Welcome to the Post-Breach Era. Is Your Cyber Strategy Ready?

The enemy of a good plan? Perfection.

That’s the mindset Andrew Rubin, Illumio CEO and founder, brought to his conversation with Dark Reading’s Terry Sweeney.  

He didn’t talk about how to build the perfect defense — because it doesn’t exist. Instead, he focused on something far more powerful: how to build a strategy that works when things go wrong. Because they will go wrong.

We’re living in a post-breach world. And it’s the new baseline cybersecurity leadership must aim for in today’s threat landscape.

Watch Andrew’s full interview here:

The post-breach world is already here

Saying that we live in a post-breach world isn’t being alarmist. It’s just reality.

As Andrew put it, “The defenders are trying to be right 100% of the time. The attacker only has to be right once.”  

And with attacks growing in scale, speed, and scope — from hospitals to school districts to business big and small — the math just doesn’t work anymore.

The defenders are trying to be right 100% of the time. The attacker only has to be right once.

The idea of a post-breach world is about accepting that reality. We shouldn't give up, but we can acknowledge that even the best defenses can fail.

In Andrew’s words, “If you don’t admit the problem, you can’t possibly figure out how to solve it.” Accepting that breaches are inevitable isn’t waving the white flag. It’s step one toward resilience.

Why cyber agility is still playing catch-up

It’s easy to see attackers as more agile, and in many ways, they are. They innovate faster, move quicker, and face fewer roadblocks.  

Meanwhile, defenders often get bogged down in bureaucracy, legacy tech, or resource gaps.

But Andrew remains an optimist. “It’s hard to do this job and not be optimistic,” he said.  

He believes defenders are catching up. The mindset is shifting. Breaches like the ones we’ve seen in just the past year have been a wake-up call, pushing security teams to move faster, think differently, and prioritize agility.

If defenders want to stay relevant, let alone stay secure, they need to keep pace. That means adopting tools, strategies, and architectures that are built for speed and resilience, not just perimeter control.

Your security strategy needs a security graph

As attacks become more complex, so must our defenses. That’s where the security graph comes in.

According to Andrew, the future of cybersecurity depends on our ability to see and understand our environments as connected systems, not isolated assets. A security graph maps the relationships between users, devices, workloads, policies, and flows. It reveals how risk moves, how attackers might navigate, and what shouldn't be connected but is.

It's a concept embraced by more than just Illumio. Microsoft, Google, and others are investing in security graphs too. Why? Because you can’t secure what you don’t understand.

And with that map in place, you can start to ask the right questions:

• Why is this connection happening?
• Should it be happening?
• What happens if it’s compromised?

The role of AI in the post-breach fight

Of course, you can’t talk about cybersecurity in 2025 without talking about AI.  

Andrew was clear: AI is just a tool. It’s not inherently good or bad. But the side that uses it better will have the upper hand. And for defenders, the opportunity is huge.

“Being able to use AI to comb that graph, to understand and find things that the human brain can’t process fast enough, is an incredibly powerful tool,” he said.

At Illumio, we’re already applying AI to the security graph with Illumio Insights. It helps teams spot threats faster, contain them earlier, and minimize damage.  

According to Andrew, AI shouldn't replace human judgment, especially in your security operations. It should augment it, helping teams find the signal in an ever-growing haystack of noise.

Zero Trust was made for this moment

Zero Trust isn’t new. In fact, as Andrew reminded us, Illumio Chief Evangelist John Kindervag coined the term more than 15 years ago.

But if Zero Trust ever felt optional before, it’s now a non-negotiable.

Because in a post-breach world, the foundational Zero Trust question — “Should this connection be happening?” — is the difference between catching an attacker early and letting them roam undetected.

Too often, security teams allow traffic and access by default, then try to monitor everything in hopes of catching bad behavior. That’s backward.  

Instead, Zero Trust denies connections by default. Then allows only what’s explicitly needed.

As Andrew put it, “We’re recognizing that there are a lot of things happening in our environments that shouldn’t be or don’t need to be. Why are we allowing that to continue?”

Stop chasing perfection and start building resilience

Surviving in the post-breach world isn’t about giving up on prevention or detection. But it is about expanding our toolkit.

If we keep operating like we can block every breach, we’ll keep getting blindsided. If we build for containment and recovery by investing in segmentation, visibility, and Zero Trust controls, we can stop small intrusions from becoming catastrophic.

Andrew said it best: “Nobody says give up on defense. What we say is that’s one set of tools. Now we need another set of tools to contain these things, stop them faster, and prevent them from becoming disasters.”

The world has changed. Our strategies need to change with it.

Nobody says give up on defense. What we say is that’s one set of tools. Now we need another set of tools to contain these things, stop them faster, and prevent them from becoming disasters.

You don’t need a perfect plan. You need a good one that works, even when something goes wrong. Because something will go wrong.

We’re living in the post-breach world. Let’s stop pretending otherwise and start building the kind of cybersecurity that’s designed to thrive in it.

Want to see what an AI security graph can do for your security operation? Test drive Illumio Insights today.