Segmentation has been a foundational concept in network security for decades, evolving from coarse techniques such as virtual local area networks to more granular approaches like micro-segmentation. Yet the absence of clear definitions and a standardized taxonomy has hindered consistent understanding, effective implementation, and rigorous research. This paper introduces practical definitions for key segmentation concepts and a comprehensive taxonomy for classifying methods across technologies, infrastructures, and enforcement strategies. We apply this language to describe major product categories, demonstrate its utility through a real-world enterprise case study, and use it to analyze prior research to identify under-explored areas for future work. Overall, this paper systematizes fragmented segmentation practices by providing clear definitions and a unified taxonomy that support consistent analysis of segmentation design across diverse networked environments.
Rohit Dube (Thu,) studied this question.