John Kindervag, the creator of Zero Trust, explains why all breaches come down to bad policy and how security graphs dramatically improve your security posture.
Everything in cybersecurity, including Zero Trust environments, comes down to policy: All actions are either allowed or denied by a policy. If you understand that reality, you can see why security graphs are so helpful in creating good policies and implementing Zero Trust.
That’s one of the key messages from John Kindervag, chief evangelist at Illumio and the creator of Zero Trust.
“People think cybersecurity is about technology, and it’s not. It’s about policy,” he says. “The technologies — whether [they are] a firewall or endpoint detection and response, or anything else — all exist to enforce policy. And policy is binary. All you can do is allow something or deny it.”
Security graphs and defining the Protect Surface
The question is then, “How do you ensure that you’re creating good policies?” That’s where security graphs come in.
As covered in an earlier post, security graphs are visual maps of a network built from detailed data on IP addresses, source and destination addresses, port numbers, and protocols. They show not only the network itself but also the relationships among elements in any given traffic flow — the kind of detail that’s valuable for creating effective policies.
A good security graph first helps define the protect surface — the first of Zero Trust’s five steps. (A future post will cover the rest.) Unlike the attack surface and all of its possible entry points, the protect surface is where your critical assets live. Most networks have multiple protect surfaces, and the graph identifies and maps them.
The graph also includes crucial transaction flows that show how all the elements work together as a system.
“Now we can architect the entire environment. Because we have a map, we can see how to put the right controls in the right place,” Kindervag says. “Then we can write policy and monitor and maintain those policies.”
Building smarter defenses through continuous policy insight
The “monitor and maintain” phase is crucial for detecting bad policies. Illumio tools enable users to see simple green and red lines that show which conversations are allowed and which are denied. Yellow lines highlight traffic that isn’t covered by policy and should be reviewed.
Working together, the color-coded lines make your security stronger over time, because users can now gauge how well their policies are working.
“It’s a system that gets stronger and better over time. If there is an attack, the system learns from the attack and will develop an even better security posture,” Kindervag says.
Frequently organizations have subpar firewalls and other rules because they lack the context to show how a given request or connection relates to other elements in the network. Security graphs help alleviate that problem.
“The truth about cybersecurity is that all bad things happen inside of an allow rule,” Kindervag says. “If a security incident happens, it was because there was a rule that allowed it to happen. You’re not just the victim of cybercrime. You are an unwitting coconspirator because you have bad policy.”
Conclusion
To prevent becoming unwitting coconspirators, organizations must constantly improve policies to eliminate unnecessary trust, and security graphs enable this effectively. By mapping relationships and dependencies, security graphs offer the context needed to create Zero Trust policies that truly work.
Don’t let faulty policies put your organization at risk. Learn how the Illumio Platform can help you create effective policies that protect your most valuable assets. Contain the breach with Illumio.
