Market Overview on microsegment.io

Weekly Security Landscape: April 4 - 10, 2026

Fri, 10 Apr 2026 00:00:00 +0000

The Week at a Glance

This week was not really about malware. It was about trust boundaries failing in quiet, high-leverage places.

Older routers became token theft infrastructure. Helpdesks and BPOs became initial access. Mobile and endpoint management platforms kept showing up in CISA KEV. AI kept compressing the window between disclosure and weaponization. And all of it pointed to the same uncomfortable truth: the highest-risk systems are often the ones defenders still treat as support plumbing.

Management Consoles: The Keys to the Kingdom

Wed, 08 Apr 2026 00:00:00 +0000

The Wrong Thing Is Still Trusted

Defenders keep hardening endpoints, tuning detections, and buying more visibility.

Meanwhile, attackers keep going after the systems that already have permission to touch everything.

That is the real problem with management consoles.

When a laptop gets compromised, you have an incident.

When a management console gets compromised, you may have a change-control problem, an identity problem, a visibility problem, and a lateral movement problem all at once.

Introducing the Blast Radius Calculator

Tue, 07 Apr 2026 00:00:00 +0000

Why Blast Radius Matters

When an attacker compromises a single workload, the real question isn’t if they can move laterally – it’s how far they can go. In a flat network with no segmentation, the answer is: everywhere. Every reachable host becomes a stepping stone toward high-value assets like domain controllers, databases, ERP systems, and backup servers.

Blast radius is the total number of workloads, services, and data stores an attacker can reach from an initial point of compromise. It’s the single most important metric for understanding the actual impact of a breach – and the one most organizations can’t quantify.

Weekly Security Landscape: March 28 - April 3, 2026

Fri, 03 Apr 2026 00:00:00 +0000

The Week at a Glance

This was the week supply chain attacks went industrial, management plane vulnerabilities kept stacking up, and AI proved it can write kernel exploits faster than most organizations can triage a CVE. Here’s what happened - and what it means for your architecture.

🔴 Critical: TeamPCP Supply Chain Campaign Expands

The biggest story of the month continued to grow. TeamPCP’s supply chain attack, which started with compromising Aqua Security’s Trivy vulnerability scanner via GitHub Actions, expanded to hit LiteLLM (95 million PyPI downloads/month), Checkmarx KICS, and the Axios npm package (100 million weekly downloads).

Hard Truths #2: Patching Is Whack-a-Mole, Not Strategy

Tue, 31 Mar 2026 00:00:00 +0000

The Math Nobody Wants to Do

March Patch Tuesday: 84 vulnerabilities. Including two zero-days already under active exploitation.

February: APT28 was exploiting CVE-2026-21513 in MSHTML before the patch even shipped. A Russian state-sponsored group had your number before Microsoft did. Source

Every month, the same ritual plays out across enterprise IT:

Vendor drops patches
Security team triages
Testing begins
Change advisory boards convene
Deployment rolls out in waves
Stragglers get chased down
Next Patch Tuesday arrives

Repeat forever.

Hard Truths #1: Your Security Tools Are the Attack Surface

Thu, 26 Mar 2026 00:00:00 +0000

The Pattern Nobody Wants to See

This month alone, four major security vendors had their management infrastructure turned into attack vectors. Not the endpoints they protect. The management consoles that control them.

Let that sink in.

The Incidents

Cisco Secure Firewall Management Center - CVE-2026-20131, CVSS 10.0. Unauthenticated remote code execution as root. The Interlock ransomware group exploited this as a zero-day for 36 days before Cisco even disclosed it. Amazon’s threat intelligence team caught them exploiting it since January 26. The attackers had custom RATs, recon scripts, proxy infrastructure - the full playbook. All through a firewall management console.

M-Trends 2025: Unpacking the Threats and Why Microsegmentation is Your Strongest Defense

Tue, 20 May 2025 00:00:00 +0000

M-Trends 2025: Unpacking the Threats and Why Microsegmentation is Your Strongest Defense

The recently released Mandiant M-Trends 2025 report offers a insightful look into the evolving cybersecurity landscape. As we digest its key findings, one thing becomes abundantly clear: attackers are becoming more opportunistic and sophisticated, exploiting any weakness they can find. For those of us focused on building resilient security architectures, the report underscores the importance of granular control and containment – principles at the heart of microsegmentation.

