Dividing a computer network into smaller, isolated segments with controlled access between them, preventing ransomware from moving laterally and limiting the blast radius of any compromise.
Network segmentation creates barriers between different parts of your network using VLANs, subnets, firewalls, and access control lists. Instead of a flat network where every device can communicate with every other device, segmentation creates zones where traffic must pass through controlled checkpoints. This is analogous to a building with locked doors between departments — even if someone gains access to one area, they cannot freely roam the entire facility.
In the ransomware context, segmentation is one of the most effective containment controls available. In a flat network, ransomware deployed on a single workstation can encrypt file shares, reach servers, and spread to every connected system within minutes. With proper segmentation, the ransomware is confined to the compromised segment. The key protocols to block between segments are SMB (TCP 445) and RDP (TCP 3389) — the primary protocols ransomware uses for lateral movement and remote encryption.
The highest-priority segments to isolate are: backup infrastructure (preventing ransomware from destroying recovery capability), domain controllers (protecting identity infrastructure from compromise), management networks (restricting administrative access to controlled paths), and IoT/OT devices (isolating inherently less-secure devices from the corporate network). Micro-segmentation takes this further by applying controls at the workload level, blocking workstation-to-workstation communication and enforcing application-specific access policies.