Golden safety lock

What is microsegmentation and how does it slow down attackers?

Through the story of Maersk, learn how a ransomware attack could have been prevented and understand microsegmentation

2023.06.08Dheeraj Rawal

Traditional castle-and-moat network security

In centuries past, building walls around a castle was one of the commonest ways to defend it. These walls had other elements, like towers, moats, and drawbridges. A conventional cybersecurity approach is very similar to this defense model, called the castle-and-moat model or perimeter-based security. 

But nowadays, businesses must put equal effort into building both external and internal defenses. They can achieve this through microsegmentation.

The danger within


A conventional security model has some fundamental flaws; it automatically trusts everything inside the perimeter and assumes that attackers will not emerge from inside. Moreover, if the walls are breached, there’s nothing inside the castle to defend or contain attacks. 

Malware and advanced persistent threats (APTs) linger to strike organizations. A traditional perimeter-focused security setup, therefore, is ineffective in today’s times. Despite different security systems like firewalls, antivirus software, and intrusion preventions system, some cybercriminals may still be able to breach your perimeter. These threats can remain inside a company’s network in a sleep state network for months before becoming active. Nowadays, coordinated cyberattacks are notorious for lying undetected for weeks and months before full-fledged attacks.  

These threats then leap in a lateral movement from server to server, enabling cybercriminals to exploit sensitive data as there are few security controls to contain the attack.

How does microsegmentation work?


The main objective of microsegmentation is to restrict attackers’ movements inside a company’s systems to contain the damage to a large extent. 

Network segmentation allows organizations to divide servers, systems, workloads, and applications into smaller isolated segments. Different segments can have unique security controls.


The concept is often compared to a submarine design, where the segments or compartments are built so that if there’s a breakage or puncture in one of the compartments, the flooding is contained to that section only. The other areas remain watertight.  

Reducing the attack surface

The organization can contain the attack if a hacker intrudes in one of the segments. This restricts the malicious actor’s ability to move from one segment to another and allows organizations to minimize the attack surface. As the hacker remains locked inside one area, their visibility into others is also limited, reducing the risk of unauthorized access. 

Enterprises can deploy different security control levels to reflect each segment’s criticality. Simply put, you can give your segments containing critical systems or sensitive data an extra layer of protection. Furthermore, these controls can trigger alarms in case of a breach related to that segment. Such features improve threat detection at early stages. 

What are the benefits of microsegmentation?

As more enterprises adopt cloud platforms, perimeter-based security becomes less relevant, and concepts like microsegmentation and zero-trust security are gaining ground. Micro-segmentation fits the bill for those with critical assets and infrastructure that need an extra layer of protection from ransomware and other cyberattacks. The benefits include: 

  • Enhanced security: isolating different segments improves an organization’s security posture by making it difficult for attackers to cause further damage. 
  • Improved access control: granular access control allows an organization to apply zero trust based policies, ensuring that only authorized people can access resources.  
  • Increased visibility and detection: monitoring traffic inside a segment makes it possible to detect anomalies and breaches in the early stages of an attack, enabling faster mitigation. 
  • Faster incident response: with speedier threat detection, an organization can deploy the right triggers and remediation techniques to minimize the damage and downtime and bring experts in early.  
  • Meeting compliance requirements: it can help organizations meet some of their compliance requirement through better protection and security controls. For instance, the NIS2 directive requires companies with critical infrastructure in the European Region to have enhanced security. Microsegmentation is one of the best solutions here. 
  • Flexibility and scalability: organizations can implement microsegmentation in different network environments like on-premises, cloud, or hybrid environments. They can modify security controls to meet their requirements for even more flexibility.   

Ransomware that attacked 49,000 computers in 7 minutes 

Maersk was one of the many companies severely impacted by the NotPetya ransomware attack. 

The logistics giant was unknowingly using compromised accounting software, M.E.Doc. In June 2017, companies using the software received an update in a phishing email containing malware. The attack spread across networks like wildfire in under seven minutes, exploiting vulnerabilities. It also encrypted all the devices connected to those networks, rendering them unusable.

The attack struck Maersk like a bolt from the blue. As the world’s largest shipping company handling almost 1/5th of shipments, imagine the impact on world trade and logistics. The company was compelled to resort to manual operations during this time.

Interestingly, the company lost all domain controllers except one in Ghana. Due to a power cut, Ghana’s domain controller was off the network during the attack. This was a blessing in disguise; Maersk used that domain controller to restore its operations and recover data. 

It was reported that the attack cost Maersk about US$ 300 million. Cumulatively, the NotPetya attack cost affected companies around US$ 1.2 billion

Could Maersk have limited the attack? 

Could Maersk have contained and mitigated the attack? It’s very likely. 

  • It could have detected anomalous traffic with automation detection and response.   
  • Maersk’s data centers, backups, and devices were attached to the network – could it have been possible to isolate them to prevent the attack from spreading? 
  • Had it applied privileged access management, zero trust-based policies, and segmentation, Maersk could have contained the attack. It began when an administrator logged into the physical server –their access could have been denied. 

Of course, it seems easy as we look in hindsight. Nevertheless, we must learn from others, especially in the cybersecurity domain. So, how should you approach microsegmentation? 

Five tips before implementing a microsegmentation solution

Before implementation, we recommend considering the following:  

  1. Assess your network: understand your current security and network architecture, and determine what assets and data are sensitive and need different layers of protection. 
  2. Define segments and security policies: segment your network based on departments, data sensitivity, business units, etc. Apply security policies that allow users access based on needs for zero-trust microsegmentation.    
  3. Identify the right microsegmentation solution: choose which microsegmentation solution fits your organization’s needs and current security architecture and maturity.  
  4. Plan and test implementation: create an implementation roadmap and define the scope for each phase. Run tests in a controlled environment to ensure business activities continue without interruption. Nor should segmentation hamper business communications.    
  5. Evaluate and update: review and maintain your microsegmentation strategy as your business needs or the external environment changes, such as regulatory and compliance requirements. 

We can protect you with microsegmentation 

T-Systems enables businesses to enforce process-level rules and policies to enhance their security posture. As a trusted partner of Akamai, T-Systems uses its Guardicore solution.  

Whether your cloud environment is private, public, or hybrid, T-Systems can assist you in deploying microsegmentation. We can help you identify business-critical applications and create granular policies controlling the microsegments’ traffic flow.  

You can even begin with our pre-defined templates and customize them to your needs.

About the author
Dheeraj Rawal

Dheeraj Rawal

Content Marketer, T-Systems International GmbH

Show profile and articles
Do you visit t-systems.com outside of China? Visit the local website for more information and offers for your country.