Zero Trust Segmentation: Stopping Breaches From Becoming Catastrophes

global cybersecurity

Interview with Adam Brady, Director, Systems Engineering, EMEA at Illumio 

Zero trust security is a key strategy to protect corporate IT assets. But continuously authenticating users within a network is impractical and would result in isolating the organisation’s various network systems and resources. Enter zero trust segmentation (ZTS), which permits any intrusion to be contained and controlled, as Adam Brady of Illumio explains. 

Thanks for meeting with us today, Mr Brady! Before we dive deeper, would you mind briefly explaining to our readers what Illumio is and the goal behind it? 

Illumio is a global cybersecurity solution provider and zero trust segmentation (ZTS) company. We provide the only proven segmentation platform purpose-built for zero trust security. This enables organisations to achieve full visibility of all traffic flows within their enterprise networks, making it easy to set and enforce segmentation policy and reduce risk at scale.  

Our mission is to prevent breaches from becoming catastrophes. The goal is simple – to stop cyber disasters from spreading and increase cyber resilience for all, whether it be for SMEs or Fortune 100 companies. Cyberattacks are now inevitable in today’s hyperconnected and multi–cloud landscape, so we want to help organisations mitigate and contain the impact of any breach, while protecting their most valuable assets.  

With our state-of-the-art technology, customers can automatically set granular segmentation policies to manage system or device communications and proactively isolate high-value assets and compromised systems in response to active cyberattacks. So, even when an attack like ransomware does occur, the network isolates the bad actors and contains the breach within the initial point of impact. Our clients can rest assured that their critical assets and business operations are not impacted.  

In this time of increasing ransomware and cybercrime, Illumio provides the only proven segmentation product suite purpose-built for zero trust security. For those who may not have heard the term, what is zero trust segmentation?

Even when an attack like ransomware does occur, the network isolates the bad actors and contains the breach within the initial point of impact.

Zero trust segmentation is the fine-grained control of applications, communications, and user access across hybrid IT. It’s an approach based on the zero trust principle of “assume breach” and divides an enterprise network, data centre, cloud environment, or endpoint estate into smaller segments. Each segment has its own access and authentication policies, where user identities, devices, and network configurations are validated every time a user requests access.    

You can think of ZTS as a hotel. The hotel entrance is the perimeter, and, if someone gets into the hotel lobby (bypassing firewall defences), they don’t automatically have access to rooms. Guests have their own unique key cards with access to only the floors and room they need. So, if you should check out at 11:00 a.m. and you try to access your room at 11:30 a.m., you won’t gain access, and you will need to go to the front desk and get re-verified. ZTS functions in the same way, dividing endpoints, clouds, and data centres into segments to protect them from potential threats.   

So, even if threat actors compromise a specific network segment, they cannot gain access to the rest of the network. The attack is contained and more quickly remediated, with less damage to the business. 

How important is it for organisations, beyond the buzzword? 

ZTS is a foundational pillar of any zero trust architecture (an information security model that denies access to resources, applications, and data by default).  Zero trust is also a strategy advocated by governments and regulators as the only true solution to mitigating the impact of sophisticated cyberattacks.  

Most organisations recognise the importance of zero trust as a strategy. In fact, global research from Illumio shows that 90 per cent of businesses see advancing zero trust as a top-three cybersecurity priority. However, only 30 per cent rate segmentation as critical to their zero trust initiative, which suggests a lack of understanding of ZTS within businesses. It’s impossible to achieve true zero trust without ZTS. You can’t continuously authenticate the users within a network without isolating different network systems or resources from each other. That’s why ZTS is critical.   

Currently, most businesses still deploy a detection or prevention-based security strategy. However, we are living in an era of advanced persistent threats. Attacks are fast, swift, and often occur from unmonitored endpoints. So, by the time an organisation discovers and responds to an attack, it’s often too late. ZTS ensures that, when a breach occurs, adversaries can be quickly isolated before they traverse through different systems and inflict severe damage. Research from Bishop Fox shows that ZTS stops attacks from spreading in 10 minutes, nearly four times faster than detection and response capabilities alone.   

There are also huge business benefits from ZTS, with those that have implemented it more likely to avoid critical outages, save millions in downtime cost, and accelerate digital transformation. 

Zero trust network access (ZTNA) is perhaps the biggest category of product spinning out of the zero trust space, and we’re seeing that it’s become a highly competitive market. Where does Illumio position itself in the ZTNA space?  

ZTS and ZTNA work together to form two-thirds of the zero trust puzzle. ZTNA contains breaches from accessing certain areas of the network, but it is ZTS that ensures that when something bad gets inside (and it will), organisations can limit how far it can run across the environment – effectively reducing the attack surface.   

So far, most organisations have focused their attention on ZTNA, driven largely by the rush to secure and regulate remote access in the pandemic. But now the focus is shifting to ZTS. Leveraging the two in tandem allows organisations achieve an even more robust security posture.  

That’s why, earlier this year, we partnered with Appgate, one of the leaders in the ZTNA space. Our integrated solution enables organisations to deploy an end-to-end zero trust architecture and protect their critical assets from both internal and external network threats, while reducing the need for numerous point solutions.   

Are the challenges around securing user and device identities fairly consistent across organisations of different sizes, or do you see more specific trends?

