Doing basic cybersecurity hygiene well goes a long way. But as we begin this year's Cybersecurity Awareness Month, it's a good time to consider the parts of your cybersecurity strategy and roadmap that you may be forgetting.
While many security teams are aware of the need for a Zero Trust approach that brings new solutions and processes into their organization, there are often overlooked considerations that can significantly impact security.
Get insight from four Illumio cybersecurity experts on the most important questions that are often overlooked by security teams, especially when they're implementing a Zero Trust Segmentation solution like Illumio.
Question #1: How can I cut through vendor hype to know exactly what my organization needs to work towards Zero Trust?
From David Lenrow, Technical Lead, Technology Exploration at Illumio:
Zero Trust is a destination, and the road to reach it is paved with reducing excess privilege.
Excess privilege is the difference between where you are and where you need to be to claim Zero Trust. So whether it’s one vendor or a combination of vendors, the integrated solution you ultimately deploy must have the ability to insert fine-grained security controls on every possible communications path across diverse hybrid and multi-cloud infrastructure.
Your critical application infrastructure isn’t homogenous, so your Zero Trust solutions can’t be either.
Do you have containers and virtual machines? Do you have Windows servers, cloud database services, IOT/OT networks, mainframe applications, and embedded/RTOS?
All of these things must have controls inserted to limit access to authorized and authenticated entities. All of these systems interoperate and thus have the potential to propagate lateral movement within and across technology domains.
And for your vendor, it’s important to know:
Do they have a multi-cloud, hybrid solution strategy and architecture?
Do they support diverse traditional IT infrastructure as well as the newest popular technology?
Do they have a history of supporting diverse operating systems, distributions, and versions?
Satisfactory answers to the above questions are necessary but not sufficient.
Because any non-greenfield deployment of Zero Trust technology will require a phased approach over time, it’s important to ask whether your chosen solution can help to accelerate and de-risk this transition:
Can the solution identify the moves that will make the biggest reductions in excess privilege with the least amount of effort and complexity?
Does it offer helper functions to assist with these moves?
Can it identify the obscure issues and corner cases that remain after the high-leverage changes have been made?
There is limited benefit in locking the doors if a determined intruder can just crawl in the window. Zero Trust means locking down all the potential access vectors, not just some or most.
You can cut through the hype by knowing the extent of your existing and planned infrastructure and asking whether your vendor(s) can handle all of the diversity and heterogeneity of equipment, software, applications and services. Then, ask how they will help you with the task of eliminating excess privilege and maintaining a Zero Trust posture going forward.
Question #2: How does my organization know if our security stack actually works in the event of a breach?
From Christer Swartz, Solutions Marketing Director at Illumio:
Once an organization has deployed a security solution, it’s critical to verify that it will work in the event of a breach. This requires simulating a cybersecurity breach and then monitoring how well the chosen cybersecurity platform protects resources across the breach’s lifecycle.
Security best practices recommend doing this using some form of penetration testing, also known as a pen test, on selected production resources.
This is a time for organizations to assess their network’s vulnerabilities and then allow either internal or external personnel – sometimes referred to as a "Tiger Team" or "ethical hackers" – to try to bypass security solutions and access internal resources. This can be done either with advance warning to internal operations teams or performed unannounced to verify the response procedures from internal operations and security teams.
There are professional pen test companies which will perform testing for customers to ensure the most skilled personnel are able to provide real data against a chosen security solution. For example, Illumio worked with pen testing firm Bishop Fox to emulate a ransomware attack, resulting in evidence that Illumio stops attacks from spreading in less than ten minutes.
While there’s no solution that will be 100 percent perfect, professional pen testing will reveal if a solution or security stack is robust enough that any breach attempts will be detected – or that cybercriminal will give up and put their efforts elsewhere when a breach is too difficult to continue.
It’s inevitable that your organization will be breached, so you need to be sure that your cybersecurity solutions can stop the spread of that breach as soon as it happens.
Question #3: Why is not prioritizing microsegmentation a mistake?
From Ron Isaacson, Senior Director, Field CTO at Illumio:
An ounce of segmentation is worth a pound of… incident response? The analogy is a little clunky, but I think it demonstrates why microsegmentation programs aren’t always the highest priority. Things can change in a hurry after there’s a security breach. But in the same way people put off their annual physicals or cities delay preventive maintenance on roads and bridges, it can be hard to advance a proactive security program.
The arguments for taking action are everywhere, though. Just open a newspaper to see the latest list of high-profile ransomware attacks and data breaches. No company or industry is immune. A significant breach can impact business operations for months, with full recovery often taking a year or longer and costs frequently running into the millions of dollars, even before taking reputational harm into account.
Businesses today should operate under the assumption that they’re going to be attacked. By some estimates, a staggering 40-50 percent of all businesses will be targeted by attackers this year, either deliberately or randomly. Would you advise a friend not to have a health insurance policy if there’s a 50 percent chance of them suffering a major illness or injury?
Think of microsegmentation like an insurance policy for your cyber wellbeing.
Investing in proactive security controls can greatly reduce the time and cost to recover from an attack. If it seems like a hard pill to swallow – just think about the alternative!
Question #4: What does it take to get application owner buy-in for microsegmentation projects?
From Kelvin Franklin, Field CTO, West at Illumio:
Everyone plays a role in securing an organization. Infrastructure and security teams usually take center stage in securing the environment, but application owners are an important component of a comprehensive defense-in-depth strategy. This has been especially true in my experience as organizations deploy microsegmentation with Illumio Zero Trust Segmentation.
First, security teams must begin by:
Demonstrating to application owners that the Illumio agent is lightweight and has minimal impact on host resources like CPU, memory, etc.
Providing application owners with expectations around how the Illumio agent will deal with host operating system patching or upgrades
Offering a general overview of how the Illumio agent works, including how it collects and makes visible system information, such as process names, IDs, flows, and the like.
Next, security and infrastructure teams must demonstrate to application owners that their goal is not only to secure the environment but to make sure applications are always available and generate a great user experience. Teams can achieve this by showing how, in conjunction with the Illumio agent, their security tools track hosts, applications, in addition to IP addresses, ports, and protocols and then making this information easily available to application owners.
It's important that application owners know they play a critical role in the security workflow.
Finally, Illumio Zero Trust Segmentation allows application owners to ringfence their applications to separate them from other applications. Ringfencing is key to controlling business continuity – but it also stops lateral movement, a key component of security breaches.
And in addition to isolating applications with Illumio, security teams can visualize how their application is communicating in the environment using the Illumio Explorer tool. This includes information on what port and protocol they are sending and receiving information.
Make sure you’re not missing anything else in your cybersecurity strategy. Contact us today for a free consultation.