How Poor Device Visibility Undermines Segmentation in Connected Environments

Most security teams already know they need to segment their networks, and many have already written policies intended to achieve effective segmentation. What stops them is not strategy or intent; it is the gap between having a policy and trusting it enough to turn it on.

That gap almost always traces back to one problem: teams cannot fully see and understand the devices on their networks. When visibility is incomplete, every segmentation decision becomes a guess. In healthcare, manufacturing, and critical infrastructure, a wrong guess carries real consequences. Enforcing the wrong rule can interrupt patient care or take a production line down.

The hesitation is widespread. In Cisco’s 2025 segmentation research, most security leaders ranked segmentation as a priority, yet only about a third had fully implemented it, and the majority said their process needed work. In most cases, the policies already exist. What organizations lack is the confidence that enforcing them will not break something that matters.

This is a structural problem, not a tooling preference. Network segmentation is the foundation of zero-trust architecture, and organizations cannot secure or segment devices they cannot identify or understand. The modern enterprise network now combines traditional IT assets with a fast-growing range of Internet of Things (IoT), operational technology (OT), and Internet of Medical Things (IoMT) devices. These devices improve operations, but their original design never accounted for modern cybersecurity requirements. Without complete visibility into all of them, segmentation policies are harder to build and far harder to enforce with confidence.

Related: Introducing Segmentation Orchestration from Asimily

Why Do Organizations Struggle to Maintain Complete Device Visibility?

True visibility goes well beyond a traditional IT asset inventory. Many organizations rely on tools and processes built for conventional endpoints, and those tools create significant gaps when applied to OT, IoT, and IoMT environments.

Unmanaged and Agentless Devices

Traditional endpoint management tools require software installed on the device. Many OT, IoT, and IoMT devices lack the memory or processing capacity to run that software. As a result, organizations often have limited insight into device identity, operating system and firmware versions, communication behavior, external connections, and security posture. When teams rely on traditional tools alone, these devices become effectively invisible and unmanaged.

Legacy and Proprietary Systems

Operational environments frequently contain legacy devices that still function but lack current cybersecurity capabilities. They may use proprietary protocols, outdated operating systems, or unsupported firmware that cannot be integrated into modern monitoring solutions. Without visibility into these systems, organizations cannot determine which systems communicate with the device, whether observed communication patterns are expected, or how much network access the device actually needs. Without that context, applying segmentation policy risks operational disruption, and especially in IoT, IoMT, and OT environments, that disruption can reach human health and safety.

Dynamic and Decentralized Environments

Connected environments change constantly. Devices move between locations, vendors add temporary equipment, organizations introduce new systems, and communication patterns shift. At the same time, security and networking teams manage fragmented data spread across CMDBs, NAC platforms, endpoint security tools, network monitoring solutions, clinical engineering systems, and manual spreadsheets. When that siloed data goes stale, the organization loses any reliable understanding of its own environment.

Visibility Without Context

Device inventories fail when they do not provide actionable security intelligence. Effective visibility means understanding device type and manufacturer, how a device communicates with other networks and devices, what normal behavior looks like, the device’s risk level and criticality to operations, and the network access it genuinely requires. Without behavioral and communication context, security teams lack the information needed to apply segmentation safely at scale.

Why Visibility Matters in Effective Segmentation

Limited visibility creates a chain reaction across every segmentation activity, forcing teams to make critical decisions without the data to support them. These core challenges often prevent segmentation efforts from coming to fruition, thwarting well-intentioned plans to achieve zero-trust.

Recommending Policies

Many organizations understand the importance of segmentation but lack the visibility to identify high-risk communication pathways, devices with excessive access, unnecessary east-west traffic, and the critical assets that should be prioritized first. Without meaningful insight into network behavior and device relationships, policy creation becomes a manual, trial-and-error process. Teams spend their time analyzing patterns, validating dependencies, and refining policies by hand, and projects that should take weeks stretch into quarters.

