Segmentation of networks, devices, users, and applications has long been a best practice for supplementing edge security and breaking up flat internal networks. However, for network engineering and operations leaders who prioritize risk mitigation, achieving compliance and effective security posture management, current segmentation approaches fall short. Traditional approaches control access at a level that is too coarse-grained to fulfill business requirements. They rely on trust assessments that are quickly outdated and assume that threat protection exists, even when the organization has gaping holes in its growing attack surface. This kind of environment renders network engineering and operations leaders unable to manage their security posture proactively and leaves their organization open to greater security risk.