Hubbry Logo
Network segmentationNetwork segmentationMain
Open search
Network segmentation
Community hub
Network segmentation
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
Network segmentation
Network segmentation
Network segmentation
View on Wikipedia
from Wikipedia

Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for boosting performance and improving security.

Advantages

[edit]
  • Reduced congestion: On a segmented network, there are fewer hosts per subnetwork and the traffic and thus congestion per segment is reduced
  • Improved security:
    • Broadcasts will be contained to local network. Internal network structure will not be visible from outside.
    • There is a reduced attack surface available to pivot in if one of the hosts on the network segment is compromised. Common attack vectors such as LLMNR and NetBIOS poisoning can be partially alleviated by proper network segmentation as they only work on the local network. For this reason it is recommended to segment the various areas of a network by usage. A basic example would be to split up web servers, databases servers and standard user machines each into their own segment.
    • By creating network segments containing only the resources specific to the consumers that you authorise access to, you are creating an environment of least privilege[1][2]
  • Containing network problems: Limiting the effect of local failures on other parts of network
  • Controlling visitor access: Visitor access to the network can be controlled by implementing VLANs to segregate the network

Improved security

[edit]
Further information: Cybersecurity standards and Computer security

When a cyber-criminal gains unauthorized access to a network, segmentation or “zoning” can provide effective controls to limit further movement across the network.[3]

Standards provide guidance on creating clear separation of data within the network, examples are:

For example separating the network for Payment Card authorizations from those for Point-of-Service (till) or customer Wi-Fi traffic. A sound security policy entails segmenting the network into multiple zones, with varying security requirements, and rigorously enforcing the policy on what is allowed to move from zone to zone.[4]

Controlling visitor access

[edit]

Finance and Human Resources typically need access via their own VLAN to their application servers because of the confidential nature of the information they process and store. Other groups of personnel may require their own segregated networks, such as server administrators, security administration, managers and executives.[5]

Third parties are usually required to have their own segments, with different administration passwords to the main network, to avoid attacks via a compromised, less well protected, third party site.[6][7]

Means of segregation

[edit]

Segregation is typically achieved by a combination of firewalls and VLANs (virtual local area networks). Software-defined networking (SDN) can allow the creation and management of micro-segmented networks.

See also

[edit]

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Network segmentation

View on Grokipedia
from Grokipedia
Network segmentation is a fundamental cybersecurity practice that involves dividing a large into smaller, isolated subnetworks or segments, each functioning as its own distinct entity to control , monitor communications, and limit the potential spread of threats. This approach enhances overall by restricting unauthorized access and lateral movement of or attackers, while also improving performance by reducing congestion and broadcast domains. By implementing segmentation, organizations can isolate sensitive assets, such as operational technology (OT) systems from information technology (IT) networks, thereby protecting critical infrastructure from vulnerabilities in less secure areas. Key benefits include easier detection and containment of malicious activity, reduced compliance scope for regulated environments like payment processing, and granular access controls that align with zero trust architectures. Segmentation is typically enforced through devices such as firewalls, access control lists (ACLs), virtual local area networks (VLANs), and routers, with policies defining allowable traffic based on criteria like source, destination, or application type. Modern implementations often incorporate microsegmentation, a more advanced form that applies security policies at the or application level within data centers or environments, providing finer-grained isolation than traditional methods. This technique is particularly vital in hybrid and multi- setups, where it supports secure operations by verifying every access request regardless of network location. As cyber threats evolve, network segmentation remains a core defensive strategy recommended by authoritative bodies to mitigate risks like and insider threats. In 2025, agencies such as CISA have further emphasized microsegmentation within zero trust frameworks to counter emerging challenges including AI-enhanced attacks.

Fundamentals

Definition and Purpose

Network segmentation is the practice of dividing a into smaller, isolated subnetworks or segments to enhance control, , and operational efficiency. This approach treats each segment as a distinct , allowing for targeted of and resources while minimizing the of widespread disruptions or unauthorized access across the entire network. The primary purposes of network segmentation include limiting the lateral movement of threats within a network, enforcing granular access controls, optimizing by reducing congestion in shared infrastructures, and facilitating compliance with regulatory standards such as PCI DSS and GDPR. By isolating sensitive data environments, it reduces the scope of audits and potential breach impacts, aligning with requirements for protecting cardholder data under PCI DSS and personal data processing under GDPR. At its core, network segmentation operates on the principle of least privilege applied to network , ensuring that communication between segments is restricted unless explicitly authorized. This isolation is achieved through defined boundaries that enforce policies limiting data exchange, thereby containing potential incidents and supporting Zero Trust architectures. Key foundational concepts include subnets, which logically partition spaces to separate , and VLANs, which enable virtual isolation within physical networks without requiring dedicated hardware.

