TL;DR: Microsegmentation is framed here as a containment control for lateral movement, with the article citing 241 days to identify and contain breaches, 51 seconds to lateral movement, and 5% organisational adoption, according to Zero Networks and industry research. The governance question is no longer whether segmentation is useful, but whether teams can deploy it without creating new operational drag.
NHIMG editorial — based on content published by Zero Networks: Microsegmentation Vendor Evaluation Guide for Zero Trust Security
By the numbers:
- It takes organizations an average of 241 days to identify and contain a breach, but cyber attackers now begin moving laterally in as little as 51 seconds after gaining initial network access.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Questions worth separating out
Q: What breaks when microsegmentation is not aligned to identity and workload context?
A: Segmentation becomes easy to bypass through trusted internal paths, especially after a credential compromise.
Q: Why do attackers still spread quickly inside well-defended networks?
A: Because many environments still allow broad east-west connectivity once an attacker gets inside.
Q: How do security teams know if microsegmentation is actually working?
A: The best signal is whether a compromised identity or workload can reach only the services it truly needs, and nothing more.
Practitioner guidance
- Map lateral movement paths before tuning policy Inventory the systems, identities, and service-to-service paths that would matter after one host is compromised.
- Bind segmentation rules to identity and role context Do not rely only on IP ranges or VLAN boundaries.
- Automate discovery and policy refresh for changing estates Require continuous asset discovery, traffic observation, and policy recalculation so new applications, cloud assets, and OT connections do not inherit overly broad access by default.
What's in the full article
Zero Networks' full article covers the operational detail this post intentionally leaves for the source:
- Vendor-side capability checklist for agentless microsegmentation evaluation across hybrid environments
- Detailed examples of automated policy creation, discovery, and segmentation coverage claims
- Feature-by-feature questions for comparing deployment effort, resource overhead, and integration fit
- Operational guidance on continuous segmentation and identity-aligned network control
👉 Read Zero Networks' guide to evaluating microsegmentation capabilities for zero trust →
Microsegmentation evaluation: are your controls keeping up?
Explore further
Microsegmentation has shifted from a network design preference to a control for blast-radius reduction. The article correctly frames containment as the primary objective because attackers now move far faster than manual response can react. For identity teams, that means segmentation is no longer just a networking issue. It is a governance control that determines whether compromised human or non-human credentials can traverse trusted paths. Practitioner conclusion: treat segmentation as part of access governance, not as a standalone perimeter project.
A question worth separating out:
Q: Who should own microsegmentation decisions in a zero trust programme?
A: Ownership should be shared across network, cloud, IAM, and application teams because segmentation depends on policy, identity, and application dependencies at the same time. The control fails when one team owns design and another owns enforcement without a common model for asset discovery and change management. Joint governance prevents blind spots.
👉 Read our full editorial: Microsegmentation capabilities that matter for zero trust containment