/
Produits Illumio

Des serveurs aux terminaux : les avantages de l'extension de ZTS à vos appareils les plus vulnérables

Around 76% of organizations experienced a ransomware attack in the last two years. Locking down the data center is not enough to completely reduce this risk.

Zero Trust Segmentation (ZTS) is crucial for any cyber resilience strategy to prevent ransomware or other breaches from spreading. Traditionally, segmentation has been applied to the physical network with a focus on the data center — but as some recent breaches have proven, the risk from ransomware is still looming.

The importance of extending a best practice from the data center to end-user devices is becoming critical.

Why extend segmentation to endpoints?

Endpoints are by many metrics the weakest link in an organization's security posture, partly because of the nature of endpoint devices but also because users are vulnerable to attacks. Knowing this, we shouldn't be surprised that IDC says that 70% of breaches start at the endpoint.

Hybrid work isn't disappearing anytime soon, and employees' laptops are exposed to a wide set of devices within networks not managed by IT. This results in an increased risk profile when one of these devices connects back into the corporate network.

But it doesn't stop with the increased unmanaged attack surface — endpoints are also more prone to security breaches due to:

  • Phishing attacks: Threat actors using email to trick users into clicking on malicious links
  • Social engineering: The art of tricking users into performing certain actions like sharing credentials
  • Outdated software: Without proper patch management many users postpone updates
  • Weak passwords: Users often use weak passwords that can be easily guessed or hacked, providing an easy entry point

By extending segmentation to endpoints, organizations can protect their assets by preventing any spread from the inevitably breached endpoint.

The best part? This provides proactive security without relying on detection, meaning that even with credential theft or a zero-day exploit, your high-value targets in the data center are still secured.

Quick ROI: Endpoint segmentation with Illumio

Illumio Endpoint provides ZTS for all workstations, laptops (including MacBooks), and VDIs from one single console.

By first providing visibility into all network traffic, including remote users, rule building is easy for a quick ROI that compliments existing EDR investments. With just a few simple rules, your security team can achieve quick wins by blocking all peer-to-peer connections between endpoints so ransomware can't spread. In case admins still need to RDP into these endpoints, exceptions can be made with a few more clicks.

By having all endpoint and server traffic visible in a single console, advanced rules can be created so only certain groups can access certain workloads (e.g., only Finance AD users can get access to the finance application).

Once you have visibility over all network traffic, not just in logs but in an interactive map, troubleshooting and rule building is a breeze.

With Illumio Endpoint you can:

  • Visualize endpoint traffic anywhere: From home or the office, quickly assess and mitigate risk by seeing all network traffic
  • Control application access: Don't expose endpoints to the data center — only allow defined users access to the right applications
  • Secure endpoint exposure: Isolate cyberattacks to a single device — even before the attack is detected by other security tools
illumio-endpoint-diagram

Enter the containment era with Illumio Endpoint

Endpoint security has long been in the detection era. By extending segmentation to endpoints, organizations can better protect against novel attacks, and in doing so, decrease the threat users pose to business-critical applications.

Embracing endpoint segmentation means you can move into the era of containment that's purpose built for forward-leaning security teams who have adopted an "assume breach" mindset.

Learn more about Illumio Endpoint here.

Contact us today to learn more about Illumio Endpoint with a free demo and consultation.

Sujets connexes

Articles connexes

Nano-segmentation : de quoi s'agit-il ?
Produits Illumio

Nano-segmentation : de quoi s'agit-il ?

La nano-segmentation permet aux entreprises de segmenter les applications de la manière la plus granulaire possible. Idéalement, réduire le besoin de « définir l'agitation ».

Luttez plus rapidement contre les rançongiciels : visibilité centralisée des limites d'application
Produits Illumio

Luttez plus rapidement contre les rançongiciels : visibilité centralisée des limites d'application

Une véritable architecture de segmentation Zero Trust repousse les limites de confiance directement en ce qui concerne les charges de travail des applications individuelles. C'est pourquoi le modèle de sécurité par liste d'autorisation d'Illumio vous permet d'autoriser uniquement le trafic dont vos charges de travail ont besoin, en refusant tout le reste par défaut.

Illumio est à Las Vegas pour Black Hat 2022
Produits Illumio

Illumio est à Las Vegas pour Black Hat 2022

Stop by Booth #984 or access the Virtual Platform to see Illumio at Black Hat 2022.

Comment augmenter le retour sur investissement de la cybersécurité : combinez ZTS et EDR
Segmentation Zero Trust

Comment augmenter le retour sur investissement de la cybersécurité : combinez ZTS et EDR

Découvrez comment la combinaison de ZTS et d'EDR vous permet de mieux vous protéger contre les menaces avancées et de réduire le risque de détection différée.

Pourquoi Zero Trust pour améliorer la sécurité des terminaux ?
Segmentation Zero Trust

Pourquoi Zero Trust pour améliorer la sécurité des terminaux ?

Pourquoi la mise en œuvre et l'application de Zero Trust pour la sécurité des terminaux en interne, ainsi que pour le nombre énorme (et croissant) de travailleurs à distance constituent une meilleure solution.

Assume Breach.
Minimisez l'impact.
Augmentez la résilience.

Vous souhaitez en savoir plus sur la segmentation Zero Trust ?