Historical Development

Network segmentation emerged in the and as networks transitioned from isolated mainframes to interconnected systems, where physical separation was employed to control access and manage resources in early wide area networks like and nascent local area networks (LANs). , activated in 1969 and expanding through the , relied on packet routing to direct traffic between nodes, laying foundational concepts for dividing network traffic, though initial implementations focused on physical isolation to secure mainframe communications amid limited connectivity. By the , the introduction of bridges and routers in LANs enabled more deliberate physical segmentation, allowing administrators to partition traffic and limit broadcast domains in growing enterprise environments. The 1990s marked a pivotal shift toward scalable segmentation with the adoption of virtual local area networks (VLANs) on Ethernet switches, enabling logical division of networks without additional hardware. This was formalized by the standard in 1998, which introduced frame tagging to support multiple VLANs on a single physical infrastructure, significantly enhancing broadcast control and security in expanding corporate networks. Entering the 2000s, rising cyber threats accelerated segmentation's integration with security tools; the Code Red worm, which infected over 359,000 systems in July 2001 by exploiting IIS vulnerabilities, underscored the need for firewalls to enforce boundaries and intrusion detection/prevention systems (IDS/IPS) to monitor segmented zones, prompting widespread adoption of layered defenses. The 2010s saw a profound from predominantly physical to logical segmentation methods, driven by technologies that isolated workloads on shared hardware and the proliferation of , which demanded dynamic, software-defined partitioning in distributed architectures. In the 2020s, high-profile breaches like the in 2020, which affected up to 18,000 organizations through trojanized software updates with adversaries further targeting around 200 for exploitation, intensified focus on zero-trust models that treat segmentation as continuous verification rather than static perimeters. This was supported by influential standards, including NIST Special Publication 800-207 in 2020, which outlined zero trust architecture principles emphasizing explicit policy enforcement across network segments. Concurrently, the 2022 revision of ISO/IEC 27001 incorporated explicit controls for network segregation in Annex A 8.22, mandating separation of networks based on needs to mitigate risks in modern hybrid environments. In 2024-2025, further regulatory and guidance updates reinforced segmentation's role, including proposed amendments to the HIPAA Security Rule requiring network division to enhance cybersecurity (proposed December 2024), CISA's July 2025 guidance on implementing microsegmentation within zero trust frameworks, and enhancements to standards for segmentation.

Benefits

Security Enhancements

Network segmentation enhances by dividing a network into isolated segments, which limits the spread of threats and enforces granular access policies. This approach confines potential breaches to specific areas, preventing attackers from exploiting a flat where a single compromised device could access the entire infrastructure. For instance, in attacks, segmentation stops from propagating laterally across the network, allowing teams to contain and remediate incidents more effectively. A key benefit is , particularly in preventing lateral movement during breaches. By isolating critical assets such as databases from user-facing segments, segmentation ensures that even if an endpoint is compromised, attackers cannot easily pivot to high-value targets. This isolation reduces the overall of an attack, as demonstrated in environments where segmented networks have limited compared to unsegmented ones. Access control is further strengthened through role-based segmentation, which restricts unauthorized access by defining precise boundaries for users, devices, and applications. This reduces the by limiting exposure, with segmented environments enabling organizations to enforce least-privilege principles and monitor inter-segment traffic for anomalies. Such implementations can significantly mitigate risks, as attackers face more barriers in exploiting vulnerabilities across segments. For compliance and auditing, network segmentation supports standards like HIPAA by separating sensitive data flows and enabling independent and monitoring of traffic within each segment. The proposed update to the HIPAA Security Rule (as of the December 2024 Notice of Proposed Rulemaking) would explicitly require network segmentation to protect electronic (ePHI), facilitating audits through isolated visibility into access patterns and potential violations. This separation ensures that breaches in one segment do not compromise compliance in others, with tools for segment-specific aiding regulatory adherence. Practical examples illustrate these enhancements, such as segmenting IoT devices to prevent expansions like the Mirai attacks, where isolated networks stop infected devices from communicating with or infecting others. In zero-trust segmentation, every access request is verified regardless of origin, combining segmentation with continuous to block unauthorized lateral movements and enhance overall threat detection.

