The value of segmenting local area networks into security zones is widely recognized yet rarely done well. Many large production environments are susceptible to today's sophisticated attacks due to a focus on perimeter security, leaving internal networks as a \flat" architecture, and difficult to defend from well-designed exploits. Attacks on poorly segmented networks are often the result of Malware having found the easiest path in, then moving to penetrate more valuable assets within the enterprise WAN.
Segmenting into defined security zones improves an organization's defensibility by: