Segmentation – the network that stops the attack
Article 3 of 5 in the series “When Security Fails – and Trust Breaks”
Many organisations invest significant resources in keeping attackers out.
Fewer ask the equally important question: What happens if someone gets in anyway?
In a flat network, the answer is simple – and uncomfortable: attackers can move wherever they want. To production systems. To patient data. To power grid controls. Segmentation is the architecture choice that ensures one compromised device does not mean everything is lost.
NIS2 requires organisations in critical infrastructure to implement technical measures to protect networks and limit damage from security incidents. Network segmentation is one of the most widely recognised measures for meeting this requirement.
The convergence of IT and OT is accelerating dramatically – and with it, the attack surface against production and operational systems.
For leadership and the board, this means: network architecture is no longer purely an IT question – it is a risk question.
What is network segmentation – and why does it matter?
Network segmentation means dividing a network into isolated zones, so that traffic between zones is controlled and restricted. A device in one zone cannot freely communicate with devices in another zone – unless explicitly permitted.
Think of it this way: an unsegmented network is like an office building where every door is always open. If someone gets past reception, they have access to everything – server room, executive office, archive. A segmented network gives every room its own lock. An intruder in the lobby stays in the lobby.
| Flat network | Segmented network |
|---|---|
| One entry point gives access to everything | Entry points are isolated per zone |
| Lateral movement is unrestricted | Lateral movement is actively blocked |
| Damage spreads freely | Damage is contained to the compromised zone |
| No alerting on internal traffic | Anomalous traffic is detected and alerted |
| OT and IT share the same network | OT and IT are physically and logically separated |
Segmentation primarily protects two of the three values in the CIA triad: confidentiality – because data is not accessible across zones – and integrity – because systems in one zone cannot be manipulated from another. But in practice it also protects availability, because an attack that is contained cannot shut down the entire organisation.
IT and OT: the critical connection that many underestimate
In manufacturing, energy and critical infrastructure, network segmentation is not just an IT question. It is a question of operational security, physical safety – and in the most serious cases, societal resilience.
As IT and OT become more tightly integrated in production environments and energy grids, the need for segmentation increases dramatically. A compromised office network should never be able to provide access to the production environment. But in many organisations, that is exactly what it does.
Sweden’s manufacturing sector accounted for 36% of all Nordic ransomware incidents in 2024 – the single most targeted industry in the region. Denmark has faced sophisticated attacks on its energy infrastructure. Finland has seen a fourfold increase in attacks since its NATO accession. In all three countries, the IT/OT convergence is accelerating – and with it, the attack surface.
| Scenario | CIA value at risk | Potential consequence |
|---|---|---|
| Office network used as a pivot into OT | Availability (A) | Production shutdown |
| Legacy SCADA system connected to modern network | Integrity (I) | Manipulated process data |
| Remote access not segmented from operational environment | Confidentiality (C) | Operational data exposed externally |
| Vendor access without zone-based controls | All three (C, I, A) | Complete compromise of operational network |
NIS2 requires organisations in critical infrastructure to implement measures to limit damage from security incidents. Segmentation is one of the most effective tools for meeting that requirement – and one of the first things regulators will look for.
A compromised office network should never be able to provide access to the production environment. But in many organisations, that is exactly what it does.
Erik Ramstad, Head of Network, Infrastructure & CyberSecurity
Technical and organisational measures – both are necessary
Segmentation is not a product you buy and switch on. It is an architecture choice that requires both technical implementation and organisational commitment. Without both, the solution will erode over time.
Technical measures that form the foundation:
- VLAN segmentation to logically separate different parts of the network
- Microsegmentation for granular control within zones
- Zero Trust architecture: never trust, always verify – regardless of position in the network
- Clear OT/IT separation with zone architecture based on the Purdue model or equivalent
- Monitoring integrated with SOC – so that anomalous traffic is detected, not just blocked
Organisational measures that keep it effective:
- Clear ownership of network architecture and policy – who is responsible?
