From DORA to ISO 27001 and beyond, a Zero Trust strategy focused on containment can help address requirements related to response readiness and resilience in the face of cyberattacks.
Numerous industry and regulatory standards cover not only security issues but also response readiness and operational continuity. In meeting these standards, organizations would do well to examine how Zero Trust and containment strategies can play a key role.
How visualization sheds light on security holes
Security- and privacy-related standards generally prioritize preventing breaches. However, many also address the need to develop detailed plans for responding to and recovering from cyberattacks, ensuring that critical systems remain operational in the face of an attack. The European Union Digital Operational Resilience Act (DORA) requires as much for financial institutions, as does ISO 27001, the international standard for information security management systems (ISMSs).
Using containment strategies is a powerful way for organizations to ensure that they meet compliance standards for response readiness and operational continuity. Containment relies on a Zero Trust approach, and security graphs can help by providing a visual representation of the relationships between different resources within an environment. From the graphs, teams can create visual maps that make it easier to understand the security controls each connection requires and to better align policy with transaction flows.
“That visibility helps you see where the weaknesses are in your compliance efforts,” says John Kindervag, chief evangelist at Illumio and the creator of Zero Trust. “Auditors love Zero Trust, because they can easily understand it and get visibility into what’s going on.”
NSA endorses Zero Trust and containment to limit lateral movement
Auditors aren’t the only ones. The U.S. National Security Agency (NSA) issued a Cybersecurity Information Sheet last year, touting using Zero Trust as an effective way to “contain, detect, and isolate network intrusions.”
In particular, the NSA says using Zero Trust is a good way to curtail the lateral movements of an intruder within a network “by employing controls and capabilities to logically and physically segment, isolate, and control access (on-premises and off-premises) through granular policy restrictions.”[1]
The NSA advocates isolating critical resources, using network segmentation. Successful segmentation “depends on an organization’s depth of awareness and understanding of their data — how it flows within standalone networks and across networks that interconnect physical infrastructure, cloud computing, and distributed work environments,” the NSA writes.
The NSA paper says organizations should “leverage data owners’ and network teams’ knowledge to form a comprehensive data flow map.”
Artificial intelligence and security graphs foster good policy
But security graphs provide a better, more accurate depiction.
“Instead of trying to gather insights from numerous resource owners to verify relationships between resources, companies can create graphs by ingesting data from sources such as flow logs and resource inventories and enhancing this with artificial intelligence and machine learning models,” says Raghu Nandakumara, vice president, Industry Strategy at Illumio.
“These security graphs can help companies create policies that implement proactive containment, thus limiting the blast radius of any attack to only that network segment the intruder succeeded in breaching,” Nandakumara says. “On top of that, the same graph can be used to quickly identify and detect lateral movement risks in the environment, to aid the quick isolation of impacted workloads.”
Those two elements — proactive and reactive containment — make for an effective response readiness and operational continuity strategy that any auditor will applaud.
Contain the breach with Illumio.
[1] “Advancing Zero Trust Maturity Throughout the Network and Environment Pillar,” March 2024, National Security Agency
