Brands

Hot News

Segmentation Remains a Foundational Security Concept
Publish Time: 04 Dec, 2025

The 2025 Cisco Segmentation Report, with 1,000 respondents, was released last month and has prompted me to think more deeply about the evolution of the decades-old cybersecurity concept and how it continues to adapt to meet the needs of modern enterprises. I previously wrote that while 79% of respondents consider segmentation a top priority, only 33% implement it fully. The survey results also revealed interesting insights into why segmentation remains a foundational concept.

The evolution of segmentation and the development of different segmentation approaches make the concept ideal for implementing a proactive approach to enterprise cybersecurity today. For years, organizations have utilized macro-segmentation to divide networks into smaller sections, which helps limit the spread of successful attacks while enhancing overall resilience. And now, augmenting macro-segmentation with micro-segmentation implementations allows security teams to split environments into separate networks AND isolate specific workloads based on behavior or identity. This dual segmentation approach is well-suited to protect today's distributed, cloud-first network infrastructure and the applications, data, and users that rely on these critical networks.

This is the first part of a three-part series that delves deeper into the survey results and what they reveal about the current state of segmentation.

Macro-Segmentation (On It's Own) Is Not Enough to Meet Today's Cybersecurity Challenges

Macro-segmentation alone is insufficient due to recent changes in modern application architecture. Modern applications are no longer monolithic, and they are no longer constrained by a subnet or VLAN. As a result, these applications are decentralized and composed of multiple workloads. This new decentralized architecture has boosted application performance, scalability, maintainability, and reliability; however, it has made it challenging to understand what's happening at the workload level.

However, the lack of visibility and control at the workload level makes traditional security approaches (including macro-segmentation) challenging. It's no wonder that cybersecurity teams are struggling to protect today's highly distributed, cloud-first digital infrastructures.

Question: How would you rate your organization's current progress with implementing micro-segmentation? Base: 1,000 respondents

Organizations Need to Implement Macro-Segmentation and Micro-Segmentation in Tandem

Augmenting macro-segmentation with micro-segmentation implementations enables security teams to separate IT environments into sections while isolating individual workloads based on their behavior or identity. This enables a proactive approach to cybersecurity, resulting in faster recovery times, improved operations, and consistent enforcement of segmentation policies.

1. Quicker Recovery Times

Respondents from organizations that have fully implemented both macro- and micro-segmentation report that breach containment and recovery take an average of 20 days to complete. In contrast, respondents from organizations that have not fully implemented both macro- and micro-segmentation report that recovery takes them an average of 29 days.

Average time it takes organizations to contain and fully recover from their most recent breach. Base: 1,000 respondents. Data split by organizations with full implementation of both macro- and micro-segmentation (327 respondents), and organizations who have not fully implemented either (667)

This is a big, big deal. Cutting recovery time by one-third limits the breach's impact and prevents its future spread. Just imagine the damage that threat actors can inflict in those additional nine days. The combination of macro- and micro-segmentation slows down attackers. It also provides defenders with more visibility and control over individual workloads, offering insights into the attack chain that enable them to quickly identify which assets need to be quarantined, taken offline, and recovered.

2. An Opportunity to Align Teams

Segmentation projects require coordination across multiple teams with multiple layers of responsibility, necessitating full alignment throughout the organization. For example, a development team knows who created an application, but it may not have visibility into who is using the application or how the application is being used. A failure to coordinate across teams can lead to over-permissioning-a common mistake that creates significant risks for organizations.

According to the survey, organizations (often) rely on three separate teams for implementing and managing segmentation-IT infrastructure or network (87%), Security/ SecOps (77%), and DevOps/ Cloud Engineering (71%). The process of implementing both macro- and micro-segmentation can improve alignment between these teams and eliminate much of the risk associated with over-permissioning. Continuing with our development team example, the drive toward segmentation can bring the development team closer to those managing and securing the network by establishing a common vocabulary and shared objectives.

Among survey respondents at organizations that have fully implemented both macro- and micro-segmentation, 87% report that their teams are fully aligned, compared with 52% of those at organizations without full implementation.

Question: When thinking about the teams involved in implementing or managing segmentation at your organization, how would you rate how aligned they are? Base: If respondent uses two or more teams (994 respondents). Data split by those who have fully implemented both macro- and micro-segmentation (315), and those who have not fully implemented both (608).

3. Consistent Enforcement

According to the report, two-thirds (63%) of respondents at organizations with full implementation strongly agree that automation is key to scaling and maturing segmentation projects, versus 50% without full implementation of both. Automation enables organizations to scale their segmentation policies across the entire organization (or at least where it makes sense), resulting in more comprehensive and consistent enforcement, and ultimately, stronger security controls. Organizations that do not employ adequate automation must manually create and maintain policies, which can easily fall behind security requirements over time.

Question: To what extent do you agree with the following statement? "Automation is key to scaling and achieving maturity in segmentation projects." Base: 1,000 respondents. Data split by those who have fully implemented both macro- and micro-segmentation (315), and those who have not fully implemented both (608).

A Dual Approach Enables a Proactive Cybersecurity Strategy

The ability to implement micro-segmentation at scale in conjunction with macro-segmentation has become foundational to modern enterprise security strategies and the zero-trust security model. This enables organizations to recover more quickly, better align their teams, and enforce segmentation more consistently-in combination, allowing for a proactive approach to cybersecurity. Although segmentation is an old concept (from an IT perspective, of course), it remains a critical component of a proactive enterprise security approach-mainly due to its adaptation for modern environments.

In my next blog, I'll outline the challenges organizations are facing today when implementing segmentation projects. In the meantime, download the 2025 Cisco Segmentation Report to better understand the state of segmentation today.

We'd love to hear what you think! Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social Media

LinkedIn
Facebook
Instagram
X

Agentic AI is the future of Higher Education: Cisco's AI campus e-book gives a glimpse into the future Making sure AI becomes the global equalizer - and not the great divider
microsegmentation network security Network Segmentation
I’d like Alerts: