segmentation contains lateral movement, reduces the scope of compliance audits, and supports least-privilege design. Segments are typically aligned with data sensitivity, business function, or trust level, and access between them is granted explicitly rather than by default. Segmentation is foundational for ransomware resilience, PCI DSS scoping, and zero trust architectures.
● Examples
- 01
Isolating PCI-scope cardholder systems into a dedicated VLAN behind a stateful firewall.
- 02
Separating OT/SCADA networks from corporate IT with strictly controlled jump hosts.
● Frequently asked questions
What is Network Segmentation?
The practice of splitting a network into multiple zones with controlled traffic between them to contain breaches and enforce least privilege. It belongs to the Network Security category of cybersecurity.
What does Network Segmentation mean?
The practice of splitting a network into multiple zones with controlled traffic between them to contain breaches and enforce least privilege.
How do you defend against Network Segmentation?
Defences for Network Segmentation typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Network Segmentation?
Common alternative names include: Network zoning, Segmented network.