I took tptacek’s comment as implying that ZTNA solutions do do microsegmentation. Otherwise, if I get a shell in one app and have access to the entire network then what was the point of any of it? Are you saying they don’t do microsegmentation?
Yes: "microsegmentation" is a good way to describe one strategy (the most popular one) for retrofitting a notion of OMB-style "Zero Trust" onto existing networks. It's the selling point of things like this.
Agreed. My point was that ZTNA requires more than just micro segmentation, it should also include deny by default, service based access, least privilege, endpoint posture checks etc.