Attackers think in graphs

Wed, 14 May 2025 00:00:00 +0000

The Graph Advantage: Why Attackers Think in Networks While Defenders Think in Rows

When a security analyst opens their SIEM dashboard, they typically see what defenders have seen for decades: endless tables of logs, sorted by timestamp, filtered by IP address, grouped by event type. Meanwhile, somewhere in the digital shadows, an attacker is mapping out their target’s infrastructure like a cartographer charting new territory—not in rows and columns, but as an interconnected web of relationships, vulnerabilities, and opportunities.

The microsegmentation landscape in 2025

Thu, 17 Apr 2025 00:00:00 +0000

The Microsegmentation Landscape in 2025: Current State and Future Directions

Introduction

Microsegmentation has evolved significantly since its early days as a network security approach, becoming a cornerstone of modern zero trust security architectures. As we move through 2025, the microsegmentation landscape continues to mature with new technologies, integration capabilities, and use cases expanding beyond traditional data center environments. This overview examines the current state of microsegmentation, key trends, leading vendors, and future directions.

Thoughts on the Attack matrix for Kubernetes

Tue, 14 Apr 2020 00:00:00 +0000

Introduction

In a recent blog post Yossi Weizman talks about the Attack matrix for Kubernetes and i had a couple of thoughts about it. As Yossi rightly says, Kubernetes is becoming a vital part in the compute stack of many companies. What i hear in my network and during sessions with IT security teams is that they face new challenges with Kubernetes-based orchestration platforms. The container platforms are also perceived like a black box for traditional networking and IT security folks, so it makes sense to understand the security risks that are inherent to those platforms first.

The Service Mesh

Sat, 23 Nov 2019 00:00:00 +0000

Whenever you hear people speak about containers and container networking, there is a high chance of the Service Mesh coming up as a topic. It is a real hype and while being on the twitters i discovered this great article by William Morgan of @BuoyantIO, the creator of Linkerd.

William does a great job of explaining the technology, the use cases, what to use it for and what not and i have a couple of comments to add:

Mitre ATT&CK and Segmentation

Fri, 08 Nov 2019 00:00:00 +0000

When people think about their strategic IT security projects, they often think of the last incident they were affected of and try to mitigate that, often by using technology only.

This is a valid approach and probably is not so wrong, because we often see waves of incidents rolling in, the wannacry wave, other ransomware waves, certain exploit kits or malware waves. So it makes some sense to concentrate on those threats when they happen. Of course you should have done something long before it hit you or other people, but the nature of IT security is that this hardly ever happens.

The importance of outbound policy

Tue, 05 Nov 2019 00:00:00 +0000

Bill Cheswick, a pioneer in internet firewalls got, besides establishing what we today know as the perimeter firewall, famous for the below quote to describe his ideas on perimeter firewalls:

A sort of crunchy shell around a soft, chewy center.

The quote and metaphor is still used a lot by security professionals around the world, to describe the state of the internal network behind the perimeter firewall.

A crunchy shell in the 1990s was exactly the thing you needed to be more secure from the threats found at that time. A lot of it was attacks against servers, buffer and heap overflows on services directly exposed to the internet when not consumed directly from the internet. People could easily DoS or even better, hack, those services. Exposed sendmail servers been a huge target at that time. Everything was exposed and routed, it is hard to imagine today. The perimeter firewall did a great job and shielded the vulnerable services from the evil internet and helped to secure them from the outside world. The internet grew exponentially and threats changed quite significantly and we all know that most threats today focus on endpoints rather than datacenter services as a entry vector.

