Within minutes, tens of thousands of devices are locked up. Business comes to a halt. The demand for ransom begins.
The best way to protect against cyberattacks spreading throughout your network is to deploy Zero Trust Segmentation, enforcing access controls that block the pathways breaches like ransomware depend on. That way, even if an attack makes its way into the network, it can’t spread. The attack remains a single spark, not a wildfire.
But not all approaches to Zero Trust Segmentation guard against cyberattacks the same way. Some approaches are more effective than others.
Based on our experience working with leading organizations such as financial services, healthcare, hospitality, and retail, we can say that segmentation works best when it is:
Comprehensive, protecting as much of an organization’s IT assets as possible, regardless of where those assets are located.
Manageable, easy to configure and – critically – easy to configure correctly, so that segmentation rules work as intended.
Responsive, so that when attacks strike, security teams can respond quickly, isolating infected devices to prevent the attack from spreading further.
Here are three qualities of the Illumio Zero Trust Segmentation Platform that make it so effective at protecting from the spread of cyberattacks.
Illumio’s protection is comprehensive
Let’s start with scalability. Illumio can support a wide range of customer environments from very small deployments for our mid-enterprise customers to some of the largest and most complex environments in the world. Customers can scale as the size and scope of their own environment grows.
What sets Illumio apart is our ease of use and deployment with the ability to quickly scale. This gives customers peace of mind that as they grow, their Zero Trust Segmentation provider grows with them.
Operating systems supported include Windows, Linux, Solaris, and AIX. Illumio also supports cloud and container environments including AWS, Azure, Kubernetes, Google Cloud Platform (GCP), IBM Cloud, and Oracle – just to name a few. This flexibility is increasingly important as more companies adopt multi-cloud strategies.
In addition to all of this, Illumio also supports IoT/OT environments which are important in many healthcare and manufacturing environments. And Illumio is constantly innovating and adding new platforms to the list!
Illumio enables security teams to adopt one, comprehensive segmentation solution for all their on-premises, cloud, and hybrid environments, enabling single pane of visibility.
Illumio’s protection is manageable
Illumio’s solution is easier to manage in part because its security philosophy is so straightforward.
Keeping true to the design goals of Zero Trust security – that is, trust nothing by default – Illumio blocks all traffic by default and only allows explicitly authorized traffic to pass through. The Illumio policy engine allows only one command – allow traffic to pass through – in its security policies.
This design constraint turns out to greatly simplify security policies. Illumio’s application dependency map shows security teams, application owners, and other stakeholders the traffic that’s needed to support legitimate business operations. Using this information, stakeholders define policies permitting this legitimate traffic.
Illumio blocks everything else. Within days or even just hours, teams can analyze traffic patterns, define policies, model those policies without enforcement for further fine tuning, and then deploy effective Zero Trust Segmentation that protects even the busiest and most complex data centers from malware.
The security model used by other platforms is more complex. It offers security teams multiple commands for crafting policies: Allow, Block, Override, and Reject. Because all traffic isn’t blocked by default, security enforcement depends on rules being in the right order.
For example, traffic within a data center might be blocked, but traffic to and from an application might be allowed, unless that traffic is going to an external IP address, in which case it’s blocked.
With scenarios like this one and even more complex scenarios, it’s easy for rules to be overlooked or misunderstood, allowing dangerous traffic to pass through or legitimate traffic to be inadvertently blocked.
From our conversations with customers, we’re convinced that the straightforward design offered by Illumio is much easier to manage.
Illumio’s protection is responsive
It’s inevitable that an organization's network will be breached. When that happens, security teams need to act fast, isolating the attack at the point of entry so it can't spread through the network.
In either case, the organization gets immediate protection against ransomware spreading further on the network. Once the infected endpoint is isolated, the security team can analyze the attack and remediate it.
How Will You Get the Most Out of Black Hat USA 2015 and DEF CON 23?
Black Hat and DEF CON have definitely grown from the early years, and even from when I last attended, seven years ago. The events are still an eclectic annual gathering of many security tribes, but the expo floor at Black Hat is now packed with vendor booths as well.