Performance and Management Improvements

Network segmentation enhances operational performance by limiting the scope of broadcast domains, which reduces unnecessary traffic propagation and alleviates congestion in large networks. By dividing a flat network into smaller, isolated segments, broadcast storms—common in unsegmented environments—are contained, allowing devices to focus on relevant communications rather than processing extraneous packets. This results in lower latency and higher overall throughput, as resources are not wasted on irrelevant data floods. Furthermore, segmentation enables the application of policies at the segment level, prioritizing time-sensitive traffic such as (VoIP) or video conferencing over bulk data transfers. For instance, in environments with mixed workloads, a dedicated segment for real-time applications can guarantee bandwidth allocation and minimize , ensuring consistent performance without impacting other network activities. This targeted optimization prevents bottlenecks and supports efficient resource utilization across diverse traffic types. In terms of , network segmentation promotes modular expansion by allowing administrators to add or scale individual segments independently, avoiding the need for comprehensive network redesigns as organizational demands grow. This approach facilitates the integration of new devices or services into isolated zones, maintaining stability in existing areas while accommodating increased load. Segmentation also supports load balancing mechanisms across these zones, distributing traffic dynamically to prevent overload in high-demand segments and enabling horizontal scaling in growing infrastructures. Management efficiency improves significantly with segmentation, as fault isolation confines disruptions—such as hardware failures or configuration errors—to affected segments, expediting and minimizing widespread impact. Administrators can employ centralized tools to monitor and enforce policies per segment, streamlining compliance checks and updates without affecting the entire network. This granular control reduces operational overhead and enhances visibility, allowing for proactive maintenance in complex environments. Practical examples illustrate these gains: in data centers, segmenting application servers from storage networks reduces congestion, optimizing traffic flows and improving system responsiveness for critical workloads. Similarly, in enterprise settings, VLAN-based segmentation for departments—such as separating from HR systems—enables customized policies, boosting administrative efficiency and supporting tailored .

Techniques

Physical Segmentation Methods

Physical network segmentation involves the use of dedicated hardware components, such as separate routers, switches, and cabling, to create isolated subnetworks that prevent direct communication between different parts of the network. This approach ensures tangible separation by leveraging physical , thereby minimizing the risk of unauthorized access or lateral movement by threats across the entire system. For instance, in (OT) environments, distinct routers and switches can delineate boundaries between industrial control systems and enterprise IT networks, allowing administrators to enforce strict access controls at the hardware level. Air-gapping represents an extreme form of physical segmentation, where systems are completely disconnected from any external or interconnected networks, often through the absence of network interfaces or physical barriers like isolated cabling runs. This method is particularly employed in high-security environments, such as classified systems or safety instrumented systems, to provide immunity to remote cyber attacks by eliminating all wired or connectivity. While air-gapping offers robust against network-based threats, it poses significant maintenance challenges, including difficulties in software updates, data transfers, and integration with modern operational needs that require occasional connectivity. Hardware examples of physical segmentation include (DMZ) setups, which utilize dedicated firewalls positioned between internal networks and external interfaces to buffer sensitive areas like OT zones from the or corporate segments. In a DMZ configuration, traffic is funneled through these physical firewalls, which inspect and filter packets to enforce isolation without allowing direct paths. Another approach involves equipping servers with multiple network interface cards (NICs) to create physically distinct connections, serving as a hardware-based alternative to virtual local area networks (VLANs) and avoiding potential software vulnerabilities in protocol tagging. Despite their effectiveness, physical segmentation methods suffer from high costs associated with procuring and maintaining dedicated hardware, as well as inflexibility in adapting to changing network requirements without significant reconfiguration. issues arise in large deployments, where the proliferation of separate devices and cabling can lead to complex management and increased points of , particularly when integrating legacy systems with long lifespans.

