Adaptive Segmentationmicro-segmentation November 4, 2022

Cyber Change, Defining Zero Trust, and Illumio Endpoint

Charlie Bedell, Senior Content Marketing Specialist

What’s one thing that stays constant in the cybersecurity industry? Change.

That was the focus of this month’s security news:

  • How tech giant Google is coping with cyber change via the Mandiant acquisition
  • Gaining clarity on what is and isn't Zero Trust amidst a changing threat landscape
  • And the ways Illumio is making it simple for security teams to protect their ever-growing networks with Illumio Endpoint and the new Illumio + Appgate integration

Google prioritizes cyber resilience with Mandiant acquisition

Yahoo Finance’s Alexandra Garfinkle reported on Google’s $5.4 billion acquisition of cybersecurity firm Mandiant in her article, Google's finally talking about its Mandiant acquisition – here's what they said.

Google’s focus on reinforcing cloud cyber resilience shows one of the most important tech companies in the world is continuing to take cybersecurity seriously.

Mandiant, known for detecting cyber threats in the cloud, will help Google add “more frontline threat intelligence,” said Phil Venables, Google’s Cloud Chief Information Security Officer.

“Google Cloud is already strong when we think about how we analyze data and put it in context, and that only gets stronger with Mandiant,” he said.

According to Garfinkle, Google’s acquisition of Mandiant was “seen as a positive signal by the rest of the cybersecurity space.” It shows that every organization – even Google – has room to improve their security posture. And that they should pay close attention to today’s risky cyber landscape.

Illumio’s CEO and co-founder Andrew Rubin shared his thoughts with Yahoo Finance on the acquisition.

“Google Cloud’s cyber focus shows that security is a top priority for their business as a whole,” he said. “It’s promising to see industry titans commit in this way to safeguarding cloud environments from today’s evolving threats.”

As many organizations turn to an “assume breach” mindset, Google’s cybersecurity acquisition is the latest to showcase that security is becoming an indispensable part of business.

“If Google is willing to go ‘all in’ on cyber, clearly their customers believe security is core to everything,” said Rubin.

Getting clarity on what Zero Trust is – and isn’t

Significant changes to the ways organizations think about cybersecurity have brought some confusion about security best practices. This is especially true for Zero Trust, a modern security framework for securing against today's ransomware attacks and incessant breaches.

Protocol’s Kyle Alspach addressed the latest Zero Trust questions, concerns and use cases in his article, Why security teams are losing trust in the term ‘zero trust’, based a Protocol panel interview conducted earlier this month with cybersecurity experts that included Illumio’s Andrew Rubin.

Alspach says that Zero Trust has come to mean “an architecture, a strategy, a goal — or probably, all of the above” depending on who you ask. Whichever it is, Alspach endorses Zero Trust as one of the best ways organizations can improve their security posture against today’s sophisticated cyber threats.

And despite what Alspach describes as the “hype and misappropriation of the idea” of Zero Trust, organizations are increasingly interested in Zero Trust. He references findings from a recent survey by the Cloud Security Alliance that 80 percent of organizations see Zero Trust security as a priority and 77 percent plan to boost their Zero Trust spending over the next year.

Organizations clearly want to work towards Zero Trust. But as Alspach explains, Zero Trust “is not something you can buy in one package.”

“There are plenty of tools that can help an organization start to embrace the concept...but no single product that can deliver the whole thing,” he says.

While many security professionals are trying to decipher what Zero Trust is, Alspach thinks a more helpful approach is to start with what Zero Trust is not.

In the recent Protocol panel, Illumio’s Rubin shared that Zero Trust “isn’t every single security control in your environment.”

Rubin explained that traditional firewalls meant to support the network perimeter are clearly not capable of achieving Zero Trust alone. Organizations must move away from a sole focus on preventing and detecting breaches and towards an “assume breach” mindset of containing inevitable breaches.

In all, Alspach advocates for using the National Institute of Standards and Technology (NIST) framework to determine what Zero Trust is or is not – and which products will help an organization work towards a Zero Trust posture.

No matter how Zero Trust gets defined, of the reality of today’s cyber landscape is that it’s not a matter of if a breach will occur, but when. And organizations must be prepared to contain a breach when it happens.

Illumio Endpoint: Minor endpoint breaches don’t have to mean major security disasters

When breaches do occur, they’re likely to come through an endpoint.

That’s why Illumio has released Illumio Endpoint, allowing organizations to extend Zero Trust Segmentation (ZTS) to end-user devices.

VentureBeat’s Taryn Plumb featured the announcement in her article, How zero-trust segmentation keeps cyberbreaches from spreading across the enterprise.

According to Plumb, today’s growing hybrid workforce means many organizations are taking on more cyber risk than in years prior.

