Network Segmentation
Definition
Network segmentation divides a computer network into smaller, isolated subnets. It limits damage from a breach: if an attacker penetrates one segment, they don't have direct access to the rest of the network.
Network segmentation is a fundamental defense-in-depth principle. Methods include VLANs, firewalls, DMZ, and microsegmentation.
Microsegmentation is an advanced form where each device or workload has its own security perimeter - a core Zero Trust principle.