Ransomware Containment

Why Protecting Your OT Doesn’t Require Layer 7 Deep Packet Inspection

Layer 7 deep packet inspection (DPI) has a long history in the security industry.

Many DPI vendors stress that you need to know malware’s intentions to block it from breaching the network. They say you need to be able to peer deep into the mind of the cybercriminal to understand their next move and stop an attack.

But there are environments that are virtually impossible to get deep visibility into, including operational technology (OT), internet of things (IoT), supervisory control and data acquisition (SCADA) networks, or telecom 5G core (5GC) networks.

Organizations are deploying these kinds of environments with increasing frequency, but they’re still relying on DPI technology to secure them.

If Layer 7 DPI can’t get visibility into these kinds of environments, how will they stop a breach?

There’s a better answer for preventing the spread of a breach: Zero Trust Segmentation.

Stopping breach spread without deep packet inspection

You could deploy a complex DPI solution to sit in-line of network traffic, copy all packets, crack them open to learn the intentions of the malware, and then use complex behavioral analytics to gather a lot of intelligence into the intentions of the breach.

This is all while running the risk that DPI isn’t getting visibility into traffic for your OT, IoT, and SCADA or 5GC networks.

But Zero Trust Segmentation (ZTS) doesn't do any of that – by design.

With ZTS, you don’t need to care about malware’s intentions or cybercriminals’ psychology. Layer 7 DPI doesn’t matter to secure against breaches.

ZTS only cares about one thing: immediately stopping any and all lateral movement which is the way malware spreads through a network. This is true even for OT, IoT, and SCADA or 5GC network traffic.

How Zero Trust Segmentation works

The key to how ZTS blocks and contains nearly all malware comes down to the fact that all malware likes to move.

Whatever kind of malware your environment gets hit with – and whether it’s from a nation-state attack or some opportunistic teenager – ZTS will block the malware’s command-and-control communication and slam the doors shut between segmented environments. This means the malware can’t go anywhere else in your network.

That first resource which is hijacked then becomes like a rat trapped in a cage, with all doors in and out locked shut.

The most important part? ZTS stopped the attack from spreading without needing to know that that rat was trying to accomplish. Stopping an attack with DPI would have used valuable time, and quick-moving malware would have taken advantage of it.

The way ZTS stops the spread of a breach also aligns with DevOps best practices: Maintain uptime of all resources with an instant kill-and-redeploy approach.

With ZTS, you can contain a breach, spin up a new instance, and restore it quickly.

And when you’re back in business, you can spend the time doing deeper forensics on the quarantined system to understand what it was trying to do.

Protecting OT resources: Illumio’s partnership with Armis and Cylera

Illumio has partnered with Armis and Cylera to offer Zero Trust Segmentation for OT resources.

Illumio gets access to Armis' and Cylera’s inventories of factory and medical OT resources. With this information, Illumio helps organizations deploy our lightweight agent, the virtual enforcement node (VEN), as close to OT resources as possible.

This enables Illumio to control communication flows between OT resources, locking it down to a Zero Trust, least-privilege model.

Illumio offers Zero Trust Segmentation without Layer 7 complexity

Layer 7 DPI offers important information – but not for blocking the lateral movement of a breach.

You don’t need deep visibility into every packet nor an understanding of proprietary signaling deep inside of OT or SCADA to stop breaches.

Stop the spread before pulling out the magnifying glass to peer deep into the mind of the cybercriminal.

Learn how Illumio provides Zero Trust Segmentation without the weight or complexity of Layer 7 DPI:

Related topics

Related articles

How to Stop RDP-Based Ransomware Attacks With Illumio
Ransomware Containment

How to Stop RDP-Based Ransomware Attacks With Illumio

Assessing Vulnerabilities to Stop Ransomware
Ransomware Containment

Assessing Vulnerabilities to Stop Ransomware

What to Do in a Cyber Incident: Technical Response
Ransomware Containment

What to Do in a Cyber Incident: Technical Response

No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?