Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Lateral movement and segmentation gaps: what IAM teams should note


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: Lateral movement appears in nearly 90% of attacks while 82% of organisations still trust perimeter detection, according to Illumio citing The 2025 Global Cloud Detection and Response Report. Static firewall rules and fragmented policy governance leave modern hybrid environments exposed once attackers get inside.

NHIMG editorial — based on content published by Illumio: Illumio + FireMon: Closing the Gaps Firewalls Can’t See

By the numbers:

Questions worth separating out

Q: What breaks when firewall-only security is used in hybrid environments?

A: Firewall-only security breaks down when attackers already have internal access and can move laterally through allowed east-west paths.

Q: Why do lateral movement attacks expose weaknesses in modern segmentation?

A: Lateral movement attacks expose weaknesses when segmentation is tied to static network assumptions instead of application context and workload identity.

Q: How do security teams know if segmentation is actually reducing risk?

A: Teams know segmentation is working when unnecessary workload communications disappear, exception volume falls, and policy changes are validated continuously rather than assumed.

Practitioner guidance

  • Map east-west trust paths before tightening edge policy Inventory the workload-to-workload connections that are currently allowed, then identify which ones are unnecessary, risky, or not tied to an application requirement.
  • Centralise policy intent and drift validation Create a single review process for firewall rules, segmentation policies, and exceptions so that intent and enforcement are checked together.
  • Treat segmentation as containment for privilege abuse Design policies so that compromise of one workload does not automatically grant access to adjacent systems.

What's in the full article

Illumio's full article covers the operational detail this post intentionally leaves for the source:

  • How the Illumio and FireMon integration combines segmentation visibility with centralized policy governance across hybrid environments
  • Why east-west traffic visibility matters when firewall rules no longer reflect how workloads actually communicate
  • How policy drift detection and validation help teams prove that enforcement matches intent
  • Why workload labels such as application, role, and environment are used to simplify scalable segmentation

👉 Read Illumio's analysis of firewall gaps and lateral movement containment →

Lateral movement and segmentation gaps: what IAM teams should note?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Lateral movement containment is now a governance problem, not only a network problem. Firewalls can still reduce exposure at the edge, but modern attacks exploit what happens after the first trusted entry point. The decisive question is whether internal movement is constrained by policy that follows workloads and access context. Practitioners should treat containment as a governance objective, not just a perimeter design choice.

A question worth separating out:

Q: Who is accountable when internal policy drift leaves breaches easier to spread?

A: Accountability usually sits across network security, platform teams, and the owners of the applications that define the trust relationships. If policy drift is not assigned to a clear owner, exceptions multiply and controls go stale. Governance should specify who approves internal flows, who validates enforcement, and who remediates drift when the environment changes.

👉 Read our full editorial: Firewall-only security fails when lateral movement reaches inside



   
ReplyQuote
Share: