Our software-defined segmentation places network traffic into varied classifications and makes enforcing security policies a lot easier. We classify ideally based on endpoint identity, not just IP addresses. Rights can be accessed based on location, role, and more so that the right people get the correct level of access and suspicious devices are thus contained and re-mediated.