TL;DR: As hybrid networks expand, lateral movement remains the core mechanism that turns an initial breach into business disruption, and Zero Networks argues that automated microsegmentation can contain attackers once access is gained. The security model is shifting from perimeter defense to blast-radius control, where containment matters more than prediction.
NHIMG editorial — based on content published by Zero Networks: When Networks Defend Themselves: A New Model for Cyber Resilience
By the numbers:
- 60 to 70% of all breaches leverage lateral movement.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: What breaks when lateral movement is not contained inside the network?
A: When lateral movement is not contained, a single foothold can become enterprise-wide compromise.
Q: Why do service accounts and machine identities make microsegmentation harder?
A: Service accounts and machine identities often have persistent, machine-speed connectivity that is broader than human access.
Q: How do security teams know whether containment is actually working?
A: Containment is working when a compromise on one host cannot meaningfully reach adjacent systems, privileged management planes, or backup infrastructure.
Practitioner guidance
- Map lateral movement paths across identity and network layers Inventory which workloads, service accounts, and privileged users can reach sensitive systems, then remove broad internal reach that is not operationally required.
- Tie segmentation rules to identity context Use identity-aware policies so access decisions reflect the user, workload, or service account making the request rather than only the source subnet.
- Measure containment, not only prevention Track how far an attacker could move from a known foothold, then test whether a compromise on one host can reach adjacent applications, domain services, or backup infrastructure.
What's in the full article
Zero Networks' full post covers the operational detail this post intentionally leaves for the source:
- The documentary context and the CNBC-streamed resilience narrative behind the article.
- The vendor's explanation of automated microsegmentation workflows and discovery logic.
- The quoted rationale for why lateral movement is framed as the primary containment problem.
- The broader business-resilience framing used to connect security controls to operational continuity.
👉 Read Zero Networks' commentary on automated microsegmentation and cyber resilience →
Microsegmentation and lateral movement: what it means for network defense?
Explore further
Lateral movement is the control failure that decides whether a breach becomes a business event. The article is correct to shift attention from perimeter defence to containment, because attackers rarely need to break everything if they can move freely after the first foothold. In identity terms, that means access scope, session reach, and internal trust relationships matter as much as initial authentication. Practitioners should treat lateral movement as a governance problem, not only a detection problem.
A question worth separating out:
Q: Who is accountable when internal trust enables a breach to spread?
A: Accountability is shared across network security, IAM, and platform owners because internal trust is created by multiple control decisions. Frameworks such as NIST CSF and NIST SP 800-53 expect access and monitoring controls to work together, while Zero Trust principles assume continuous verification. If no team owns east-west exposure, the containment model will drift.
👉 Read our full editorial: Microsegmentation and lateral movement are reshaping cyber resilience