What Does Network Segmentation Mean?
Network segmentation is a strategy for limiting the potential impace of a security exploit by dividing a large network into smaller physical or virtual networks called subnetworks or subnets.
The goal of network segmentation is to limit unauthorized access to devices, data, and applications by restricting communication between subnetworks. Network segmentation plays an important role in Zero Trust because it limits opportunities for unauthorized lateral movement within a network.
When a network is segmented, each subnet functions as a virtual local area network (VLAN). Security policies are used to determine which users, services or devices can interconnect subnets. The most valuable resources will have the strictest access controls.