Implementing Sensible Network Segmentation

Fri, 18 Oct 2019 00:00:00 +0000

Packet Pushers Tech Bytes about Network Segmentation with Tufin

A new week, a new Tech Bytes Packet Pushers podcast. This time Tufin markets their policy management, which was a interesting show, but i have some comments.

i think it’s a valid point to say that automated firewall policy management can make a business more agile, especially considering how long the change process normally takes and how we do it today
the whole point about understanding the topology sounds like this is really very slow to implement
it’s hard to get any visibility from what i hear and how i understand the Tufin platform
Zoning or very wide segmentation is nice, but what you really want is to be able to do finer grained segmentation without modifying or rearchitecting the network
relying on hardware firewalls will never be able to free you from the constraints of those devices, especially throughput limits, the hardware cycle that will just happen every three or five years and the inability of a firewall to really be point to point and not zone to zone
i would assume that the integration of this is very hard, thanks god it is usually owned by just one team, but what about outsourcers and system integrators?

Sage Data Security on why network segmentation is important

Mon, 14 Oct 2019 00:00:00 +0000

Nice article from Sage Data Security on why network segmentation is important.

Deploying Cisco ACI and VMware NSX

Sat, 12 Oct 2019 00:00:00 +0000

One of my favourite networking podcasts, PacketPushers has a great episode on integrating Cisco ACI and VMware NSX at the same time.

I really enjoyed listening to this episode, one reason for sure was that Derek Wilson seems to be a really nice and knowledgeable person, but the other is that he shared some valuable insights into deploying ACI and its uses for big companies.

My key takeaways from the episode are:

NIST publishes a zerotrust architecture recommendation

Fri, 11 Oct 2019 00:00:00 +0000

The US NIST published a great guide on a zero trust architecture that definitely is worth reading and details the elements, deployment and deployment scenarios and reference to other material to help people get started with zero trust.

Ideas on Segmentation metrics (part three)

Wed, 02 Oct 2019 00:00:00 +0000

Please check out Part one and part two of this series

Continuing our series about metrics for segmentation, there are a couple more angles how you can measure the effectiveness of your segmentation.

8 Microsegmentation pitfalls to avoid

Mon, 30 Sep 2019 00:00:00 +0000

I read a nice article by Ericka Chickowski on Darkreading the other day. The article gives some great guidance on what to do and not to do when starting your segmentation journey. Here are some comments.

The practice of microsegmentation takes the principles of least privilege to their logical conclusion by atomizing the isolating techniques of network segmentation. Security architects use microsegmentation to create security boundaries that can extend all the way into individual workloads by controlling East-West, or server-to-server, traffic flows between applications. The bulkheads put up through microsegmentation make it possible to better limit lateral movement of attackers, even in a cloudy world with no perimeter.

The incomplete ITSA 2019 guide to segmentation

Mon, 30 Sep 2019 00:00:00 +0000

Next week it is the ITSA 2019 in Nuremberg and i thought it will be good to give you high priests of segmentation a overview of the companies exhibiting their solutions for segmentation and microsegmentation there.

Illumio

This one is special, because you will have the chance to meet me personally presenting the power of host-based microsegmentation to you for the three days of ITSA 2019. Feel free to come by and ask me anything about Illumio, this site or really anything that comes up.

Microservices and Microsegmentation

Mon, 16 Sep 2019 00:00:00 +0000

The thing to remember is that just because dev has decided to leverage microservices does not in turn mean that the network somehow magically becomes microsegmented or that if microsegmentation is used to optimize the network service architecture that suddenly apps become microservices. Microsegmentation can be used to logically isolate monolithic applications as easily as it can microservices.

Article from DZone

“Micro is big these days” - The below statement is from an article showing the similarities and differences between microservices and microsegmentation. Of course we all know the differences, but we might have never thought about the similarities between the two approaches.

Undivided We Fall: Decoupling Network Segmentation from Micro-Segmentation

Thu, 12 Sep 2019 00:00:00 +0000

@alissaknight has published a great article on LinkedIn that talks about the history of segmentation and the use-cases and differences of network segmentation and micro-segmentation.

What i like about the article is that Alissa shows that network segmentation and micro-segmentation can be mutually exclusive, but can also co-exist. They do different things and they have different use-cases, which are also highlighted in the article.

