Segmentation divides your network into isolated zones. If attackers breach one segment, they cannot easily reach others.
Flat networks are dangerous. Every device can reach every other device. Malware spreads unchecked.
Segmentation limits blast radius. A compromised workstation cannot directly reach production databases.
Implementation methods:
- VLANs separate traffic at Layer
- Subnets with ACLs control Layer routing
- Firewalls filter between segments
- Microsegmentation controls traffic between workloads