Creating Policies

Effective policies require a clear understanding of all connected devices and how they communicate. Without accurate visibility into dependencies and traffic flows, organizations struggle to separate legitimate communication from traffic that should be restricted. Teams then default to one of two extremes: overly permissive policies that leave unnecessary pathways open, or overly restrictive policies that disrupt critical workflows. To preserve availability, most settle for broad access rules that leave so many pathways open that segmentation provides little real protection. The outcome is what some practitioners call Swiss cheese segmentation: structured on paper, full of gaps in practice.

Simulating Policy Impact

Organizations that manage to develop policies often cannot validate the impact of a change before pushing it live. Without complete visibility into device communications and dependencies, simulation becomes unreliable. Hidden communication relationships, rare but legitimate traffic, vendor-specific dependencies, and intermittent operational workflows all surface as unexpected disruptions only after a policy goes live. That uncertainty slows or stops projects entirely. When a team cannot confidently predict whether a change will disrupt operations, the safe default is to leave the policy unenforced.

Applying Policies to Infrastructure

Even with a sound policy in hand, applying it to live NAC and firewall infrastructure introduces another layer of complexity. Each vendor enforces policy differently. Security Group assignments, Group-Based Access Control Lists logic, DACL structures, and the specific APIs used to push rules vary significantly across Cisco ISE, Aruba, Arista, Palo Alto, and Fortinet. Without the device intelligence to generate vendor-native policy formats, and without the ability to simulate impact before deployment, organizations are left choosing between manual rule authoring that consumes months of analyst time and broad policies that trade security precision for operational safety.

Responding to Incidents

Incomplete visibility limits the ability to respond quickly and precisely to a security incident. Isolating a threat without affecting legitimate operations is far harder when teams cannot identify affected devices, distinguish normal from abnormal behavior, map communication pathways, or track lateral movement. The uncertainty pushes organizations into reactive containment that is slower and broader than intended, isolating entire segments because they cannot confidently identify the specific systems involved.

Auditing for Drift

Segmentation is a continuous process, not a one-time project. Over time, segmentation drift weakens posture and opens gaps that can go undetected for long periods. Without comprehensive visibility, organizations cannot tell whether policies still match current device behavior, whether new communication pathways have emerged, whether permissive rules have crept in, or whether controls are consistently enforced. This also makes compliance harder. When auditors ask a team to demonstrate enforcement, validate least-privilege access, and produce accurate evidence, the absence of continuous monitoring leaves them unable to answer with confidence.

What Complete Device Visibility Makes Possible

When organizations achieve comprehensive visibility into their connected device ecosystem, they build the operational foundation that successful segmentation depends on. Continuous insight into device identity, behavior, communications, and risk lets teams create more precise policies, reduce their reliance on permissive access rules, accelerate incident response and containment, minimize disruption during policy changes, improve compliance readiness, identify high-risk devices and communication patterns faster, and support zero trust initiatives at scale. When policy decisions rest on accurate, continuously updated information, teams can build proactive strategies grounded in real device behavior rather than assumptions.

Best Practices for Improving Device Visibility

Successful segmentation requires context-rich insight into devices, communications, and network behavior. The following practices help turn visibility into action.

Implement Continuous Device Discovery

Static inventories are outdated the moment they are created. Continuous discovery maintains accurate, real-time visibility into authorized, unauthorized, transient, and unmanaged devices. Prioritize solutions that provide:

• Continuous discovery of IoT, IoMT, OT, IT, and unmanaged devices
• Automated classification and fingerprinting of every device on the network
• Real-time asset inventory updates as the environment changes
• Detection of unauthorized or rogue devices as they appear
• Centralized visibility across distributed and multi-site environments

Use Solutions Designed to Monitor IT, IoT, OT, and IoMT

General active scanning is often prohibited in OT and clinical environments, where a single misconfigured scan packet sent to a PLC or medical device can cause it to restart, drop a process, or trigger an alarm. Passive monitoring and safe scanning, designed for OT and IoT environments, enable organizations to observe device communications and behavior without disrupting sensitive systems. Look for:

• Agentless network traffic analysis that safely monitors network behavior
• Agentless visibility for unmanaged devices
• Deep packet inspection covering OT and healthcare-specific protocols
• Visibility into east-west communication between devices

