Simulation-Based Validation of a Low-Cost Open-Source Micro-Segmentation Framework for Zero-Trust Lite Implementation in SMEs: Efficacy, Overhead, and Practical Considerations

Authors

Keywords:

Perimeter-based security, zero trust architecture, micro-segmentation, SME security, lateral movement mitigation

Abstract

Small and medium enterprises (SMEs) often avoid micro-segmentation due to perceived high cost, complexity, and performance overhead, despite segmentation being a core zero-trust principle. This study evaluates whether a low-cost, open-source micro-segmentation framework can effectively contain lateral movement and reduce blast radius in an SME environment. A simulated SME network was built in GNS3 with VMware-based hosts, comprising 24 nodes in a flat baseline topology with no internal segmentation. A micro-segmented architecture was then deployed using pfSense firewalls, Zeek for network monitoring, OpenDaylight SDN controller, and default-deny access control lists (ACLs). In both scenarios, an attacker-controlled “Patient Zero” node attempted reconnaissance and lateral movement toward a Finance Server. Measurements included reachable nodes, successful lateral moves, time to compromise, internal traffic visibility, blast radius, latency, throughput, and implementation cost. Results show a 91.7% reduction in reachable nodes (from 24 to 2), a 94.4% decrease in lateral moves (from 18 to 1), and time to compromise extended from 14 minutes to over 185 minutes (an increase of 1,221%). Blast radius dropped by 92%, latency increased by only 0.6ms, throughput remained at 94% of baseline, and internal traffic visibility rose from 5% to 98% with zero false negatives. Total software cost was $0 using open-source tools, requiring 24 professional hours on repurposed hardware. These findings indicate that a “Zero-Trust Lite” posture is technically and economically feasible for SMEs.

Dimensions

Alam, S. U. (2025). Zero Trust Microsegmentation for US mid-sized manufacturing: An OT/IT blueprint to contain ransomware, aligned to NIST CSF 2.0 & NIST SP 800-207. International Journal of Communication Networks and Information Security (IJCNIS), 17(9), 1–15. https://doi.org/10.48047/IJCNIS.17.9.15

Aris, A., & Ozdemir, S. (2026). Micro-segmentation anomaly detection in zero-trust software-defined network fabrics. Journal of Network and Computer Applications, 242, 103945. https://doi.org/10.1016/j.jnca.2026.103945

Arora, S., & Hastings, J. (2024). Microsegmented cloud network architecture using open-source tools for a Zero Trust foundation. In 2024 17th IEEE International Conference on Security of Information and Networks (SIN 2024). IEEE. https://doi.org/10.1109/SIN63213.2024.10871361

Atetedaye, J. (2024). Zero Trust Architecture in Enterprise Networks: Evaluating the Implementation and Effectiveness of Zero Trust Security Models [Doctoral dissertation].

Chidirala, R., S., Kumar, P., & Singh, R. (2024). SDN-based micro-segmentation: A lateral movement mitigation study. IEEE Transactions on Network and Service Management, 21(4), 210-225.

Dinh, T. D., Le, T. D., Nguyen, T. T. H., & Do, H. G. (2025a). A Lightweight Zero-Trust Architecture Implementation for Enhancing Cybersecurity in Small and Medium-Sized Enterprises. Journal of Telecommunications and the Digital Economy, 13(3), 106–144.

Dinh, T., Nguyen, B., & Lee, K. (2025b). Lightweight Zero Trust designs for hybrid cloud SMEs. Journal of Cybersecurity Research, 12(1), 45-62.

Do, H. G., et al. (2025). A lightweight Zero-Trust Architecture implementation for enhancing cybersecurity in small and medium-sized enterprises. Journal of Telecommunications & the Digital Economy, 13(3), 106–144. https://doi.org/10.18080/jtde.v13n3.1284

Gambo, M. L., & Almulhem, A. (2026). An explainable federated framework for Zero Trust micro-segmentation in IIoT networks. arXiv preprint arXiv:2603.24754. https://doi.org/10.48550/arXiv.2603.24754

IEEE Access. (2025). TriageHD: A hyper-dimensional learning-to-rank framework for dynamic micro-segmentation in Zero-Trust network security. IEEE Access, 13, 2169–3536.

Illumio, & Bishop Fox. (2020). Efficacy of Micro Segmentation Assessment Report. Illumio, Inc. https://www.illumio.com/resource-center/research-report/efficacy-micro-segmentation-assessment-report

Luckett, R. (2024). Scaling Zero Trust: Barriers to entry for small-scale enterprises. International Journal of Information Security, 23(2), 112-128.

Manzoor, A., Hussain, M., & Tariq, S. (2024). Open-source SIEM and micro-segmentation for cost-effective SME defense. SME Digital Resilience Review, 4(3), 88-104.

Nile Secure. (2025). Nile’s Zero Trust Architecture prevents 1 million targeted attacks at Wild West Hackin’ Fest 2025. Nile Insights. https://nilesecure.com/nile-insights/niles-zero-trust-architecture-prevents-1-million-targeted-attacks-at-wild-west-hackin-fest-2025

Potel, R. (2022). AI-Driven Security Graphs for Real-Time Breach Containment in Hybrid Cloud Environments. International Journal of Artificial Intelligence and Big Data for Cybersecurity Management Systems (IJAIBDCMS), 3(4). https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I4P113

Rahman, S., Khan, F., & Al-Saud, Z. (2024). Beyond the perimeter: A survey of ZTA implementation challenges. Cyber Security: A Peer-Reviewed Journal, 8(1), 15-34.

Raza, M., & Khan, A. (2024). Operational realities of Zero Trust: A case study on micro-segmentation rollout. In Proceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (pp. 45–56). Association for Computing Machinery. https://doi.org/10.1145/3652037.3652042

Sakhi, S. (2025). Micro-segmentation for Zero Trust Architecture: A framework for legacy systems integration [Master’s thesis, Delft University of Technology]. TU Delft Repository.

Tavva, R. (2025). Zero Trust and microsegmentation: An integrated framework for robust network defense in government organizations. European Journal of Computer Science and Information Technology, 13(47). https://doi.org/10.37745/ejcsit.2013

Wang, H.-S., & Wang, R.-C. (2025). Low-capital expenditure AI-assisted Zero-Trust control plane for brownfield Ethernet environments. Engineering Proceedings, 120(1), 54. https://doi.org/10.3390/engproc2025120054

Published

2026-06-22

How to Cite

Odule, T. J., Abdullah, K.-K. A., Ayo, F. E., Adetona, B. A., & Giwa, O. R. (2026). Simulation-Based Validation of a Low-Cost Open-Source Micro-Segmentation Framework for Zero-Trust Lite Implementation in SMEs: Efficacy, Overhead, and Practical Considerations. Nigerian Journal of Physics, 35(3), 145-156. https://doi.org/10.62292/njp.v35i3.2026.566

Issue

Vol. 35 No. 3 (2026): Nigerian Journal of Physics - Vol. 35 No. 3

Section

Articles
Copyright & Licensing

Copyright (c) 2026 Tola John Odule, Khadijat-Kubrat Adebisi Abdullah, Femi E. Ayo, Basit A. Adetona, Oluwakemi Rukayat Giwa

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

Odule, T. J., Abdullah, K.-K. A., Ayo, F. E., Adetona, B. A., & Giwa, O. R. (2026). Simulation-Based Validation of a Low-Cost Open-Source Micro-Segmentation Framework for Zero-Trust Lite Implementation in SMEs: Efficacy, Overhead, and Practical Considerations. Nigerian Journal of Physics, 35(3), 145-156. https://doi.org/10.62292/njp.v35i3.2026.566

Most read articles by the same author(s)