Unlike traditional perimeter defenses such as firewalls, software-based microsegmentation enforces granular, internal network controls. By applying unique policies to each segment, it blocks attackers from moving laterally after an initial breach. Ransomware thrives on lateral movement, but ColorTokens Inc. and CrowdStrike Holdings Inc. use software-based microsegmentation to contain its spread. Attackers are forced to hit containment walls at each step, reducing the breach blast radius, Mac Grant, vice president of Americas sales and channels at ColorTokens. Software-based microsegmentation shortens the breakout period by restricting attacker movement, increasing detection opportunities and forcing adversaries to slow down at every step. By enforcing fine-grained, workload-to-workload policies that block unauthorized east–west traffic, it ensures attackers encounter barriers at every pivot point, even after breaching one machine, according to Muralidhar. “I think CrowdStrike has been measuring the breakout period for the last several years, and you can see it’s nosedived by about 90%,” he said. “What microsegmentation does is actually helps you get more time. It adds more friction to the attacker, so the attacker is not free to move on so easily. It reduces the attack surface for the attacker to move around, and that’s what the [security operations center] teams would love from us.” ColorTokens’ “Be Breach Ready” approach focuses less on fully preventing attacks and more on preparing for the inevitable. By stopping lateral movement, organizations can block ransomware takeovers and limit major security incidents, according to Grant.