The conclusion though is what i wouldn’t agree to, a Software Defined Perimeter does not solve a lateral movement problem nor will it implement Micro-Segmentation. The underlying problem of having no visibility into what to segment and how to structure your policy so it does not break applications is not solved by moving to another solution.

Demystifying the Windows Firewall

Tue, 10 Sep 2019 00:00:00 +0000

What a great talk by Jessica Payne that talks about why network segmentation is so important and how to apply these principles to your host-based Windows Firewall (that you probably never use). It is from 2016 and still true.

Scaling up vs scaling out your security segmentation

Mon, 09 Sep 2019 00:00:00 +0000

If you follow discussion on running cloud native, monolithic or more traditional applications you may have stumbled over the terms “scale up“ and “scale out“. Don’t feel bad if you don’t know these, because they were formerly just “vertical scaling“ (scale up) and “horizontal scaling“ (scale out).

What is scale up?

Scale up means, if you have e.g. a server in your datacenter running your database, to make the database faster or have more concurrent client getting served, you would add more hardware to that server and just make it the biggest machine available.

Segment-O-Pedia

Fri, 06 Sep 2019 00:00:00 +0000

This page is work in progress. If there is something missing feel free to comment or send me a mail.

Ideas on Segmentation metrics (part two)

Mon, 02 Sep 2019 00:00:00 +0000

Please check out Part one of this series of articles

Metric One: Do you have more than one segment?

This question is, of course, more of a rhetorical question, but there is a point about this one. Of course almost all companies have more than one segment. Most companies use VLANs extensively. We break out DMZs and internal data center LANs of course. Sometimes we use firewall interfaces between those VLANs or segments and treat them as zones.

ACT IAC on Zero Trust trends

Sun, 25 Aug 2019 00:00:00 +0000

The American Council for Technology-Industry Advisory Council (ACT-IAC), a non commercial organisation for creating a more innovative government published a paper on Zero Trust

I would recommend this paper for anybody remotely thinking about Zero Trust, be it because you start thinking about introducing it or because it is just one of those trends that you want to catch up on.

There is a huge amount of truth and knowledge in this document and it is not having any marketing in it. I read it and thought this is sound advice for anyone that looks to improve their security posture with the ultimate, long term Zero Trust goal in mind.

Ideas on segmentation metrics (part one)

Thu, 22 Aug 2019 00:00:00 +0000

What you measure is what you get

If you are like me and live and breath IT or IT security, the above statement probably does not ring a bell and you don’t realize the source of this. It is from a person called Robert. S. Kaplan who developed something you may have heard of, the balanced scorecard.

I will not dig into economics, because we are not in business school, but the essence of the scorecard is that you need metrics on which you can measure success or failure to be successful or be able to reach your objectives.

A short history of segmentation

Mon, 19 Aug 2019 00:00:00 +0000

Let’s start this with quoting wikipedia on what network segmentation is according to a encyclopedia.

Network segmentation in computer networking is the act or practice of splitting a computer network into subnetworks, each being a network segment. Advantages of such splitting are primarily for boosting performance and improving security.

How did this start?

Some of the readers might actually be old enough to remember how local area networks started out in the early 90s.

A collection of zero trust resources

Sat, 10 Aug 2019 00:00:00 +0000

Work in progress

This list is work in progress, if you have suggestions on what to add, please add a comment below or drop me a mail or note.

The origins

Zero Trust is not exactly a new idea, but a name for a architecture that takes least privilege as the first design principle and assumes nothing can be trusted. I am not sure who established the category at this moment, but it seems Google and Forrester Research have both been working on this. John Kindervag (@kindervag) originally published the model in 2010. That paper is still valid 9 years after the first publication and it shows great foresight and vision. Kudos to that.

Visualization of an attack in a Zero Trust Network

Sat, 10 Aug 2019 00:00:00 +0000

Dr Chase Cunningham from Forrester Research is spreading the Zero Trust Networking word and there is a lot to be learned from the model. The below video shows how a attack spreads in a relatively flat network compared to how it spreads (or rather does not spread) in a network build with Zero Trust Networking architecture.