Any business that has a hybrid IT environment faces an equal challenge in ensuring effective, comprehensive security. However, enterprises that maintain large networks, wider remote workforces, and more third-party connections understandably will face more challenges compared to SMEs that might have a closer-knit network. Importantly, the impact of attacks can be just as crippling for SMEs, who often operate on a tight financial leash and with limited resources. 

Threat actors often look for stale or compromised accounts connected to wider networks or unsecured devices remotely connected to organisational repositories. Illicit resources have become so advanced today that attackers leverage automated tools for scanning the web for unsecured and compromised identities. From there, it’s a relatively simple task to abuse access privileges, gain access to critical resources, and deploy ransomware. 

A data breach can happen to both companies and individuals. Do you think paying ransomware funds the activity?  

Companies often pay the ransom because they want a quick resolution. In some cases, organisations feel that paying the ransom is the only option, as they don’t have any other means such as backups or recovery solutions to regain their data. They want to avoid suffering any prolonged downtime or risk having sensitive data exposed to the public. However, over 40 per cent of companies that paid the ransom in previous attacks failed to recover all of their data.  

Paying the ransom also motivates criminals to launch future attacks. Research from Cybereason suggested that 80 per cent of organisations that previously paid ransom demands became exposed to a second attack. So, the fact that companies are still meeting ransomware demands is in some part fuelling the ransomware crisis.  

The clear message from industry leaders and governments is that paying ransoms is strongly discouraged. But even then, we can’t expect ransomware to go away entirely anytime soon. That’s why the focus must be on building resilience and minimising the impact of such attacks. 

When talking about ransomware attacks, you mentioned an importance in shifting from a mindset of “find and fix” to “limit and contain”.

Organisations feel that paying the ransom is the only option, as they don’t have any other means such as backups or recovery solutions to regain their data.

The traditional approach to cybersecurity has always been to find and fix the problem. However, this is no longer practical. Companies are constantly increasing their network parameters by introducing more endpoints. At the same time, threat actors are rapidly innovating, leveraging new attack tactics and tools.  

Organisations must focus instead on stopping the spread of attacks and minimising the impact of a breach. This is what we call a “limit and contain” mindset, which aligns with the “assume breach” focus of zero trust. With most attacks initiated and escalated through compromise or misuse of privileged accounts, a “limit and contain” approach is critical – shifting defence strategies from a passive to an active framework.   

What are some proactive steps any organisation, government, or otherwise can implement to contain breaches early on and mitigate damage? 

The first step is to implement a zero trust strategy that eliminates automatic access and implicit trust from any source, inside or outside your network. Adopting an allow/deny list model that authenticates users and communications on an individual basis regardless of their origin will better contain breaches and mitigate damage.  

Next, identify your most critical assets. When implementing a security strategy and solution, prioritise the assets you want to secure the most. So, start by identifying assets that can cause significant downtime or financial loss if compromised, and then segment those away from vulnerable networks and pathways accordingly.   

From there, adopt an “assume breach” mentality and segment everything. You should operate under the assumption that attackers are already in your networks and in your supply chain. If you don’t want them to have access to everything, then ZTS is vital. Additionally, look for tools and technologies that help eliminate gaps in the security stack. Invest in adaptive, scalable technologies that contain breaches. That way, when perimeter defences fail, the bulk of business can continue as usual. That is resilience, and that is the ultimate goal.  

What advice would you give to organisations that are perhaps currently using a VPN or who are considering implementing a zero trust network access solution? What are the best steps to get started?

The best advice for any organisation would be to start your zero trust journey now. We are at a time when threat actors are rapidly evolving and innovating their tactics and technologies, so time is of the essence. ZTS is the only proven and validated approach to achieving cyber resilience at a scale. So, the faster you start, the faster you can start building resilience against attacks like ransomware.     

Also, account for your business growth, as you can expect the threat landscape to evolve and widen as well. As you build out your zero trust plans, ensure that you’re accounting for solutions that enable business growth while limiting risk exposure.   

What exciting things are going on at Illumio right now?

There’s a lot of exciting stuff happening right now. We’re continuing to put a lot of work into evolving our solution to better serve the needs of our customers in different-sized businesses and environments. This is a really important development, as traditionally ZTS has been seen as inaccessible to those smaller businesses that lack the security resources of enterprises.  

We have also recently expanded into the Middle East, a region in which we see huge growth potential. The channel also remains a major priority for us, and our network is going from strength to strength as we build stronger connections with system integrators and distributors. We are also continuing to expand and solidify our relationships with industry partners like Appgate and Armis as part of our wider strategy to develop best-of-breed solutions to solve customer challenges.  

Looking at the year ahead, the difficult economic landscape means that enterprises are going to be very focused on their budgets and ensuring they achieve the most ROI from their investments. Investments in cyber will be no different. But as a leader in zero trust and in ZTS, and at a time when organisations are largely seeing the value in breach containment and a heightened need for security, Illumio is well positioned to service its customers, especially in the midst of uncertain and challenging times.  

This article is originally published on January 11, 2023.

Executive Profile

Adam Brady

Adam Brady is Director of Systems Engineering for EMEA at Illumio. He is an experienced cybersecurity professional with over a decade of on-the-ground exposure to CERT work, emergency response, systems engineering, and security consultancy, working with some of the largest organisations within EMEA. His focus has included combating industry-targeted malware in the ICS/SCADA space, and Pre-sales consultancy in multiple areas of cyber-security.

The views expressed in this article are those of the authors and do not necessarily reflect the views or policies of The World Financial Review.