Security breaches are inevitable. Safeguarding your valuable resources means focusing on containment and microsegmentation. Here’s how it works.
IT and security professionals charged with safeguarding their organization’s networks must accept a grim reality: Security breaches are inevitable. Once they accept that, they can move on to the question of how best to limit damage from breaches.
The answer comes down to a single word: containment
Dr. Larry Ponemon, founder of the Ponemon Institute, summed up the issue well in a recent blog post. “We used to think prevention was the goal,” he wrote. “But it’s not practical anymore. The focus now needs to be on how fast you can contain the damage.”
Reducing the blast radius
Containment strategies focus on the idea of microsegmentation, or isolating critical assets to reduce the “blast radius” of a breach. The idea is to prevent attackers from moving laterally within a network in search of the most valuable resources.
Such activity is at the heart of advanced persistent threat attacks, where intruders may lurk undetected for weeks inside a network before finally finding what they’re after and launching a ransomware attack or just stealing data.
By using a containment approach to protect the organization’s most valuable data, applications, and services, organizations can ensure that sensitive data remains insulated even in the face of a breach.
Zero Trust is the heart of a containment strategy
By default, no user, application, or device is trusted. Instead, every interaction must be verified, and highly granular policies govern which ones are allowed.
That enables companies to create the segmentation that’s at the heart of containment. In simple terms, it’s a familiar strategy. Employees are permitted access only to those resources they need in order to do their job, so a marketing executive would not normally have access to sensitive payroll data, for example. In practice, containment requires companies to take that strategy further by adding in real-time telemetry and policy controls.
How security graphs deliver granular, effective policies
For example, the Illumio Platform uses a security graph to discriminate between legitimate communication flows and suspicious ones.
The graph presents a visual representation of a network, similar to a digital twin. That makes it easier for companies to set highly granular policies that limit movements throughout the network and to ensure that policies prevent anyone from accessing valuable resources for which they are not authorized. Companies can write policies to instantly isolate high-value assets if suspicious activity is detected, for example.
Artificial intelligence models help make security graphs more effective by helping companies identify relationships between applications such that they can then write security policies to protect systems and contain attacks, says Raghu Nandakumara, vice president and head of Industry Strategy at Illumio.
“AI models can provide guidance to say, ‘Based on this scenario and our understanding of your environment, we think you should isolate this workload right now,’” he says. “In this other case, you’ve got a more systemic problem, a gap, and you need to update your policy.”
That last point highlights an important fact: Containment strategies get better over time as AI models continually surface new information, including from breaches.
Final thought
If you accept the notion that breaches are inevitable, you would also do well to consider how best to contain them. The idea of containment, along with security graphs and Zero Trust, provides a sound solution.
Learn more about how microsegmentation can safeguard your organization against inevitable security breaches. Contain the breach with Illumio.
