/
Illumio Products

Fight Ransomware Fast With Enforcement Boundaries

You have two main ways to fight ransomware. You can either be proactive, working to block future attacks. Or you can be reactive, responding to an active breach.

Either way, you can now get powerful, fast help from a key feature in the Illumio product suite: Enforcement Boundaries.

To understand how Enforcement Boundaries can help you fight ransomware, you need to know an important fact about ransomware: Most attacks take advantage of the way operating systems listen to open ports, such as SMB (server message block) and RDP (remote desktop protocol) ports. Once the malware finds an open port, it can easily propagate across your network and deploy its encryption payload.

But what if you could put a virtual firewall around every workload — that is, every OS or application instance? That’s what Enforcement Boundaries do. They essentially transform every workload into a Zero Trust segment, allowing you to put a perimeter around any port, workload, group of workloads, and/or IP range.

What’s more, you can do this without changing the network. You never need to worry about conflicts. And you can do it quickly and easily, whether for 100 workloads, 100,000 or any number in between.

Taking proactive and reactive approaches

For a proactive approach — one that blocks ransomware attacks — Enforcement Boundaries can let you create a deny-list that blocks only specific traffic and common ports used by attackers. For example, you might specify “no Telnet connections.” With Enforcement Boundaries, you’d quickly achieve 100 percent compliance. And without needing to create a single Zero Trust rule.

But what if you’ve already been compromised? Now you need a reactive approach. Enforcement Boundaries can also help, this time by controlling well-known attack pathways and limiting access to risky ports. In essence, you’ll create a virtual fence around infected workloads, preventing the ransomware from spreading and thereby limiting its impact.

What’s more, you can use Enforcement Boundaries for either reactive and proactive measures in minutes, even across thousands of machines. That’s important because every minute counts when it comes to protecting and restoring a breached network.

Finally, Enforcement Boundaries can be used to protect a variety of IT infrastructures. This includes bare metal servers, virtual machines and containers.

Illumio's approach

Illumio’s approach to Enforcement Boundaries is much faster and easier to deploy than a full-fledged Zero Trust implementation. With Zero Trust, your “allow-list” policy must be perfect before it can be enforced. That’s far from easy.

Even harder is getting everyone to agree that the policy is completely correct for every core service, workload and application. By contrast, Enforcement Boundaries can be set and deployed in mere minutes.

For example, to control ports used by ransomware, you can simply place an Enforcement Boundary on every workload, thereby protecting all core and management services.

Proactively, your workloads would still be permitted to talk with appropriate core services, but not to each other on the core service port.

And reactively, you’d eliminate the most common pathways of travel for ransomware while also securing your core services against "east-west" attacks.

Illumio’s approach to Enforcement Boundaries gives you another benefit, too. We use a declarative model that only requires you to define the “what” – that is, what you want to block. Illumio then takes care of the “how.”

It’s like asking an Alexa device, “Play music.” You don’t need to know how it works. You only need to tell it what you want it to do.

Illumio also lets you test and simulate Enforcement Boundaries before deploying.

With Illumio Enforcement Boundaries, say goodbye to “deploy and pray” and hello to “this just works.”

Whether you need cybersecurity that’s proactive or reactive, Enforcement Boundaries can help. Learn more about fighting ransomware with Illumio:

Related topics

No items found.

Related articles

Cloud Traffic Monitoring and Control Made Better
Illumio Products

Cloud Traffic Monitoring and Control Made Better

With Illumio Core, Illumio is the acknowledged leader in Zero Trust segmentation for on-premises data centers and systems.

Your Endpoints Are Talking Behind Your Back
Illumio Products

Your Endpoints Are Talking Behind Your Back

Learn why endpoint security tools aren't always securing against lateral movement and how Illumio Endpoint can help fill the gap.

Why Hackers Love Endpoints — and How to Stop Their Spread with Illumio Endpoint
Illumio Products

Why Hackers Love Endpoints — and How to Stop Their Spread with Illumio Endpoint

Traditional security leaves endpoints wide open to hackers. Learn how to proactively prepare for breaches with Illumio Endpoint.

No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?