Share Via
Zero Trust was meant to make LAN security simple. Instead, it turned into a maze of dashboards, policies, and tools that look impressive but rarely work together. The data center evolved. The cloud adapted. Even the WAN transformed. But the LAN — where everything actually connects — hasn’t changed much in 25 years. It’s still built on assumptions that no longer hold true.
The Unseen Majority
Most organizations still think about protecting laptops and phones. But the real network today is made up of sensors, cameras, printers, badge readers, robots, and displays — all constantly connected and rarely managed. Gartner estimates that over 80% of enterprise devices are now outside IT control, and by 2030 there will be close to 30 billion IoT devices.
The big issue is that these devices don’t run antivirus. They don’t support agents. Many can’t even be patched. Once they’re on the network, they look harmless — until one of them isn’t. Nearly 70% of breaches now start inside the network, often from a trusted or unmanaged device. The LAN has quietly become the easiest place to hide — a wide open surface where malware on one infected device can move laterally before anyone notices.
The Illusion of Protection
The problem isn’t just the devices. It’s that we’re still using old approaches to protect them. Agent-based tools fail because most devices can’t run an agent. NAC systems rely on VLANs, static rules, and integration points that constantly break. And firewalls, with their zone-based policies, still assume there’s a clear inside and outside to protect. Attackers don’t respect zones; they exploit the gaps between them and within them.
All these tools give the appearance of control — but do not offer real containment. Every layer adds more configuration steps, more exceptions, and more human dependency. Over time, complexity itself becomes the new attack surface.
The LAN Left Behind
Zero Trust has made its way to data centers, and cloud and WAN services. But the LAN — where users and devices actually connect — is still the weakest link. The irony is striking: the part of the enterprise that connects the most devices has the least visibility and control. The LAN was designed for connectivity, not containment. It assumes everything inside is trusted. That assumption is exactly what attackers exploit.
Rethinking the LAN Foundation
Securing the LAN isn’t about adding more boxes, more policies, or more licenses. It’s about rebuilding trust into the fabric itself. Every wired and wireless connection should authenticate before it communicates. Every device should be isolated by default — a segment of one. Policies should follow identity and context, not IP addresses or VLANs.
Security has to be built in, not bolted on. Because at this point, complexity isn’t just inefficient — it’s unsafe. The next phase of network security begins where most have stopped looking — inside the LAN itself.
Read how we’re rethinking that foundation and turning it into a reality. A very succinct post written by Vriti Magee: When Networks Learn to Flow
