Traditional approaches to cybersecurity have focused almost entirely on detection and response, but in today’s threat landscape, breaches are inevitable. According to IBM’s 2023 Cost of a Data Breach Report, the global average cost of a data breach in 2023 was $4.45 million – a 15 percent increase over the past 3 years. Data breaches are growing more expensive, and pervasive, by the year. And organizations that aren’t preparing for breaches proactively are left scrambling to secure their most critical assets post-attack.
Jamie Rossato, Chief Information Security Officer at Lion, a leading beverage company headquartered in Sydney, Australia, is taking a different approach. He’s bracing his organization for everyday cyberattacks by adopting a Zero Trust security strategy that centers around an “assume breach” mindset.
A key part of this strategy is implementing solutions designed to contain and mitigate the lateral movement of attacks, with Illumio Zero Trust Segmentation (ZTS) at the forefront of this approach. Putting a stop to malicious actors before they can breach other critical business assets ensures business operations can continue during and after an attack – and puts an actionable, pragmatic plan in place to streamline the restoration process.
Read more about how Rossato and his team are using Illumio ZTS at Lion.
Here are a few of Jamie’s top tips for organizations looking to proactively protect their people and their business operations against ransomware and breaches with Illumio ZTS.
1. See and fix vulnerabilities quickly with network visibility
For Jamie, proactive breach containment starts with gaining full visibility across the network using Illumio’s application dependency map. He wants to see where vulnerable pathways and communications exist and find ways to reduce risk before an attack happens.
“We’re not making a guess about where we have the most risk and where securing our environment will have the greatest return on investment; we’re using the data from Illumio,” Rossato explained.
By seeing communication flows across the network, Lion’s security team can get real-time insight into where potential risks exist – not just where they might be – and then see how those vulnerabilities are reduced or removed entirely after a fix is put in place.
“We’ve got confidence in the maturity of our processes because we’re not guessing – we have the real time and easy to understand data into what’s happening across our network,’” Rossato said.
With full network visibility, Lion’s security team is confident in their understanding of the organization’s risk exposure and trusts that when a breach does happen, it will be quickly contained to elicit minimal business or operational damage.
2. Share network visibility cross-functionally
For Rossato, visibility into application dependencies and network connectivity isn’t just for his security team – it’s vital that the rest of the organization can leverage this real-time visibility into their IT environments as well.
“I'm a great believer that Illumio shouldn't be a security-only tool whose console is hidden from the rest of the organization,” Rossato said. “I'm a proponent for read-only visibility into the Illumio console, for service management teams, for server teams, for application teams, because it better informs what they need to do.”
When cross-functional teams know what tools and technologies are currently in place and how they’re communicating across the network, those teams are better informed and can make better-quality decisions for the entire organization. It also reduces the number of after-the-fact fixes needed and caused by network blind spots.
“I’ve seen fewer changes and incidents arising from changes because we have visibility into exactly what’s happening on our network in real time,” Rosado explained.
And when changes and incidents do occur, there’s less impact to operations because key services are already contained with Illumio: “Even if they’re making a change, they can’t do harm.”
Without visibility from Illumio, security teams could go days, weeks – years – unaware of places their network is left wide open to ransomware attackers or a potential breach.
According to Rossato, “You really get a higher quality, more mature process as a result of using the Illumio tool day to day.”
3. Use personalized network insights to drive security improvements and initiatives
The dashboard assesses the network and delivers key insights to better prepare organizations for potential attacks, by visualizing:
How many workloads currently have critical, high, medium, or low risk of exposure
The total number of protected versus unprotected workloads
And providing a protection coverage score that rates how effective security policy is against cyber threats
“I'm someone who likes to have a target to hit,” Rossato explained. “The protection coverage score is always scary when you see it for the first time, but the trick is not to get overly concerned if it’s not where you want it to be. It’s how well can your team improve that score week-on-week.”
Rossato uses Illumio’s Ransomware Protection Dashboard as a way to fuel a continuous focus on improvement within his teams. Not only does the dashboard offer Rossato’s team vital metrics on the work they’re doing day to day, but Rossato has also added the dashboard’s metrics to his team’s weekly report, using them as a baseline to drive security initiatives.
Today’s networks are ever-changing, and proactive preparation for a breach requires “relentless improvement,” according to Rossato.
4. Implement Illumio ZTS in anticipation of a breach
While traditional firewalls can be configured to block or isolate breaches, their complexity oftentimes causes even more disruption to business operations. Both in the implementation process – which can be arduous, expensive, and cumbersome – and during day-to-day operations, hastily configured firewalls all too often err on the side of “blocking everything” without understanding the connections and services they’re impacting.
“You can often go into these containment exercises a little bit blind or not as fully informed as you need to be,” Rossato explained. “You cause a disruption by putting a security enforcement control in place that’s not well informed by what is required by the business to operate.”
But with Illumio ZTS, organizations have a baseline understanding of network flows and required connections already in place and are able to easily implement and scale Illumio ZTS within native environments.
Learn more about how Illumio helps manufacturers maintain operations during a breach.
Security teams can “very quickly put containment in place” without causing disruption to any required connections, according to Rossato. Without major changes to firewalls or pulling connections out of routers and switches, security teams can effectively isolate breaches from the rest of the environment with Illumio’s fine-grained containment policies while allowing critical connections to continue to flow. Investigation can move forward with the peace of mind that Illumio ZTS has fully contained the breach, giving security teams more time to restore the affected environment if needed.
“What will make your post-breach life easier? Illumio will,” Rossato said.
Keep reading about how Lion is implementing Illumio ZTS here.
Contact us today to learn more about how Illumio can prepare your organization for a breach.