Cyber Doc logo Cyber Doc
Cybersecurity Term

What is network segmentation?

Separating systems into network zones to reduce spread and limit access.

Network Security Last reviewed: 2026-05-20

← Back to Learn Centre

What is network segmentation?

Network segmentation means separating systems into different network zones so that access can be controlled and incidents are easier to contain.

Simple example

Guest Wi-Fi is separated from office computers, and servers are placed in a separate protected network.

Why it matters

Segmentation can limit how far an attacker or malware can move after one system is compromised.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Separate guest, staff, server, and management networks where practical.
  • Limit access between network zones.
  • Document which systems need to communicate.
  • Use firewall rules between segments.
  • Review segmentation after business changes.

Reactive steps

  • Isolate affected network segments during an incident.
  • Block unnecessary movement between systems.
  • Review traffic logs between segments.
  • Check whether other zones were reached.
  • Strengthen segmentation after recovery.

Related terms

  • Lateral movement
  • Firewall
  • Incident response