Why Blast Radius Matters
When an attacker compromises a single workload, the real question isn’t if they can move laterally – it’s how far they can go. In a flat network with no segmentation, the answer is: everywhere. Every reachable host becomes a stepping stone toward high-value assets like domain controllers, databases, ERP systems, and backup servers.
Blast radius is the total number of workloads, services, and data stores an attacker can reach from an initial point of compromise. It’s the single most important metric for understanding the actual impact of a breach – and the one most organizations can’t quantify.
The Calculator
The Blast Radius Calculator is an interactive tool that lets you model your own environment and see the difference microsegmentation makes:
- Configure your environment – set the number of workloads, network segments, open ports, and high-value assets
- Watch the attack propagate – side-by-side animated visualization of lateral movement across a flat network vs. a microsegmented one, mapped to MITRE ATT&CK phases
- See the numbers – blast radius score, workloads at risk, estimated financial impact, and overall risk reduction percentage
The visualization walks through a realistic attack scenario: an attacker compromises a workstation, performs discovery, escalates privileges, and moves laterally toward high-value assets. In the flat network, they reach everything. In the segmented network, containment zones limit the blast radius to a fraction of the environment.
Try It
Head over to the Blast Radius Calculator and plug in your own numbers. It runs entirely in your browser – no data leaves your machine.