Logical Segmentation Methods

Logical segmentation methods enable the division of networks into isolated segments using software, protocols, and virtual configurations rather than physical hardware separations, allowing multiple logical networks to coexist on shared for enhanced flexibility and efficiency. These techniques leverage tagging, filtering, and mechanisms to enforce boundaries, reducing broadcast domains and controlling without requiring dedicated cabling or switches. One foundational approach is Virtual Local Area Networks (VLANs), standardized by , which uses frame tagging to logically group devices across a shared physical Ethernet infrastructure, enabling up to 4096 VLANs per network through a 12-bit VLAN identifier inserted into Ethernet frames. This tagging mechanism allows switches to forward traffic only within the designated VLAN, isolating broadcast traffic and improving by preventing unauthorized inter-VLAN communication unless explicitly permitted. For instance, in enterprise environments, VLANs can separate departments like finance and HR on the same switch, minimizing the risk of lateral movement for potential threats. Access Control Lists (ACLs) complement VLANs by providing granular traffic filtering at routers or Layer 3 switches, where ordered rules permit or deny packets based on criteria such as source/destination IP addresses, ports, or protocols, effectively enforcing boundaries between logical segments. Standard ACLs focus on IP addresses for basic segmentation, while extended ACLs add protocol-specific controls, applied inbound or outbound to control inter-segment routing and mitigate risks like unauthorized access. In practice, ACLs are processed sequentially until a match, ensuring efficient enforcement of policies that limit traffic propagation across segments. IP subnetting, formalized through (CIDR) in RFC 4632, divides IP address spaces into variable-length subnets using CIDR notation (e.g., /24 for a 256-address block), allowing efficient allocation and logical isolation without adhering to rigid class-based boundaries. This method aggregates routes and conserves IPv4 addresses by enabling flexible prefix lengths, where subnets act as segments to contain traffic within defined address ranges, preventing overlap and facilitating decisions. protocols like (OSPF), detailed in RFC 2328, compute optimal paths within an autonomous system using link-state advertisements to maintain segment connectivity while respecting subnet boundaries. Similarly, Border Gateway Protocol (BGP), as extended for OSPF interactions in RFC 1364, handles inter-domain between segments by exchanging aggregated routes, ensuring scalability in multi-segment environments. Advanced logical segmentation includes micro-segmentation, implemented via hypervisors like NSX, which applies distributed firewalls at the workload or level to create granular isolation policies independent of the underlying . NSX uses overlay to enforce rules based on application attributes, such as tags or environment types, allowing dynamic enforcement that scales to thousands of segments without physical reconfiguration. (SDN) further enhances this by centralizing control through programmable interfaces, abstracting the to define fluid boundaries via APIs, as seen in architectures that decouple forwarding from policy logic for automated segment management. In cloud environments, (AWS) Virtual Private Clouds (VPCs) exemplify logical segmentation by providing isolated virtual networks with customizable subnets and tables, where CIDR blocks define address ranges and security groups act as virtual firewalls to control inbound/outbound traffic between segments. Hybrid setups often integrate VLANs with next-generation firewalls for dynamic policy enforcement, combining on-premises tagging for local isolation with cloud-native controls to bridge environments seamlessly, ensuring consistent segmentation across distributed infrastructures.

Implementation

Tools and Technologies

Hardware tools play a foundational role in implementing physical network segmentation. Firewalls, such as the Adaptive Security Appliance (ASA), are commonly deployed for perimeter segmentation, providing stateful inspection and to isolate external threats from internal networks. Managed Ethernet switches enable VLAN-based segmentation by supporting port configurations that separate traffic into distinct broadcast domains, enhancing isolation without requiring separate physical cabling. Software technologies facilitate more dynamic and scalable segmentation approaches. Software-defined networking (SDN) controllers like OpenDaylight offer centralized management for automated segmentation, allowing programmable policies to orchestrate traffic flows across heterogeneous network devices. Hypervisor-based tools, including VMware NSX and Microsoft Hyper-V, support virtual network segmentation by creating overlay networks that decouple logical topologies from underlying physical infrastructure, enabling microsegmentation within virtualized environments. Protocols and standards provide the foundational mechanisms for consistent segmentation implementation. The standard defines VLAN tagging for Ethernet frames, allowing switches to identify and forward traffic to specific segments through a 4-byte tag inserted into frame headers. protocols enable encrypted tunnels for secure segment interconnection, authenticating and encrypting IP packets to protect data in transit between isolated network zones. Network Access Control (NAC) systems support dynamic access segmentation by profiling devices and users upon connection, automatically assigning them to appropriate segments based on policy enforcement. Emerging technologies are advancing segmentation toward more adaptive and integrated models. AI-driven segmentation within (SASE) frameworks, gaining adoption post-2020, leverages to automate policy enforcement and threat detection in cloud-delivered networks. Integration with zero-trust platforms like enables identity-based segmentation, enforcing granular access controls across distributed environments without traditional perimeter boundaries.

