Network segmentation divides a network into smaller, isolated zones so a breach in one area cannot spread freely. A flat network where every device can communicate with every other is a dream scenario for attackers who gain any foothold.
Common segmentation techniques include VLANs, firewalls between zones, and micro-segmentation at the workload level. PCI DSS explicitly requires cardholder data environments to be segmented from the rest of the corporate network.
CISSP Relevance
Network segmentation is foundational in Domain 4 (Communications and Network Security) and Domain 3 (Security Architecture and Engineering). CISSP candidates must understand how segmentation implements defense in depth and how to design segmented architectures that balance security with operational needs.
External reference: PCI Security Standards Council Segmentation Guidance
Related terms: Firewall, Zero Trust