Microsegmentation is the practice of dividing a network into small trust zones and applying rules between them, rather than treating the whole internal network as equally trusted. Each workload, service, or host can have its own policy for what it is allowed to talk to, on which ports, and under what conditions.
This matters because many intrusions spread laterally after the first compromise. If an attacker gains a foothold in one system, microsegmentation can slow or block movement to databases, management planes, and other high-value targets. Defenders use it in cloud, container, and data center environments to enforce least privilege, contain breaches, and reduce blast radius. In practice, it is implemented with network policy, host firewalls, security groups, service meshes, or hardware-assisted controls. In AI clusters and other dense environments, it also helps separate workloads without relying on a coarse perimeter model.