Best Practices and Challenges

Effective network segmentation requires systematic audits to verify the isolation of segments and detect unauthorized connections. Organizations should conduct regular segmentation audits using tools like to scan for open ports and unintended traffic flows between segments, ensuring compliance with security policies. Before implementing divisions, start with comprehensive mapping to inventory assets, identify data flows, and understand dependencies, which helps prioritize segmentation efforts without disrupting operations. Integrating segmentation with zero-trust architecture enables ongoing verification through continuous access controls and microsegmentation, limiting lateral movement even after initial breaches. Key design principles emphasize balancing to achieve without excessive complexity. Over-segmentation can lead to significant overhead, such as increased policy maintenance and time, while under-segmentation risks broader attack surfaces; thus, segments should be defined based on business needs and risk levels. Regular policy reviews are essential to adapt to environmental changes, like new applications or compliance requirements, ensuring segments remain effective over time. Implementing network segmentation faces several challenges, particularly in complex environments. Migrating legacy systems often involves compatibility issues, as outdated lacks support for modern controls like firewalls or VLANs, leading to prolonged and integration difficulties during the transition. introduces risks by bypassing segments, as unauthorized tools and devices create hidden pathways that evade oversight and expose sensitive areas to threats. Additionally, the cost of skilled personnel for ongoing maintenance is a barrier, with shortages driving up expenses—organizations with inadequate cybersecurity teams face breach costs averaging $1.76 million higher than well-staffed peers as of 2024—due to the need for specialized expertise in policy enforcement and monitoring. To address these issues, a phased implementation approach allows gradual rollout, starting with high-risk areas like critical assets before expanding, minimizing disruption and enabling iterative testing. For instance, following the 2017 Equifax breach, where poor segmentation allowed attackers to access multiple databases, the company overhauled its network by enhancing segmentation to isolate devices and restrict internet-facing access, coupled with increased cybersecurity spending and third-party assessments as part of a $575 million settlement. Monitoring with Security Information and Event Management (SIEM) systems helps detect misconfigurations by analyzing traffic patterns and alerting on anomalous inter-segment communications, supporting proactive remediation.

