Cybersecurity Awareness Month: Our Top 5 Segmentation Tips for a More Secure Organization
It’s Cybersecurity Awareness Month (CSAM) throughout October, which usually means chief information security officer’s inboxes will be bulging with content — some of it useful, some of it not.
At Illumio, we believe that Zero Trust Segmentation is foundational to helping organizations become more secure. The better an organization is at isolating and protecting its key assets from infiltration, the safer it will be. This post provides five tips for better protecting organizations to limit damage from ransomware and other cyberattacks. We hope you find it useful.
Cybersecurity is still lagging behind
More than $150 billion will be spent on cyber and risk management in 2021, up from around $134 billion last year. Yet breaches are still happening on a massive scale. By September this year, the number of reported data breaches in the United States had already surpassed the 2020 figure. Ransomware is an increasingly major driver, costing some organizations tens of millions of dollars in damages.
Currently, it takes an average of 287 days to identify and contain a data breach. Clearly, cybersecurity is not yet good enough to ensure organizations can identify their risks and have the means to contain any attack.
5 segmentation tips to better protect your organization
To improve their chances of successful prevention, detection and response, security executives must adopt an offensive approach when designing security controls. Start from the assumption that your organization has been breached, then think about how an attacker would propagate an attack.
Lateral movement is often one of the key methods for propagation. Gaining visibility into this traffic and enforcing segmentation are security best practices to limit an attacker’s reach and drastically reduce the impact of a breach. Here’s how to get started in order to successfully ensure a more secure organization.
1. Identify your most valuable digital assets
Applications are the number one growth driver of modern organizations. So, the first step in any Zero Trust Segmentation strategy must be to identify the most important applications, and then map how applications and workloads interact and interconnect in the data center or cloud.
From here, you’ll be able to build out the solution by setting policies that only allow trusted communications between those applications. That means, if an attacker gains access to the network and tries to move laterally to exploit those “crown jewel” assets, it will be stopped in its tracks.
2. Consult the right experts
While Zero Trust Segmentation is an essential capability when pursuing best practice cybersecurity, it is crucial that key stakeholders, such as application owners, understand its importance and value – after all, it is their applications that will be benefiting from the protection segmentation provides.
Segmentation is a team sport. The best teams are those that involve:
- An expert on the application (they know their application and its associated dependencies the best)
- Someone from the infrastructure team who understands core services
- A security consultant who can guide on best practice
There may be others who wish to be involved. But these three roles, armed with the right tools and mandate to adopt segmentation, are critical to making the effort a success.
3. More context leads to better decisions
Imagine randomly finding a train ticket lying on the ground that only tells you that the ticket is for a journey from station X to station Y at date and time Z. You know that someone attempted that journey — in fact, all you know is that they bought a ticket for that journey. But you don’t know who made the journey, why they made it, or where it originated. The train ticket on its own, without the additional contextual data, is of limited value.
Traffic data from the network is similar to that train ticket: it is useful but, without context, has limited value. And if you’re trying to make decisions around protecting your applications, having such little context makes it challenging to work with and to make progress.
For this reason, enriching traffic data with context about the workloads involved – e.g., role performed, application serviced, and hosting location – helps you understand the flows more clearly.
Instead of now seeing individual flows between specific workloads, you can look at relationships between groups of workloads that share a specific context. So, rather than talking about Server A talking to Server B, you can instead discuss the Web Server in the Payments App talking to the Database in the Clearing App – and that makes the flow much easier to decipher. The app owner (on your team of experts) can use that context to determine whether it is a relevant relationship. The security reviewer can quickly determine what security controls are appropriate.
And the source of context could be anything that is a source of truth in that organization – it could be a dedicated configuration management database (CMDB) solution, tags from an Infrastructure as a Service (IaaS) platform, or even a CSV file. As long as it’s a trusted source, it doesn’t matter how that data is stored.
And if this context can be used to understand flows, it can also be used to build policies.
4. Be strategic and don’t boil the ocean
To stand the best chance of success with a multi-year, all-encompassing project like Zero Trust Segmentation, prioritization is important. Business buy-in is essential for long-term success, so start small and gain early wins to get executives and users on board for later phases.
Start with your most valuable assets or crown jewels. Critical applications with an immediate need for internal or external audit are a particularly good place to start. Also consider applications with a business need for ongoing change, like a new version or feature deployment.
The intention here is to show continuous, real progress in improving the protection of applications, thus reducing the cyber risk to the business.
Also, the process should be adaptive. Learnings from each step or milestone should help you improve the process as you go.
5. Make time for sustainment
Once you have a visible topology of workload and application communications and segmented protections in place, you’ve finally reached operational mode. Congratulations! Yet, it’s still not time to put your feet up. A segmentation deployment requires continual fine-tuning to sustain all the time, money and effort placed into it.
The bottom line is that Zero Trust Segmentation is not a silver bullet. There’s no such thing in security. But as a key enabler of defense-in-depth and mitigator of breach incidents, it’s increasingly regarded as a best practice foundation for risk-based security. That’s something all CISOs should be aware of this CSAM.
To learn more about each of these tips, check out our ebook, Secure Beyond Breach.