- Up-to-date inventory of all devices and access rights across all zones
- Change management routines – new devices must not be connected without assessment
- Regular cross-functional training of operations and IT personnel
Technical segmentation measures are in place – but the documentation is out of date.
New devices are connected without following the zone architecture. Over time, segmentation erodes.
The solution: treat network architecture as a living document, not a one-time project.
From theory to reality: what actually happened
The best argument for segmentation is not a theoretical model. It is what happens when it is tested against reality.
A Nordic organisation that had purchased network infrastructure from NetNordic experienced a real intrusion attempt. Four individuals tried to connect to the network to map the environment and extract information – the classic first phase of a targeted attack: quiet reconnaissance.
Confidentiality (C): No information reached the attackers. The reconnaissance attempt yielded nothing.
Integrity (I): No systems were affected. No data was altered or manipulated.
Availability (A): Operations continued without interruption. The client noticed nothing.
The client was unaware the attempt had taken place – until NetNordic presented it at the next status meeting.
That is the difference between security that is bolted on and security that is built in. The segmentation was not a reaction to the threat. It was there from day one – designed into the network architecture from the start.
This is network architecture – element 2 in the foundation of digital trust.
NaaS: network security as an integrated service
For many organisations, the challenge is not a lack of will to segment. It is a lack of capacity and expertise to build and maintain a robust network architecture over time.
Network as a Service (NaaS) from NetNordic addresses this by delivering network security and segmentation as an integrated, scalable service – with monitoring connected directly to our SOC. That means anomalies in network traffic are not just logged, but detected and handled in real time.
→ Network design and segmentation architecture tailored to your environment – IT and OT
→ Ongoing monitoring and incident handling integrated with NetNordic SOC
→ Vendor-agnostic approach – we choose the best solution for your environment, not our margin
→ Scalable architecture that grows with the organisation – from 200 to 200,000 employees
Organisations considering NaaS often ask: “Do we lose control when we outsource the network?” The answer is the opposite. With full documentation, transparent reporting and clear accountability, leadership gains better visibility – not less.
The question is not whether you will be attacked – it is what happens next
Most serious security incidents start small: one device compromised, one password phished, one vulnerability exploited. It is not possible to guarantee that nothing like this will happen.
What is possible is ensuring that the small does not become the large. That one compromised device does not grant access to the entire production environment. That one successful phishing attack does not mean all customer data is exposed.
That is what segmentation does. That is what network architecture is about. And it is the core of the foundation for digital trust.
The next article covers element 3: continuous testing. Because even the best network architecture should be tested against reality – before the attackers do it for you.
Book a no-obligation review with our network and security experts.
→ netnordic.com/contactThe full series: “When Security Fails – and Trust Breaks”
1. When a cyber attack becomes a reputational crisis
2. AI – The new attack surface
3. Segmentation – the network that stops the attack
4. Test yourself – before the attackers do
5. Security is a leadership responsibility
Sources and references
- SOCRadar: Nordic Threat Landscape Report 2024
- Nordic Cyber Group: 2024 Cybersecurity Trends – Nordic and wider EU regions
- NIS2 Directive (EU) 2022/2555 – network security and incident handling requirements
- IEC 62443 – industrial network security and OT segmentation
- NetNordic NaaS client case: four intrusion attempts stopped (anonymised, 2025)
Table of Contents
- What is network segmentation – and why does it matter?
- IT and OT: the critical connection that many underestimate
- Technical and organisational measures – both are necessary
- From theory to reality: what actually happened
- NaaS: network security as an integrated service
- The question is not whether you will be attacked – it is what happens next
Content subjects category
Content type
Related content
What Does Cyber Spring 2025 Look Like – Are You Aware of the Latest Developments?
CyberTalk 2025: Cybersecurity at a Crossroads
What Lurks Beneath: How Dark Web Intelligence Helps CISOs Stay One Step Ahead
Contact Us
Feel free to call us directly on our telephone number +47 67 247 365, send us an email salg@netnordic.no, or fill in the form and we will get back to you as soon as possible! Thanks!
