This article was originally published on defenseone.com. 

A couple of weeks ago, the U.S. Defense Department took the first step in executing its new “defend forward” doctrine in cyberspace. The Pentagon telegraphed this step in its new cyber strategy, which told Russia, China, and others that if they continue to conduct cyberspace operations against U.S. interests, the U.S. will push back by targeting their military cyberspace infrastructure and disrupting their operations.

Large organizations often have data centers located in different geographic regions. Distributed data centers allow these organizations to locate their applications close to their customers and employees, comply with data residency requirements, and provide disaster recovery for their critical business applications. The adoption of public cloud is making it even easier for organizations of all sizes to distribute their workloads across multiple regions. For example, AWS now spans 18 geographic regions around the world.   

We’re excited to introduce PCE Supercluster to provide full visibility, centralized and federated management, and consistent enforcement of micro-segmentation policies across multi-region infrastructure – at very large scale. This post explores the key requirements for securing multi-region infrastructure and why we designed PCE Supercluster with a federated architecture. 

It is not a question of if but when an organization or an individual will be breached in cyberspace. If you believe that, you have taken the most important cognitive step – you are prepared to “assume breach” and build resilience to withstand a cyberattack.

But if you assume breach, what does it mean for how you think about security investments in people, processes, and technology? More importantly, what strategies should your organization employ to become secure beyond breach? On October 24, 2018, Illumio convened a group of cybersecurity strategy and technology leaders in Washington, D.C., to discuss the assumption of breach and identify best practices in cyber resilience. 

Below is a summary of key findings from the day. For those interested in hearing all these smart people talk, stay tuned for the videos. 

This article was originally published on law.com. 

The thought of a cyberattack strikes fear into the hearts of law firms every day. Yet rarely do partners take the necessary step back and ask: why are breaches having such an impact? The answer is simple — and so is the solution.

This article was originally published on legalitprofessionals.com. 

Law firms face constant threats in cyberspace. They hold a treasure trove of sensitive data that’s attractive to everyone from homegrown hackers to hostile nation-state actors, and according to the American Bar Association 2017 Legal Technology Survey, 22 percent of law firms experienced a cyberattack in 2017 (up from 14 percent in 2016). Following a breach the global average “dwell time” for an intruder to remain inside an organization is 191 days. The most infamous law firm hack to date was the breach of the Panamanian law firm Mossack Fonseca, which ultimately led to the firm’s closure.

Some firms are taking proactive measures to secure themselves and their clients’ data, but many need to improve their approach. The goals of a cybersecurity strategy are broadly understood – prevent data loss and disclosure. But where do you start, how will it impact you at the organizational level, and what technology investments need to be made?