In 2025, security teams across the UK found themselves trying to manage environments that no longer resembled the technology maps they had on file. Hybrid estates had drifted far from the diagrams produced in design workshops, and segmentation tools that once seemed capable of containing movement across the network were now colliding with a type of complexity that had grown quietly over several years.
Real-World Incidents Revealed How Far Networks Had Drifted
The year started with several high-profile reminders of how sprawling, mixed-ownership environments behave when things go wrong. Telecom operators reported incidents where operational systems were impacted due to legacy infrastructure that couldn’t support modern controls. Logistics providers lost visibility across distribution networks because third-party devices —still critical to daily operations— were too old or too fragile to support agent-based controls. Healthcare trusts had to isolate equipment manufactured in the late 1990s that had never been designed to run additional software in the first place. These cases didn’t attract the headlines that ransomware events normally draw, yet they exposed a common pattern: segmentation approaches were being stretched far beyond their intended design.
The Limits of Agent-Based Segmentation Became Impossible to Ignore
Some organisations tried to fix this by pushing their existing tools harder. Security teams were instructed to expand coverage across supplier-owned devices, unmanaged sensors, and operational hardware that had never been part of the original plan. In theory, it sounded reasonable. In practice, the rollouts became stuck in familiar loops: devices that crashed the moment an agent was installed, business units that refused the deployment altogether, and network segments that could not be monitored because the tooling still required visibility into the host.
Operational Gaps Surfaced Only in Crisis Moments
The most telling moments of 2025 came from environments where everything looked functional on paper. One manufacturing group spent eight months building segmentation policies across their IT network, only to discover that a separate operational cluster —managed by an external automation partner— had been excluded from the project due to contract boundaries. The gap didn’t appear in any readiness checklist or compliance audit. It only became visible after an intrusion caused unauthorised movement through the supplier’s equipment, bypassing the organisation’s carefully built controls.
Industry After Industry Reached the Same Conclusion
These scenarios repeated across industries. Retail chains, energy providers, and transport operators all reported the same challenge: projects that were meant to simplify containment were instead generating dependencies that were nearly impossible to sustain. Segmentation was no longer a technical exercise; it had become a logistical one. Teams weren’t struggling because the concept was flawed but because the environments they were securing no longer matched the assumptions the technology had been built around.
The Evidence Built Up Quietly Across 2025
The shift in 2025 wasn’t driven by a single catastrophic breach. It was shaped by the slow accumulation of operational evidence. Organisations saw that modern networks consist of assets they own, assets they manage, assets they influence, and assets they rely on but cannot touch. Segmentation methods that depend on uniform software deployment can only ever reach a portion of that interconnected landscape. It is the blind spots—often the most business-critical systems—that end up defining the real exposure.
Why Interest in Agentless Segmentation Rose
This is the context behind the renewed interest in segmentation that doesn’t rely on agents. Teams are looking for controls that work around the inconsistencies of modern environments rather than attempting to smooth them over. They want containment that applies equally to devices that are well-managed and devices that are outside their administrative reach. They want guarantees that do not evaporate the moment an operating system update breaks compatibility or a supplier refuses a change request.
A Model That Works With the Network as It Really Exists
2025 ultimately accelerated a shift in mindset. Organisations realised they needed segmentation that observes the environment directly, without depending on software deployed on every endpoint, and without requiring each asset to behave perfectly. They need approaches that keep their containment strategy intact even when the network evolves faster than the documentation.
A More Practical Way Forward in 2026
This is the direction many UK organisations are moving towards in 2026: not a rejection of traditional segmentation, but a recognition that environments have outgrown the assumptions those tools relied on. The interest in agentless models is rising because they allow teams to work with the networks they actually have, not the networks they wish they had.
Agentless Network Segmentation — ENHALO Services
ENHALO’s own work in this area reflects the same real-world pressures outlined above, and the organisations we support are finding that agentless controls offer a more reliable foundation for lateral movement containment in environments that continue to evolve in unpredictable ways.
