What is the term for the practice of segmenting networks to limit exposure?

The term for the practice of segmenting networks to limit exposure is network segmentation. This approach involves dividing a larger network into smaller, distinct segments, or sub-networks, to enhance security and manageability. By doing this, organizations can enforce security policies more effectively, contain potential breaches, and minimize lateral movement within the network. Network segmentation also facilitates compliance with regulations by allowing more precise control over access to sensitive data.

For example, if a network is segmented into various zones, such as administrative, guest, and operational networks, then if a threat or breach occurs in one zone, it becomes easier to isolate and manage without affecting the entire organization. This practice not only protects sensitive data but also optimizes performance by reducing broadcast traffic within the network.

Other options, like network isolation, might imply a complete separation of networks but do not specifically capture the concept of dividing a single network into multiple segments for better management and security. Network filtering refers to controlling the traffic going in and out of a network rather than its structure. Network virtualization relates to creating virtual versions of resources and does not pertain directly to the strategy of segmentation for security purposes. Thus, network segmentation is indeed the most accurate term for the described practice.