TL;DR: The global microsegmentation market is projected to grow from $8.2 billion in 2025 to over $41 billion by 2034, yet Gartner estimates only 5% to 20% of enterprises have adopted it, leaving lateral movement widely uncontained, according to Elisity. Identity-based enforcement is becoming the practical test of zero trust, not just a network design choice.
At a glance
What this is: This is a vendor comparison of 12 microsegmentation solutions, and its central finding is that adoption remains far behind market growth and that environment fit now matters more than feature count.
Why it matters: For IAM, NHI, and security teams, microsegmentation increasingly intersects with access governance because identity-based enforcement can reduce lateral movement when endpoint agents, cloud workloads, and unmanaged devices coexist.
By the numbers:
- The global microsegmentation market will grow from $8.2 billion in 2025 to over $41 billion by 2034.
- Gartner estimates that only 5% to 20% of enterprises have adopted microsegmentation.
- Illumio was named a 2026 Gartner Peer Insights Customers’ Choice for Network Security Microsegmentation, holding a 4.8 out of 5 rating across 168 ratings as of January 2026.
👉 Read Elisity's microsegmentation vendor comparison for 2026
Context
Microsegmentation is a control that narrows east-west traffic so compromise in one workload does not automatically become lateral movement across the estate. The article frames that problem through vendor selection, but the real governance issue is whether an organisation can enforce identity-aware segmentation across managed servers, cloud workloads, OT, IoT, and identity-protected administrative paths.
The primary keyword here is microsegmentation, and the practitioner challenge is not simply choosing a product category. Teams need to decide whether they are buying agent-based workload segmentation, agentless enforcement on existing infrastructure, or identity-linked controls that tie access decisions to user and device context. For a broader NHI framing, see the Ultimate Guide to NHIs and the Ultimate Guide to NHIs. When identity and access assumptions are not aligned with the enforcement layer, segmentation becomes uneven and easier to bypass.
Key questions
Q: How should security teams choose a microsegmentation approach for mixed estates?
A: Start with where the risky assets live, not with the policy engine. If your estate includes servers, cloud workloads, OT, IoT, or medical devices, prefer the approach that can actually reach the most constrained assets. Agent-based tools suit managed workloads, while agentless or identity-based enforcement is often necessary where software cannot be installed.
Q: Why does microsegmentation matter for identity and access governance?
A: Because lateral movement is often the next step after credential abuse. If access decisions are only enforced at login, attackers can reuse valid identity paths to move laterally. Microsegmentation extends least privilege into runtime communication, which makes IAM and PAM more effective when they are aligned with network enforcement.
Q: What breaks when microsegmentation does not cover unmanaged devices?
A: The programme leaves its highest-risk assets outside the containment model. In practice, that means cameras, PLCs, infusion pumps, and other unmanaged devices remain reachable through flat or over-permissive paths, which gives attackers a lateral movement corridor even when servers are well controlled.
Q: Which controls should organisations pair with microsegmentation to reduce risk?
A: Pair segmentation with strong authentication, privileged access control, entitlement review, and revocation discipline. Microsegmentation works best when it is linked to identity governance, because the control only limits reach if credentials, roles, and access paths are kept current.
Technical breakdown
Agent-based versus agentless microsegmentation
Microsegmentation can be enforced in two broad ways. Agent-based tools install software on each workload and can observe application dependencies directly, which helps with fine-grained policy but limits coverage where software cannot be installed. Agentless approaches enforce policy at the network edge, firewall, or virtualised infrastructure, which is more suitable for OT, IoT, and unmanaged assets. The trade-off is depth of telemetry versus reach. Identity-based enforcement adds another layer by binding policy to who or what is allowed to communicate, rather than only to IP ranges or static zones.
Practical implication: inventory which assets can never host an agent before you shortlist tools.
Identity-based segmentation and privileged access paths
Identity-based microsegmentation treats access as a governed relationship, not just a packet flow. This matters because many lateral movement paths begin with privileged protocols such as RDP, SSH, or WinRM, where standing access can be abused once credentials are stolen. By coupling network policy to user, device, or workload identity, teams can shrink the attack path even when the underlying infrastructure remains unchanged. In IAM terms, this is a control-layer extension of least privilege, but it must be paired with authentication, entitlement review, and revocation discipline or it only moves the problem.
Practical implication: map privileged admin paths to identity-controlled segmentation rules, not just firewall zones.
Why segmentation programmes stall in mixed estates
Microsegmentation projects often stall because the estate is heterogeneous. Managed servers, container platforms, OT systems, and IoT devices have different telemetry, deployment, and operational constraints. Some tools solve for workload visibility; others solve for broad network enforcement; a few try to bridge both. The governance challenge is that teams often evaluate only policy expression and overlook whether the tool can actually reach the parts of the environment that drive lateral movement risk. This is where microsegmentation becomes a control architecture decision, not a feature comparison exercise.
Practical implication: evaluate coverage by environment type first, then by policy sophistication.
NHI Mgmt Group analysis
Microsegmentation has become an identity governance problem as much as a network control problem. The article’s strongest signal is that segmentation decisions now hinge on who or what is allowed to talk, not just where traffic is routed. That shift matters because identity, workload, and device context increasingly determine whether lateral movement is containable. Practitioners should treat segmentation policy as part of access governance, not a separate network project.
