Adaptive Segmentationmicro-segmentation November 2, 2022

Why Hackers Love Endpoints – and How to Stop Their Spread with Illumio Endpoint

Nathanael Iversen, Chief Evangelist

Servers don’t click on malware links – users do.

The move to cloud applications has reduced the amount of valuable information on a typical employee laptop. But it remains true that the most common attack vector is against users and their endpoint devices.

Hackers' typical attack pattern is to establish a foothold and console access on an endpoint. Then, over weeks, they will carefully spread out from that point to other endpoints, and ideally into the data center.

By the time a ransomware payload detonates, the compromise is likely weeks old.

Isn’t there a better way?

With Zero Trust Segmentation (ZTS), you can stop the spread of ransomware and breaches from endpoints.

 

Traditional security leaves endpoints wide open to hackers

What would any recent victim of a cyberattack wish they’d have done before the attack?

They’d likely wish they had locked down open communication pathways to prevent spread. And they’d probably want some pre-positioned policies in place to isolate the infection and end-user devices from critical servers.

Let’s first consider how user endpoints are typically configured before a breach.

In a typical environment, endpoints have an endpoint and detection response (EDR) solution, antivirus, and other security controls. The built-in Windows or Mac OS X firewalls probably have a fairly default configuration – perhaps some broad corporate policy will be active.

But in many cases, as long as the VPN is open, broad access to the data center and core servers is available. For machines on the corporate network, access is usually even more open.

In most organizations, network access control (NAC) authenticates users access to the network, but it doesn’t provide identity-based control of what can be done on the network.

So, when a machine is compromised and the attacker evades detection, there is little resistance to reaching out to other endpoints or even into the data center.

In contrast, Zero Trust Segmentation puts controls in place to proactively and reactively stop the spread of ransomware and breaches on the network.

Proactively prepare for breaches with ZTS controls

Before a breach, Zero Trust Segmentation is the best complement for existing EDR, antivirus, and other security tools running on the endpoint. ZTS closes unnecessary, risky, and commonly abused ports, radically reducing the potential spread.

Oftentimes, Windows and Mac OS X endpoints have little need for peer-to-peer connections using remote desktop protocol (RDP), server message block (SMB), and other frequently used vectors. When these are blocked, or limited to only the necessary destinations, opportunities for spread go down exponentially.

The harder it is for an attacker to “get off box” to a new destination, the more time and opportunity exists for the security stack to discover the malicious activity.

Security testing firm Bishop Fox recently found that deploying Illumio Zero Trust Segmentation alongside EDR resulted in four times faster detection and radically reduced breach spread.

Reactively stop breach spread when it happens with ZTS

What happens immediately after the breach is discovered?

In the horrifying instant that the team realizes they have a breach to clean up, the very first need is for segmentation.

The endpoints and servers need to be quickly marked as “clean” or “compromised,” and hard walls need to go up between the segments to prevent further contamination.

Zero Trust Segmentation is like the fire doors swinging shut in the hallways of a building, creating safe escape zones and containing fire and smoke.

You need those same fire doors for our endpoints!

With Zero Trust Segmentation, organizations can pre-position “fire door” policies that can be activated in an instant. It allows you to isolate groups of endpoints and limit their access to the most critical systems and locations.

Implementing Illumio ZTS on endpoints is fast and easy

The best news is that deploying Zero Trust Segmentation to endpoints is simple.

A typical user endpoint has radically less complexity than a typical data center server. As more and more endpoints become web browser access terminals, the need for broad IP connectivity into the data center or to other endpoints goes down.

Even in the case of connection to important servers like Active Directory Servers, it is rare for endpoint devices to need more than a modest handful of open ports instead of thousands.

Templates and automation mean that most organizations can get results in a few minutes or hours that radically lower endpoint risk. In fact, Illumio has seen deployments of tens of thousands of endpoints completed in a few weeks after purchase.

Illumio Vulnerability Exposure Score: Proving segmentation policy effectiveness

Endpoints have more risk of compromise than the average data center server because they have to be used by humans interactively.

And everyone knows that segmentation is “good security” for endpoints, but how good? Illumio Zero Trust Segmentation quantifies and reports its risk reduction for you.

Illumio ZTS works in conjunction with vulnerability scanning tools to assess how network connectivity exposes or restricts access to those vulnerabilities.

The result is computed as the Illumio Vulnerability Exposure Score (VES). The higher the score, the more vulnerable your network is; the less exposure to vulnerabilities you have, the lower the score.

With Illumio ZTS, every segmentation policy is evaluated against risk and quantified.

Benefits of Illumio Endpoint

Zero Trust Segmentation belongs on endpoints to stop the spread of ransomware and breaches.

Before a breach, ZTS extends the existing endpoint security suite by limiting network connectivity to only that which is necessary.

Common attack vectors, risky ports, and unused ports are all shut down and unavailable to attackers.

Then during a breach, Zero Trust Segmentation provides critical incident response capabilities to isolate compromised machines and protect uninfected systems.

With Illumio Endpoint, you can:

  • Rapidly deploy ZTS to endpoints and deliver results almost immediately – with proven and quantifiable risk reduction.
  • Stop the spread of ransomware and breaches proactively before they happen by reducing connectivity to only essential pathways.
  • Improve incident response by isolating clean and compromised machines and deploying “fire doors” to quickly stop breach spread and protect critical systems.

Zero Trust Segmentation is the best security upgrade you can give your endpoints.

Want to learn more about Illumio Endpoint?

Adaptive Segmentationmicro-segmentation
Share this post: