Attacks are more and more likely to come from internal network sources, possibly being allowed in by unwitting accomplices. While it’s commonplace to have a web server DMZ and possibly a guest wireless network, few organizations take any steps to further segment their networks that might help prevent or detect lateral movement by an attacker. If the current common approach is that internal attack surface management is just as important as external hardening, then why aren’t more defenders doing anything about it? In this talk, we’ll look at common pitfalls that mire down internal segmentation efforts and ways to overcome them.