There's Zero Trust And Then There's Zero Trust Segmentation
Do you know which devices in your network are connected to the internet that shouldn't be?
You have your perimeter and interior network protected: firewalls, endpoints secured, intrusion detection and protection all in place. Yet you still get attacked and a threat actor manages to breach your infrastructure.
A frustrating scenario. But one that could be remedied by employing zero trust segmentation.
"The overarching principle of zero trust is validating who, what, when, where and why constantly," said Gary Barlet, federal chief technology officer at Illumio, in an interview with MES Computing.
Segmentation makes zero trust more granular, Barlet said.
He likened zero trust segmentation to a checkers board. "[You have] pieces on it and you put each piece inside a separate square," he said. "You have to decide what is allowed in which square."
Barlet is a retired U.S. Air Force Lieutenant Colonel who served as a cyberspace operations officer for 20 years and as the CIO of the Office of the Inspector General at the U.S. Postal Service.
When Illumio assesses a potential customer's site, the first task is conducting a network mapping of the customer's environment. Barlet said clients are often surprised by how many devices they have communicating with the internet that shouldn't.
"The map can be a mess," Barlet said. "Most people don't understand how much communication is happening [within their networks]."
Most devices do not need an internet connection, said Barlet, who used a credit card machine as an example.
"A user goes to a website and fills in information. That information gets processed and validated," he explained. "The reality is that the webpage is the only thing that should be talking to the internet. All the servers should just be talking to the page or other servers and not the internet," he said.
Only a finite number of devices in your network should have access to the internet, Barlet said. He said that many CISOs and security teams, from his experience, believe that securing the perimeter around the network is enough—but it's not.
"A house only has one door to the outside. Locking the door isn't enough. What about your windows, chimney?" Barlet said.
Once inside a network, attackers make "east to west" lateral movements, he said, exploiting vulnerabilities like rogue machines connected to the internet.
Illumio draws boundaries around individual applications and servers, he said. The solution creates "ring fences" around each individual application, sometimes around each server.
The platform can then decide what's allowed into the network and out.
"Everything that's not allowed is denied access," Barlet said.
Akamai and Cisco Systems have security offerings similar to Illumio, but what makes Illumio different, according to Barlet, is it reduces complexity with zero trust segmentation.
The company also works with many midmarket customers, as well as Fortune 500 and small businesses.
When working with midmarket organizations, Barlet said Illumio is deployed across the enterprise to draw a picture for the CISO to see what's going on, with a focus on applications.
The next step is calling out which protocols are commonly leveraged by attackers. For example, are there RDP ports opened that shouldn't be?
"The big thing that most people lack is the broader understanding and visibility [of what's happening inside the network]," Barlet said.