Prioritize Behavioral Visibility

A static inventory shows what devices exist. Behavioral visibility shows how they operate. Understanding communication patterns, protocol behavior, and device dependencies moves an organization beyond a device list to a foundation that can support policy creation, simulation, and validation. Key capabilities include:

• Communication flow mapping and dependency analysis
• Behavioral baseline profiling per device type and individual device
• Anomaly and suspicious activity detection against those baselines
• Context-aware traffic analysis for segmentation planning

Incorporate Risk Context Into Visibility

Not all devices carry equal risk, and segmentation resources are finite. Risk-aware visibility lets organizations prioritize based on device criticality, actual vulnerability exposure, and real communication behavior rather than theoretical CVSS scores. Effective risk context requires:

• Vulnerability identification tied to actual exploitability in the specific environment
• Attack Analysis to understand which vulnerabilities have a path for the attacker in the environment 
• Asset criticality analysis that reflects business and operational importance
• Prioritized remediation recommendations focused on exposure
• Continuous monitoring for emerging device risk

Automate Policy Intelligence and Enforcement

The manual effort required to write, validate, simulate, and enforce policies at scale is the single most common reason segmentation projects stall. Automated policy intelligence accelerates initiatives while reducing configuration errors and operational risk. Look for:

• Automated policy recommendations derived from observed device behavior
• Policy simulation against real traffic before any change goes live
• Detection of conflicts, permissive access, and enforcement gaps
• Continuous policy auditing to catch drift from the original intent

Asimily: Segmentation Orchestration Built on Comprehensive Device Visibility

Asimily is the only platform that combines complete asset visibility, vulnerability attack analysis and prioritization, and Segmentation Orchestration in a single solution. Most security tools stop at identifying risk. Asimily covers the full path, from device discovery through continuously enforced, automatically maintained segmentation policy.

Deployed at more than 3,000 sites worldwide across healthcare, manufacturing, utilities, and critical infrastructure, Asimily monitors connected devices using agentless deep packet inspection and natively parses more than 300 OT and medical protocols. Every device is classified across more than 100 parameters, including make, model, firmware version, operating system, installed applications, and observed communication behavior. It uses no agents and no active scanning, so there is no operational disruption.

• Discover every asset. Asimily surfaces every connected device across IT, IoT, IoMT, and OT, including unmanaged devices, shadow assets, and devices invisible to existing NAC platforms. Communication profiles built from observed traffic become the behavioral foundation for every downstream policy decision.
  
• Analyze every risk. Asimily’s proprietary ATT&CK Analysis determines actual exploitability in the specific network environment rather than relying on generic CVSS scores. An attack on a vulnerability in the Windows Kernel might only be possible through a drive-by download attack, which might not be possible in the network. In our experience, this narrows millions of theoretical CVEs across a connected device fleet to less than 1% of truly high-risk devices, the specific assets that drive most of the segmentation urgency. The Risk Simulator lets teams model the expected risk reduction of a segmentation action before committing time and resources.
  
• Prescribe mitigation. Policy Auto-Recommendation generates conflict-free segmentation policies directly from observed device behavior and, based on recommendations from more than 3,000 global deployments, Asimily knows what percentage of similar devices worldwide actually require each protocol. Before any policy goes live, Policy Simulation shows exactly which device communications would be blocked, tested against real traffic rather than synthetic test traffic or assumptions. Teams iterate in simulation until the impact is acceptable, which removes the deadlock that keeps so many policies unenforced.
  
• Enforce continuously. Approved policies are pushed directly to Cisco ISE, Aruba, Arista, Palo Alto, Fortinet, Check Point, and others through native API integration. New devices joining the network receive policy recommendations automatically. As firmware changes, new vulnerabilities emerge, and topology evolves, Asimily’s Intelligent Policy Engine continuously evaluates deployed policies for drift, stale exceptions, and conflicts, updating them to stay aligned with current risk. A complete, continuous audit trail supports MDR, NIS2, ISO 27001, and GDPR requirements automatically.
  

Durable segmentation depends on seeing the environment clearly and enforcing a policy you can trust. That is what Asimily is built to deliver.

See it in action and request a custom demo of Asimily’s Segmentation Orchestration today.