Zero Trust in Practice

We will also publish a series of posts and articles that talk about the Zero Trust model, the guiding principles and challenges and how to start the journey.

Microservices and microsegmentation

Wed, 07 Aug 2019 00:00:00 +0000

Microsegmentation and microservices

found this article on DZone and wanted to quickly share my thoughts on it.

“Micro is big these days” - This statement is from a article showing the similarities and differences between microservices and microsegmentation. Of course we all know the differences, but we might have never thought about the similarities between the two approaches.

Microservices are about dissecting applications to smaller units and run those units independently instead of running them in a monolithic application. This creates the ability to decouple those functions and makes the service more scalable, independent from the other services and easier to maintain a single functionality. Often one team is responsible for one microservice. They maintain their interface, but consumers of the service do not have to worry about the inner workings as long as they stick to the public interface.

Kubernetes podcast on attacking k8s

Tue, 06 Aug 2019 00:00:00 +0000

The current Kubernetes Podcast gives a great view into how to attack kubernetes clusters. I have been talking about this all the time when i see OpenShift or kubernetes clusters that are trying to protect the container infrastructure with tools made for protecting pods, but hardly protect the container orchestration platform itself.

Securing the container infrastructure is hard and not doing it may lead to things like cluster takeover or host escapes.

microsegment.io started

Sun, 04 Aug 2019 11:24:02 +0200

Welcome to microsegment.io

microsegment.io is a site to post news and discuss new developments, products, common problems and best practices all around microsegmentation and a broader discussion around segmenting your network to make it more secure and resilient to attacks. We may also highlight current topics like automation, integration and the segmentation of (not so) new technology like containers and service meshes. The information you will find will be technical, but mostly not down to a binary level.

An Example Post

Mon, 04 Jun 2018 00:00:00 +0000

Market Overview on microsegment.io

Weekly Security Landscape: April 4 - 10, 2026

The Week at a Glance

Management Consoles: The Keys to the Kingdom

The Wrong Thing Is Still Trusted

Introducing the Blast Radius Calculator

Why Blast Radius Matters

Weekly Security Landscape: March 28 - April 3, 2026

The Week at a Glance

🔴 Critical: TeamPCP Supply Chain Campaign Expands

Hard Truths #2: Patching Is Whack-a-Mole, Not Strategy

The Math Nobody Wants to Do

Hard Truths #1: Your Security Tools Are the Attack Surface

The Pattern Nobody Wants to See

The Incidents

M-Trends 2025: Unpacking the Threats and Why Microsegmentation is Your Strongest Defense

M-Trends 2025: Unpacking the Threats and Why Microsegmentation is Your Strongest Defense

Attackers think in graphs

Recommended reading: Cyber Resilience: A Perishable Skill That Needs Practice

Recommended Reading: Cyber Resilience: A Perishable Skill That Needs Practice

The microsegmentation landscape in 2025

The Microsegmentation Landscape in 2025: Current State and Future Directions

Introduction

Thoughts on the Attack matrix for Kubernetes

Introduction

The Service Mesh

Mitre ATT&CK and Segmentation

The importance of outbound policy

Implementing Sensible Network Segmentation

Sage Data Security on why network segmentation is important

Deploying Cisco ACI and VMware NSX

NIST publishes a zerotrust architecture recommendation

Ideas on Segmentation metrics (part three)

8 Microsegmentation pitfalls to avoid

The incomplete ITSA 2019 guide to segmentation

Illumio

Microservices and Microsegmentation

Undivided We Fall: Decoupling Network Segmentation from Micro-Segmentation

Demystifying the Windows Firewall

Scaling up vs scaling out your security segmentation

What is scale up?

Segment-O-Pedia

Ideas on Segmentation metrics (part two)

Metric One: Do you have more than one segment?

ACT IAC on Zero Trust trends

Ideas on segmentation metrics (part one)

A short history of segmentation

How did this start?

A collection of zero trust resources

Work in progress

The origins

Visualization of an attack in a Zero Trust Network

Microservices and microsegmentation

Kubernetes podcast on attacking k8s

microsegment.io started

Welcome to microsegment.io

An Example Post