Volver al blog
    Aleix Petit1 July 20262 min de lectura

    Network microsegmentation: what it is and how to apply it with Zero Trust

    When an attacker gets inside your corporate network, what determines the actual damage isn't the door they opened — it's how far they can move around inside. Microsegmentation is the technique that cuts that lateral movement off.

    What microsegmentation is

    Microsegmentation splits the network into small isolated zones where every communication is authorised or denied by policy. It goes far beyond a VLAN:

    • A VLAN separates by physical/logical network.
    • Traditional segmentation separates by internal firewall (north-south).
    • Microsegmentation separates by identity, application and context across any plane (east-west included).

    It's a central piece of the Zero Trust model.

    Why it matters

    95 % of serious breaches involve lateral movement after the initial intrusion. Without microsegmentation:

    1. A successful phishing on a laptop opens access to servers.
    2. Ransomware encrypts shared resources that should never have been reachable.
    3. A compromised supplier jumps into customer production (supply chain).

    With proper microsegmentation:

    • Each application is a single-hop zone.
    • A compromised device can't discover or scan the rest.
    • Logs show who tried what — for forensics and NIS2.

    How to implement it with ZTNA

    A modern ZTNA model builds microsegmentation in by design:

    1. Application catalogue.
    2. Identity + group + device policies.
    3. Ephemeral per-application tunnel.
    4. Full session logging.

    With the ConnectaSec platform, microsegmentation is enabled by creating application groups and assigning them to roles. No LAN redesign needed.

    Approach comparison

    Approach Cost Complexity Scope East-west
    VLAN + ACL Low Low LAN only No
    Internal firewall High High LAN + datacenter Limited
    SDN (NSX, ACI) Very high Very high Datacenter Yes
    ZTNA with microsegmentation Medium Low LAN + remote + cloud Yes

    Real-world use cases

    • Clinics and hospitals: isolate electronic health records.
    • Multi-site retail: POS separated from guest Wi-Fi and cameras.
    • Industry: OT (machines) separated from IT (office).
    • Public administration: ENS-High files isolated.

    Common mistakes

    1. Doing everything at once.
    2. IP-based policies instead of identity-based.
    3. Not logging denials.
    4. Forgetting internal services (DNS, backup).

    Microsegmentation and compliance

    • NIS2 (art. 21.2.d).
    • ENS High: mp.com.1.
    • ISO 27001: A.13.1.3.
    • GDPR.

    See also our NIS2 guide and SASE vs ZTNA.

    FAQ

    Do I need to change my current network? No. With ZTNA, microsegmentation lives in the access plane.

    How long does implementation take? A pilot with 3–5 applications: 1–2 weeks.

    Is it the same as a VLAN? No.


    Want to see microsegmentation on your network? Request a demo or model the impact with the ZTNA ROI calculator.