January 13, 2016

Cybersecurity Beyond the High Wall

Nathaniel Gleicher,

Find me on:


Editor's note: Today we welcome Nathaniel Gleicher to Illumio as the company's first Head of Cybersecurity Strategy. We asked him why he joined Illumio, and here's what he told us:


The geography of the data center and the cloud favors attackers. Attackers can move quickly, exploit perimeter weaknesses to get inside, and be extremely difficult to contain once they’re in. If we can’t rebalance the playing field between defenders and attackers, all of our other innovations won’t change much—a marginal increase in security doesn’t help that much if you’re still an order of magnitude behind. 


My goal in coming out to Silicon Valley was to join a company that was doing something innovative enough to break out of our existing models for cybersecurity, and correct this imbalance—to make defenders as fast and agile as attackers. The cool thing about Illumio is that it gives defenders strategic vision across their data centers and cloud deployment, and helps them react in real time to attackers. It’s the best architecture that I’ve seen to help defenders keep ahead of the attackers.


Welcome, Nathaniel!


Many security teams today still defend their systems with a single virtual wall surrounding an open internal network. Even as evidence mounts and experts call for security teams to focus more on the interior, this approach remains popular. The persistence of this approach relies in part on the image of a medieval fortress with its high walls—build the walls high enough, the thinking goes, and the rest will take care of itself. But that’s not how medieval fortresses were defended.

Cybersecurity Beyond the High Wall

To illuminate this point, it may be helpful to look at one of the greatest sieges in history: the capture of Rhodes in 1523. Although accounts differ, most agree that a few thousand defenders held their city against a vastly superior force of between 80,000 and 200,000 attackers for six months. The conflict ended in stalemate, with the defenders leaving under a flag of truce. The defenders were too few to eject the attackers, but their tactics had been so successful that, despite the lopsided odds, the cost of a final assault would be impossibly high. The two sides negotiated a truce, and the defenders were permitted to leave in peace.

Medieval defenders, with their lives and the lives of their families on the line, knew that the battle wasn’t over at the first breach.

Over the course of the siege, the attackers repeatedly broke through the outer walls. But each time, the defenders shifted to pre-built internal fortifications or rapidly constructed makeshift defenses, and the attackers were unable to press their advantage.

Medieval defenders, with their lives and the lives of their families on the line, knew that the battle wasn’t over at the first breach. They built their fortresses with rings of walls, interior keeps, and exterior bastions—overlapping defenses that meant that they could respond to a breach by falling back, isolating the intruders, and bringing in extra resources to kick them back out.

This same pattern is repeated time and again throughout history—only the simplest or crudest fortifications have just an outer wall. The more sophisticated the defense, the more layered the defenses. This is a particularly useful lesson for cybersecurity defenders, because the march of breaches over the last few years has made it increasingly clear how hard it is for anyone to guarantee that they can prevent an intrusion. A pattern has emerged here as well: attackers leverage social engineering to enter a network, and then use days, weeks, or even months to map out the network, get to the crown jewels, and then escape with them.

We might be able to mitigate some of this threat by locking down our perimeters, but security teams are already under constant pressure to open up, not lock down. And, whatever steps we take, as long as attackers can target humans in addition to machines (e.g., phishing attacks), they will always find ways in. No siege engineer would design a fortress based on the presumption that its walls would never be breached, yet we continue to design our network security systems based on this very principle, even though network walls are far more permeable than their stone analogs.

Jean Parisot de Valette

Instead, cybersecurity defenders should be as focused on securing the interior of their data centers and clouds as they are on protecting the perimeter. The most effective architectures for securing the interior will give defenders strategic vision across their infrastructure, helping them quickly identify emerging threats and vulnerabilities. They will provide granular and adaptive segmentation to drastically reduce the attack surface within their data centers and clouds. And, in an era of changing infrastructure, they will enable defenders to adapt quickly—absorbing and securing new hardware as the data center expands. Combined, these capabilities will help defenders be as agile and adaptable as their attackers, and quickly respond to even those threats that breach the perimeter.

Cybersecurity defenders should be as focused on securing the interior of their data centers and clouds as they are on protecting the perimeter.

One of the defenders that left Rhodes under a flag of truce was a young knight named Jean Parisot de Valette. Forty years later, Valette would once again face down an overwhelming invasion force, this time on the island of Malta. Drawing on the defensive lessons of Rhodes, Valette resisted the attack for months, until the invaders were forced to flee the field.

The lesson of the battles of Rhodes and Malta is simple: a breach isn’t the end of the assault, and defenders should never pin their security on a single, high wall. If we are going to analogize cybersecurity to military strategy, let’s make sure we learn the right lessons, and secure the interior of our data centers and clouds as carefully as we protect our perimeter.

Topics: Adaptive Security

Share this post: