What Is Network Segmentation?

Segmentation divides a computer network into smaller parts. The purpose is to improve network performance and security. Other terms that often mean the same thing are network segregation, network partitioning, and network isolation.

How does segmentation work?

Segmentation works by controlling how traffic flows among the parts. You could choose to stop all traffic in one part from reaching another, or you can limit the flow by traffic type, source, destination, and many other options. How you decide to segment your network is called a segmentation policy.

What is an example of segmentation?

Imagine a large bank with several branch offices. The bank's security policy restricts branch employees from accessing its financial reporting system. Network segmentation can enforce the security policy by preventing all branch traffic from reaching the financial system. And by reducing overall network traffic, the financial system will work better for the financial analysts who use it.

What enforces segmentation policy?

Some traditional technologies for segmentation included internal firewalls, and Access Control List (ACL) and Virtual Local Area Network (VLAN) configurations on networking equipment. However, these approaches are costly and difficult.

Today, software-defined access technology simplifies segmentation by grouping and tagging network traffic. It then uses traffic tags to enforce segmentation policy directly on the network equipment, yet without the complexity of traditional approaches.

What is microsegmentation?

Microsegmentation uses much more information in segmentation policies like application-layer information. It enables policies that are more granular and flexible to meet the highly-specific needs of an organization or business application.   

Benefits of network segmentation

Improve operational performance

Segmentation reduces network congestion. For example, a hospital's medical devices can be segmented from its visitor network so that medical devices are unaffected by web browsing.

Limit cyberattack damage

Segmentation improves cybersecurity by limiting how far an attack can spread. For example, segmentation keeps a malware outbreak in one section from affecting systems in another.

Protect vulnerable devices

Segmentation can stop harmful traffic from reaching devices that are unable to protect themselves from attack. For example, a hospital's connected infusion pumps may not be designed with advanced security defenses. Network segmentation can stop harmful Internet traffic from ever reaching them.

Reduce the scope of compliance

Segmentation reduces the costs associated with regulatory compliance by limiting the number of in-scope systems. For example, segmentation separates the systems that process payments from those that don't. That way, the expensive compliance requirements and audit processes apply only to the in-scope systems, not the entire network.