Network segmentation is the practice of dividing a computer network into smaller, isolated sub-networks or zones, each with its own security controls and access policies. This architectural approach limits lateral movement by attackers who gain access to one segment, preventing them from easily reaching other parts of the network that contain sensitive data or critical systems.
Effective network segmentation is a key requirement in frameworks such as PCI DSS, which mandates isolation of cardholder data environments, and ISO 27001, which requires network controls proportionate to the sensitivity of the information being processed. Implementing segmentation through VLANs, firewalls, and micro-segmentation technologies significantly reduces the blast radius of security incidents and simplifies compliance scoping.