By Mark Stephens,
Publication Date: 2025-12-11 13:00:00
In today’s landscape, organizations of all sizes are increasingly adopting the default assumption that adversaries may already be persistent within their networks. This pragmatic perspective underscores the critical need and inherent value of an active segmentation program.
Segmentation introduces critical control points, regulating who and what can access the network environment and its applications. It also facilitates the creation of artifacts essential for reporting and compliance validation. Furthermore, segmentation significantly restricts the “blast radius” of an incident, greatly aiding incident response by clarifying the “who, what, and how” of an attack.
Many readers might immediately think of Zero Trust, minimum privilege access, and the comprehensive accounting of every device and session across their networks. However, based on years of working with and advising clients on segmentation, I’ve observed that overly ambitious goals often lead to…




