Reducing the Attack Surface: Network Segmentation vs. Identity Segmentation

Tighten your security posture with identity segmentation

Network segmentation has been around for a while and is one of the core elements in the NIST SP 800-207 Zero Trust framework. Although network segmentation reduces the attack surface, this strategy does not protect against adversary techniques and tactics in the identity phases in the kill chain.

The method of segmentation that provides the most risk reduction, at reduced cost and operational complexity, is identity segmentation.

Download this white paper to:


  • OS icon
  • deployment icon
  • installation icon

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

Visit the Tech Center