Microsegmentation adoption is still lagging behind the lateral movement risk it is supposed to reduce. The article itself cites a large market forecast alongside a much smaller adoption base, which is the classic sign of a control gap rather than a tooling gap. The issue is not that the category is immature only in feature terms. The real problem is operational: teams are still trying to fit old perimeter thinking to environments where compromise spreads laterally by default. Practitioners should re-baseline their zero trust assumptions.
Identity-based enforcement is the named concept this market is converging on. As workloads, devices, and admin paths become harder to segment with static IP logic, policy tied to identity context is becoming the more durable model. That does not replace network enforcement, but it does make the access decision more explicit and auditable. For identity teams, this is a reminder that least privilege has to extend beyond authentication into runtime communication paths. Practitioners should align IAM, PAM, and segmentation ownership.
Agentless coverage is now a governance requirement in mixed IT, OT, and IoT estates. The article shows that many buyers are no longer comparing products only on workload telemetry, but on whether they can protect unmanaged devices that cannot run software. That is a control selection issue, not a convenience issue. If a segmentation programme cannot cover the devices most likely to be abused in lateral movement, it will underperform in practice. Practitioners should prioritise reach over elegance.
Microsegmentation selection should be judged by containment outcomes, not by vendor category labels. The market now includes firewall-based, hypervisor-based, endpoint-based, and network-edge enforcement models, each with different operational consequences. That variety is useful only if teams map it to the actual movement paths in their environment. For identity programmes, the lesson is simple: access governance and containment should be designed together. Practitioners should evaluate controls by the attack paths they close.
What this signals
Identity-based segmentation will increasingly be evaluated as an access-governance control, not a network add-on. When runtime communication paths are governed through identity context, IAM and PAM teams need to think about entitlement scope in motion, not only at authentication time. That shifts the operating model toward shared ownership with network and platform teams, which is where many programmes still struggle.
Mixed estates will keep exposing control gaps until segmentation strategies account for unmanaged assets first and workloads second. The practical signal for security leaders is that environment coverage matters more than vendor architecture labels. Teams that cannot reach OT, IoT, or legacy endpoints are still relying on partial containment, which leaves residual lateral movement risk.
For practitioners
- Inventory where agents cannot be deployed Separate managed servers from OT, IoT, medical, and legacy assets before you compare tools. Use the inventory to determine where agentless enforcement on existing infrastructure is mandatory rather than optional.
- Map privileged protocols to identity controls Identify RDP, SSH, WinRM, and similar admin paths, then determine which ones should be gated by identity-aware policy instead of static network rules. Tie those paths to strong authentication and revocation processes.
- Test coverage against unmanaged assets Run proof-of-value tests against devices that cannot install software, because those are usually the assets that expose the gap between segmentation theory and operational coverage.
- Evaluate containment before feature depth Score vendors on whether they can stop lateral movement in the places your risk actually lives, then assess telemetry, dependency mapping, and analytics only after reach is proven.
Key takeaways
- Microsegmentation is now part of identity governance because runtime access paths can be abused long after authentication succeeds.
- The article’s own figures show a market that is scaling faster than adoption, which points to operational friction rather than lack of demand.
- Teams should choose controls by containment coverage across managed, unmanaged, and privileged environments, not by feature breadth alone.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
MITRE ATT&CK address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-53 Rev 5 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| MITRE ATT&CK | TA0008 , Lateral Movement; TA0006 , Credential Access | The article centers on stopping lateral movement after credential abuse. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access enforcement maps directly to microsegmentation governance. |
| NIST SP 800-53 Rev 5 | AC-4 | Information flow enforcement is the core control family behind segmentation. |
| NIST Zero Trust (SP 800-207) | Zero Trust Architecture is the architectural model microsegmentation is meant to support. |
Map segmentation coverage to lateral movement paths and credential-abuse scenarios in your environment.
Key terms
- Microsegmentation: Microsegmentation is the practice of dividing an environment into very small trust zones so that systems can communicate only with what they specifically need. It is used to limit lateral movement after compromise and is often enforced through network, host, hypervisor, or identity-aware policy layers.
- Identity-Based Segmentation: Identity-based segmentation ties communication rules to user, device, workload, or service identity instead of only to IP ranges or subnets. That makes access decisions more expressive and auditable, especially in mixed environments where the same asset may move across networks or be used by multiple identities.
- Lateral Movement: Lateral movement is the process of moving from one compromised system or account to others inside the same environment. It usually succeeds when internal trust is too broad, privileges are excessive, or communication paths remain open after initial compromise.
- Agentless Enforcement: Agentless enforcement applies segmentation policy without installing software on each endpoint or workload. It is especially relevant for OT, IoT, and legacy systems where agents are impractical, but it depends on the surrounding infrastructure having enough visibility and control to enforce policy reliably.
What's in the full article
Elisity's full article covers the operational comparison detail this post intentionally leaves for the source:
- Side-by-side vendor matrix for 12 tools across deployment model, agent requirement, and OT/IoT support
- Analyst-research breakdown showing how Forrester, Gartner, GigaOm, and Constellation position the major vendors
- Vendor-by-vendor best-fit guidance for hospitals, industrial estates, hybrid cloud, and firewall-led environments
- Practical selection notes on when agentless, agent-based, hypervisor-based, or identity-led segmentation is the better fit
Deepen your knowledge
The NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, workload identity, and secrets management for practitioners aligning access control with runtime risk. It is built for teams that need to connect identity decisions to security architecture and operational control.
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org