Who likes mergers and acquisitions? Not cybersecurity professionals. For them, these deals add complexity almost overnight: new networks, new applications, and new requirements for security training.
That was the case at Telhio Credit Union. Formed in 1934, this financial institution provides banking, loans, wealth management, and other services to residents and businesses in central and southwestern Ohio (US).
Based in Columbus, Telhio has expanded rapidly by acquiring other companies. With these deals, the credit union has nearly doubled its asset base, increasing from approximately $700 million five years ago to $1.3 billion today. Along the way, Telhio also elevated its industry ranking, becoming Ohio’s fourth largest credit union.
While these mergers have been good for Telhio's growth, they have created IT complexity. That includes the introduction of incompatible networks and new, unvetted computing infrastructure, applications, and devices.
Stopping breaches from spreading
Some of Telhio’s challenges come down to numbers. Though the company has some 260 employees, there are only 13 IT staff. As for cybersecurity, that’s the responsibility of a very small team.
In addition to the security exposure caused by mergers, David Ault, Telhio’s vice president of information security, and Telhio’s security team faced a growing concern: the threat of ransomware and what’s known as lateral movement. This occurs when malware or hackers breach a network, then move from system to system in search of valuable data and computing resources.
Telhio, like many companies, was already doing a good job of defending and monitoring its network perimeter. But Ault knew that breaches were unavoidable, such as when an employee is tricked into clicking on a malicious link in a phishing email.
To protect against the spread of breaches, Ault said he needed to understand all the possible paths of travel for attackers and the power to prevent them from reaching other systems and stealing or encrypting valuable data.
He was most concerned about defending the digital heart of Telhio's business, its data center with more than 120 virtual servers that house most of the company's critical back-office applications for its operations, as well as its customer-facing retail applications (website, mobile banking, etc.)
Ault also wanted to ensure that any infected employee workstation would not provide an easy path for attackers to move deeper into the network.
Building Zero Trust defenses
Ault's situation reflects the new security reality for any business. In the last few years, cybersecurity professionals have learned that preventing all breaches in today's dissolving network perimeter is virtually impossible.
In response, many security experts, including Ault, are turning to Zero Trust Segmentation. Essentially, this uses native network and device firewalls to isolate applications, workloads, systems, or environments to only essential traffic.
If and when an IT asset is attacked, Zero Trust Segmentation limits the damage by preventing malware or hacker from moving to other parts of a network. In addition, the infected system can be safely taken offline, cleansed of its malware, and then either returned to operation or replaced.
But Ault knew that for Telhio's Zero Trust Segmentation approach to work, he'd need a new kind of security platform. His traditional stack of security tools (antivirus, network firewalls, application monitoring, etc.) simply couldn't address this capability. The issue was scale.
“If we had just a few systems, it wouldn't be a big deal,” Ault said. “You could jump on an endpoint and look at its traffic logs and turn on a firewall. But as we scaled to 50, then 100, then 1,000 machines, it quickly became unviable. So I asked: How can we manage the built-in firewalls of our machines regardless of how many there are?"
Living up to the scalability promise
Ault heard about Illumio from a colleague and decided to test it out in a trial with 20 servers and 70 workstations. The results were convincing.
“In the 23 years that I’ve been in the IT industry, there have really only been three products that have lived up to the marketing hype,” Ault said. “And Illumio is one of them.”
Now that Illumio is deployed at Telhio, Ault said that Illumio's scalability and testing capabilities have been “amazing.”
Illumio has allowed him to see what impact a new policy would have on his applications, servers, and workstations before that policy is implemented.
“That's what really differentiates Illumio from other products,” he said. "It allows us to implement segmentation safely."
Other organizations are finding the same. A recent report from research group ESG found that Zero Trust Segmentation saves organizations an average of $20 million in annual costs by avoiding application downtime.
For example, this feature helped Ault secure chat software that could have created a pathway for a cyberattack. The software’s vendor provided a list of ports needed by the application, but that list was incomplete.
Ault used Illumio to identify which ports were missed, then refactor the rule set to allow for them and block all others, with no impact on the availability or performance of the chat application.
Even better, Ault said: “It was quick and easy.”
Protecting, not interfering
Illumio met another of Ault's top requirements: He didn't want to add to the complexity of network management. Telhio is mainly a Microsoft shop, and it uses Microsoft's firewall and related security tools.
"One of my goals was to not add a product that would interfere or be in the middle of our software stack," Ault said. "Illumio fit the bill. Its agent doesn't interact with our traffic. It just pulls our logs and applies Microsoft's rules to its firewall."
Over the first six months of Telhio's Illumio implementation, Ault monitored the tool closely and determined that Illumio never interfered with any of Telhio's software.
"As a result, our IT department has become very comfortable with the idea of Illumio's agent being installed on our servers and controlling access to their applications," Ault said.
Illumio also helps Ault with the tricky task of identifying system-to-system dependencies. That's especially difficult when Telhio is incorporating new systems from an acquired company.
"I've got a couple of other products that monitor traffic, but it's just reams of logs," Ault said. "With Illumio's real-time, graphical view, I can very easily see which systems are connected and over which ports. That makes it simple to identify traffic patterns, which in turn lets us build appropriate policies."
With Illumio, Ault has been able to improve Telhio's Cyber Resilience against ransomware and other attacks without slowing its business down.
"Thanks to Illumio, we've been able to grow without also increasing our security exposure," Ault said. "That's all I could ask for."
Illumio can help your organization achieve Zero Trust without complexity: