Changelog

Segmentation Testing comes to RedVeil

Prove your network segmentation actually works — and hand your QSA the evidence to back it up. New Segmentation Testing project type, available now.

May 1, 2026

If you've ever sat across the table from a QSA, you know the question:

"Show me your segmentation evidence."

For most teams, that evidence is improvised — a few Nmap runs from an analyst's laptop, screenshots dropped into a doc, and a story tying it all together. It works once. It doesn't scale, and it doesn't hold up the second time an auditor asks.

Today we're shipping Segmentation Testing, a brand-new project type purpose-built for validating that your network segmentation controls — VLANs, subnets, firewall rules, microsegmentation policies — actually do what your architecture diagrams claim they do.

What it is

Segmentation Testing uses your internal agent as a probe. You drop the agent into one network location (say, your CDE-adjacent zone), point it at an isolated segment, and RedVeil runs a reachability scan on your behalf. The output is a structured report you can hand directly to an auditor.

It's the same workflow security engineers already run by hand for PCI-DSS 11.4.5 / 11.4.6 — without the manual command-crafting, without the spreadsheet of results, and without the question of "did we run this against the right targets?"

Choose your scan depth

Segmentation Testing exposes the knobs that matter, with sensible defaults for compliance work:

  • TCP port scope — top 1000 (fast) or all 65,535 ports (thorough)
  • UDP port scope — optional, top 100 or all 65,535 ports
  • Transport — TCP-only or TCP + UDP
  • Host discovery — ping sweep first, or skip discovery and probe everything (-Pn)

QSA-ready evidence, automatically

Every segmentation scan produces a structured evidence appendix that ships with the report:

  • Testing device locationip route output proving where the agent actually sat on the network
  • Full Nmap TCP command and a representative excerpt of the output
  • Full Nmap UDP command and excerpt (when UDP is enabled)

What's new in this release

  • Segmentation project type in the new project form, with dedicated flow for picking transport, port scope, and host discovery options
  • Automatic evidence collection — testing location, commands, output excerpts, all appended to the report
  • Segmentation PDF report type with a layout designed for QSA review
  • UI guardrails that warn you about non-standard configs before you start

Pricing and availability

Segmentation Testing is available on the Full Coverage and Enterprise plans, alongside Internal Testing. You'll need an internal agent deployed somewhere with routing to the segments you want to test — if you've already rolled out Internal Testing, you're ready to go. On a different plan and need segmentation evidence for an upcoming audit? Talk to us and we'll get you upgraded.

Hand your QSA the report. Get back to shipping.

Previous

Internal Testing is now Generally Available

Next

No next update