References

  1. https://www.cisco.com/site/us/en/learn/topics/security/what-is-network-segmentation.html
  2. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-215.pdf
  3. https://www.cisa.gov/sites/default/files/2023-01/layering-network-security-segmentation_infographic_508_0.pdf
  4. https://www.cisa.gov/sites/default/files/2025-07/ZT-Microsegmentation-Guidance-Part-One_508c.pdf
  5. https://www.paloaltonetworks.com/cyberpedia/what-is-network-segmentation
  6. https://www.crowdstrike.com/en-us/cybersecurity-101/identity-protection/network-segmentation/
  7. https://www.pcisecuritystandards.org/documents/Guidance-PCI-DSS-Scoping-and-Segmentation_v1.pdf
  8. https://zeronetworks.com/blog/network-segmentation-and-compliance
  9. https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture
  10. https://doi.org/10.6028/NIST.SP.800-207
  11. https://securityboulevard.com/2023/08/the-history-of-network-segmentation-security/
  12. https://www.britannica.com/topic/ARPANET
  13. https://standards.ieee.org/ieee/802.1Q/1998/
  14. https://www.caida.org/catalog/papers/2002_codered/codered.pdf
  15. https://www.illumio.com/blog/solarwinds-zero-trust
  16. https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.800-207.pdf
  17. https://hightable.io/iso27001-annex-a-8-22-segregation-of-networks/
  18. https://www.hhs.gov/hipaa/for-professionals/security/hipaa-security-rule-nprm/factsheet/index.html
  19. https://www.elisity.com/blog/iec-62443-in-2025-network-segmentation-requirements-and-changes
  20. https://www.cybermaxx.com/resources/network-segmentation-why-its-a-must-have-for-cybersecurity-in-2025/
  21. https://www.harrisonclarke.com/blog/network-segmentation-enhancing-security-and-minimizing-attack-surface
  22. https://zeronetworks.com/blog/network-segmentation-all-you-need-to-know
  23. https://www.firemon.com/blog/network-segmentation-benefits/
  24. https://www.trellix.com/security-awareness/network/what-is-network-segmentation-and-why-it-matters/
  25. https://www.cloudi-fi.com/blog/the-mirai-botnet-case-is-iot-network-segmentation-the-solution
  26. https://www.cisecurity.org/insights/blog/the-mirai-botnet-threats-and-mitigations
  27. https://www.goodaccess.com/blog/zero-trust-segmentation
  28. https://www.cisco.com/c/en/us/td/docs/Technology/industrial-automation-security-design-guide/m-segment-the-network-into-smaller-trust-zones.html
  29. https://learningnetwork.cisco.com/s/question/0D53i00000KsraZCAR/network-segmentation
  30. https://www.auvik.com/franklyit/blog/network-segmentation/
  31. https://www.tierpoint.com/blog/network-infrastructure-strategy/
  32. https://news.networktigers.com/network-knowhow/10-factors-to-consider-for-network-scalability/
  33. https://www.zeronetworks.com/resource-center/topics/network-segmentation-microsegmentation-isolating-securing-your-network
  34. https://www.geeksforgeeks.org/computer-networks/what-is-network-segmentation/
  35. https://www.vmware.com/topics/network-segmentation
  36. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.pdf
  37. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-209.pdf
  38. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf
  39. https://www.cisco.com/c/en/us/solutions/software-defined-networking/overview.html
  40. https://standards.ieee.org/ieee/802.1Q/6844/
  41. https://www.ieee802.org/1/pages/802.1Q.html
  42. https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5xx/interfaces/24xx/b-interfaces-hardware-component-cg-24xx-ncs540/config-802-1q-vlan-interfaces.pdf
  43. https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
  44. https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/sec-data-acl/17-1-1/b-sec-data-acl-xe-17-1-asr920/b-sec-data-acl-xe-17-1-asr920_chapter_00.html
  45. https://datatracker.ietf.org/doc/html/rfc4632
  46. https://www.rfc-editor.org/rfc/rfc2328.html
  47. https://datatracker.ietf.org/doc/html/rfc1364
  48. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmware-nsx-microsegmentation.pdf
  49. https://docs.aws.amazon.com/vpc/latest/userguide/how-it-works.html
  50. https://www.netgear.com/business/wired/switches/plus/
  51. https://www.opendaylight.org/
  52. https://www.vmware.com/products/cloud-infrastructure/nsx
  53. https://www.techtarget.com/searchitoperations/tip/VMware-NSX-vs-Microsoft-Hyper-V-network-virtualization
  54. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-77r1.pdf
  55. https://www.fortinet.com/products/network-access-control
  56. https://learn.microsoft.com/en-us/security/zero-trust/deploy/networks
  57. https://www.zscaler.com/products-and-solutions/zero-trust-device-segmentation
  58. https://pciguru.wordpress.com/2020/12/13/network-segmentation-testing-2/
  59. https://www.getastra.com/blog/compliance/pci/network-segmentation-testing/
  60. https://www.tigera.io/learn/guides/microsegmentation/network-segmentation-nist/
  61. https://www.upguard.com/blog/network-segmentation-best-practices
  62. https://www.sei.cmu.edu/blog/network-segmentation-concepts-and-practices/
  63. https://www.researchgate.net/publication/396355972_Challenges_and_Solutions_for_Migrating_Legacy_Systems_to_Zero_Trust_Best_Practices_for_Microsegmentation_and_Role-Attribute_Control_Models
  64. https://www.sailpoint.com/identity-library/how-to-mitigate-common-shadow-it-risks
  65. https://www.ibm.com/think/insights/cybersecurity-skills-gap-contributed-increase-average-breach-costs
  66. https://oversight.house.gov/wp-content/uploads/2018/12/Equifax-Report.pdf
  67. https://www.ftc.gov/news-events/news/press-releases/2019/07/equifax-pay-575-million-part-settlement-ftc-cfpb-states-related-2017-data-breach
  68. https://www.exabeam.com/explainers/information-security/network-segmentation-your-last-line-of-defense/
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.