Network Segmentation

What Does Network Segmentation Mean?

Network segmentation is a strategy for limiting the potential impace of a security exploit by dividing a large network into smaller physical or virtual networks called subnetworks or subnets.

The goal of network segmentation is to limit unauthorized access to devices, data, and applications by restricting communication between subnetworks. Network segmentation plays an important role in Zero Trust because it limits opportunities for unauthorized lateral movement within a network.

When a network is segmented, each subnet functions as a virtual local area network (VLAN). Security policies are used to determine which users, services or devices can interconnect subnets. The most valuable resources will have the strictest access controls.

Techopedia Explains Network Segmentation

One example of network segmentation involves placing an internal firewall inside a network. Network engineers can segment the two different sides of that firewall into specific sub-network areas. For example, data can go into the first sub-network environment and be scanned for malicious code before it progresses through the firewall to the other side of the network.

Another big use for network segmentation is to route data in the most efficient and effective way. In order to optimize workflows, engineers may only send certain kinds of data through a particular network segment, either to improve security, or to cut out unnecessary traffic that puts pressure on network hardware or requires more resources.