Hybrid work has expanded the attack surface by increasing the number of end-user devices available for hackers to use as steppingstones to gain access to other higher-value assets.

And while organizations rush to implement VPNs for remote employees, only 66 percent of organizations say they have the same level of visibility for users on the VPN as for users in the office.

That’s a massive risk for organizations – and a boon for hackers.

“It’s not the initial breach that causes the most damage,” explained Mario Espinoza, Illumio’s Chief Product Officer. “It’s when the attacker can move, often undetected, throughout an organization that leads to operational outages and compromised data.”

Implementing ZTS, a foundational pillar of Zero Trust, reduces this risk. Plumb says that ZTS proactively stops ransomware and breaches from spreading through a network by isolating workloads and devices across the cloud, data center, and endpoints.

In fact, it’s nearly four times faster than endpoint detection and response (EDR) alone. Plumb highlights a series of emulated cyberattacks by Bishop Fox that found ZTS can stop attacks in just 10 minutes.

Illumio Endpoint is purpose-built to stop bad actors from moving deeper into an organization’s network after an initial breach of an end-user device. It follows a device wherever employees work, “whether it be at home, in the office, or at a hotel, coffee shop, library (or elsewhere),” according to Plumb.

And as a result, security teams can “significantly increase the chances of the first compromised laptop also being the last,” said Espinoza.

The ways organizations work is changing, and their security strategies must keep up. Traditional prevention and detection approaches aren’t enough to protect against today’s sophisticated ransomware and breaches.

Plumb encourages organizations to implement a “three-pronged approach to security that also includes containment measures” like ZTS.

“This means organizations can build resilience against cyberthreats during the age of hybrid work, so that a minor breach doesn’t spread into a major disaster,” said Espinoza.

Want to learn more about Illumio Endpoint? Hear from Illumio’s CPO, Mario Espinoza, in his interview with TechStrong TV:

Illumio + Appgate: Protect your interior and exterior network from ransomware and breaches

In the new era of complex, interconnected, hybrid networks, it’s important that organizations use layers of security defenses to protect their infrastructure. But implementing these layers doesn’t have to be difficult.

Julia King writes about Illumio’s new integration with Appgate in her SDxCentral article, Illumio, Appgate Integrate Zero-Trust Network Segmentation and ZTNA. The integration provides a Zero Trust Network Access (ZTNA) and Zero Trust Network Segmentation (ZTS) solution to protect network connectivity and prevent breaches from spreading across hybrid infrastructures and applications.

King explains that Illumio Core can be installed for east-west traffic to label all workloads in the network with contextual data like role, application, environment, and location. Appgate SDP applies ZTNA to north-south network traffic and creates per-user, per-session, user-to-workload access controls based on Illumio Core’s contextual metadata.

“While ZTNA contains breaches from accessing certain areas of the network, ZTS prevents breaches from moving throughout the network once inside,” said John Skinner, Illumio’s VP of Business Development.

The two technologies work in tandem, ensuring that ransomware and breaches aren’t able to do what they want most – get unauthorized access to the network and then spread through the network in search of high-value assets.

Skinner said that while organizations have “done well to move quickly toward ZTNA, many organizations are still missing the ZTS piece of the puzzle.”

According to Skinner, ZTNA gets information about a user, where they’re going, and why. Then, it will create a cloaked private pathway to escort the user to the database or application in the internal network and put them in a secure “network room.” This ensures users aren’t able to roam the network once they get access to an application (and stops bad actors from getting deeper network access).

However, there are backdoors that ZTNA can’t protect – and this is where ZTS is required, says King.

ZTS allows you to set controls that prevent users from accessing other parts of your network once they’ve gained access to an application they need. As Skinner said, “They don’t have authorization to go where they shouldn’t be going.”

“Applications excessively connected to other applications is how ransomware spreads inside of organizations, and ZTS is what prevents attackers from finding the backdoors,” explained Skinner.

With the joint solution between Illumio and Appgate, security teams can know their interior and exterior networks are protected against the spread of ransomware and breaches.

“Everybody who’s a candidate for ZTNA should be aware that they need this complimentary piece [ZTS] also, not just as an add on, but also ideally in a way where they’re actually sort of helping each other,” said Skinner.

Learn more about the Illumio Zero Trust Segmentation Platform:

  • Learn Gartner best practices for implementing microsegmentation – and why they chose Illumio as a Sample Vendor for microsegmentation.
  • See why Forrester named Illumio a Leader in both Zero Trust and microsegmentation.
  • Read how HK Electric ensures its impeccable supply reliability of 99.999% by deploying Illumio Zero Trust Segmentation.
  • Contact us to find out how Illumio can help strengthen your defenses against cybersecurity threats.
Adaptive Segmentationmicro-segmentation
Share this post: