The initial infection is rarely the disaster; the spread is. Ransomware that lands on one laptop becomes a company-wide crisis only when it moves laterally — hopping from machine to machine across the flat internal network most organizations actually run. Containment attacks the spread, not the entry.
Airgap Networks Inc.'s US11374964B1, “Preventing lateral propagation of ransomware using a security appliance that dynamically inserts a DHCP server/relay and a default gateway with point-to-point links between endpoints” (issued June 28, 2022; CPC H04L 63/145 — malicious-traffic protection, and H04L 63/20 — security policy), describes severing the lateral paths between endpoints. Read it at US11374964B1.
Mechanically, the approach inserts itself into the network's addressing and routing so that endpoints can no longer talk directly to one another — each device gets point-to-point links mediated by the appliance instead of a flat broadcast domain. If machines cannot reach each other, ransomware cannot hop, and one infection stays one infection. This is microsegmentation enforced at the network layer.
Why this is a business story: lateral-movement containment is the technical heart of the microsegmentation and zero-trust-segmentation market — the thesis that assumes breach and limits blast radius. Airgap Networks was acquired by Zscaler in 2024, folding this containment IP into Zscaler's zero-trust platform. The deal logic is exactly the patent's logic: stopping lateral spread is worth paying for because it converts catastrophic breaches into contained incidents.
The grounded read: lateral containment limits ransomware's blast radius by cutting the endpoint-to-endpoint paths it spreads through. Airgap's 2022 grant names that point-to-point segmentation mechanism — the capability Zscaler acquired to extend zero trust inside the network.