The Zero Trust Hub Editions
Zero Trust Segmentation trends, insights, and resources for today's cybersecurity leaders
The Monday Microsegment for the week of 3/16/2026
AI Agents at Work: 4 Ways to Make Them Safer for the Enterprise
In Forbes, John Kindervag warns that autonomous AI agents could quickly become a new enterprise risk if they’re deployed without strong oversight. He makes the case for applying Zero Trust visibility, strict identity controls, human-in-the-loop approvals, and clear guardrails to keep agents from creating risk faster than humans can respond.
Industry Cheers New Cyber Strategy, But Still Waiting for the Fine Print
In MeriTalk, Gary Barlet calls the White House’s new cyber strategy a clear signal that Zero Trust is above politics — it’s operational. Industry leaders praised the strategy’s focus on AI-driven security and public-private collaboration. But some experts say the five-page document falls short without any detail on how to make it happen.
Why the Containment Gap Is a Zero Trust Problem
Director of Critial Infrastructure Solutoins
According to our new research, The Containment Gap: Exploring the Distance Between Detection and Resilience, 95% of security leaders say they’re confident they can detect unauthorized lateral movement inside their environments.
At first glance, that sounds like progress. Detection tools are everywhere, and visibility dashboards are improving. Security teams are investing heavily in analytics and monitoring.
But another statistic in the research tells a much more troubling story.
Nearly half of organizations say they still struggle to stop attackers from moving once they are inside their environment.
That gap between seeing an attack and stopping it is what this report calls the containment gap. And it exposes a deeper issue in modern security architecture.
For years, the industry has optimized for detection. But Zero Trust was never about detection. It was about limiting trust and stopping attackers from moving once they gain access.
If organizations want real cyber resilience, they must adopt a Zero Trust mindset and shift their focus from simply seeing breaches to actively containing them.
Detection became the scoreboard
Over the last decade, security investment has focused heavily on visibility and detection.
EDR platforms monitor endpoint activity. SIEM tools aggregate and analyze logs. NDR platforms inspect network traffic. Threat intelligence feeds provide constant updates on emerging attacks.
All of this has improved our ability to see what’s happening inside our environments. In fact, organizations rate their visibility into communication paths at roughly 4 out of 5 on average.
That’s incredibly valuable insight. But the fact is that detection doesn’t contain an attack. It simply tells you there’s an attack.
Modern breaches exploit this gap. Most begin with something simple — a stolen credential, exposed application, compromised supplier, or phishing email. Once inside, attackers slow down, map the environment, escalate privileges, and move between workloads.
That movement is what turns a foothold into a breach.
Detection tools may eventually surface the activity. But by then, the attack may already have spread uncontained through your environment.
The research reflects this reality. As we highlighted at the start, 95% of teams believe they can detect unauthorized lateral movement. But nearly half still struggle to stop it.
Attackers aren’t winning because defenders can’t see them but because defenders can’t contain them fast enough.
Zero Trust shifts the metric from detection to containment
Zero Trust is often framed as an identity strategy, but that misses the point.
At its core, Zero Trust removes implicit trust from the environment, so attackers can’t move freely once they gain access.
Segmentation plays a central role. When workloads are isolated from each other, communication must be explicitly allowed and lateral movement becomes far harder.
The breach may still happen, but the blast radius becomes dramatically smaller. That’s the real goal of cyber resilience.
The research suggests organizations recognize this shift. In fact, 93% report using at least one form of microsegmentation today.
But adoption alone doesn’t guarantee results.
Security dashboards still emphasize metrics like mean time to detect, alert volume, and threat intelligence coverage. Those numbers may look impressive, but they don’t answer the question that matters most during a breach: how quickly can we stop an attacker from moving?
Containment speed is what determines whether an incident becomes a minor disruption or a major crisis. Yet only 17% of organizations can isolate a compromised asset in near real time.
That means most organizations still give attackers minutes or hours to move through their environment after detection.
In cyber terms, that’s a long time, and it’s something a Zero Trust strategy can reduce.
Closing the containment gap
If there is one lesson CISOs should take from this research, it’s that detection is no longer the hardest, most critical problem in cybersecurity. It’s containment.
Security programs that continue optimizing only for visibility will remain stuck in a cycle of detection, investigation, and recovery.
The organizations that break that cycle will design their environments differently. They’ll assume attackers will eventually gain access, remove implicit trust between systems, and enforce strict communication paths across workloads.
In other words, they’ll build security architectures grounded in Zero Trust principles.
Until containment becomes the primary design goal of cybersecurity programs, the containment gap will remain exactly where attackers want it: wide open.
STATSHOT
On High Alert
Concern about cyber threats is nearly universal. While data theft and operational disruption remain the most cited fears, the widespread anxiety across categories — from supply chain compromise to state-sponsored attacks — highlights a growing need for containment-first Zero Trust strategies.
