There's Zero Trust And Then There's Zero Trust Segmentation

Do you know which devices in your network are connected to the internet that shouldn't be?

Samara Lynn
clock • 3 min read
There's Zero Trust And Then There's Zero Trust Segmentation

You have your perimeter and interior network protected: firewalls, endpoints secured, intrusion detection and protection all in place. Yet you still get attacked and a threat actor manages to breach your infrastructure.

A frustrating scenario. But one that could be remedied by employing zero trust segmentation.

"The overarching principle of zero trust is validating who, what, when, where and why constantly," said Gary Barlet, federal chief technology officer at Illumio, in an interview with MES Computing.

Segmentation makes zero trust more granular, Barlet said. 

He likened zero trust segmentation to a checkers board. "[You have] pieces on it and you put each piece inside a separate square," he said. "You have to decide what is allowed in which square."

Barlet is a retired U.S. Air Force Lieutenant Colonel who served as a cyberspace operations officer for 20 years and as the CIO of the Office of the Inspector General at the U.S. Postal Service. 

Gary Barlet, Federal Chief Technology Officer, Illumio

When Illumio assesses a potential customer's site, the first task is conducting a network mapping of the customer's environment. Barlet said clients are often surprised by how many devices they have communicating with the internet that shouldn't. 

"The map can be a mess," Barlet said. "Most people don't understand how much communication is happening [within their networks]."

Most devices do not need an internet connection, said Barlet, who used a credit card machine as an example.

"A user goes to a website and fills in information. That information gets processed and validated," he explained. "The reality is that the webpage is the only thing that should be talking to the internet. All the servers should just be talking to the page or other servers and not the internet," he said.

Only a finite number of devices in your network should have access to the internet, Barlet said. He said that many CISOs and security teams, from his experience, believe that securing the perimeter around the network is enough—but it's not.

"A house only has one door to the outside. Locking the door isn't enough. What about your windows, chimney?" Barlet said.

Once inside a network, attackers make "east to west" lateral movements, he said, exploiting vulnerabilities like rogue machines connected to the internet.

Illumio draws boundaries around individual applications and servers, he said. The solution creates "ring fences" around each individual application, sometimes around each server.

The platform can then decide what's allowed into the network and out. 

"Everything that's not allowed is denied access," Barlet said.

Akamai and Cisco Systems have security offerings similar to Illumio, but what makes Illumio different, according to Barlet, is it reduces complexity with zero trust segmentation.

The company also works with many midmarket customers, as well as Fortune 500 and small businesses.

When working with midmarket organizations, Barlet said Illumio is deployed across the enterprise to draw a picture for the CISO to see what's going on, with a focus on applications.

The next step is calling out which protocols are commonly leveraged by attackers. For example, are there RDP ports opened that shouldn't be? 

"The big thing that most people lack is the broader understanding and visibility [of what's happening inside the network]," Barlet said.

 

 

 

You may also like
Access Point: Weekly News Roundup For IT Executives For April 19, 2024

Column

Access Point is a weekly roundup of major tech news for IT executives on the go. This edition covers April 15-19.

clock 04-19-2024 • 2 min read
DataStax Exec Talks About Recent Acquisition That Gives Businesses Powerful AI Capabilities

Artificial Intelligence

DataStax's chief product officer also details how midmarket companies are using the platform

clock 04-19-2024 • 6 min read

MES Midmarket 100 Awards

MES Midmarket 100

The MES Midmarket 100 Awards recognizes vendors that have proven themselves to be forward-thinking technology providers with product and services offerings.

More on Security

Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

The vulnerabilities involve tools used to build AI apps

Samara Lynn
clock 04-18-2024 • 6 min read
Trouble Managing Digital Certificate Sprawl? There's A Mid-Market Solution For That

Trouble Managing Digital Certificate Sprawl? There's A Mid-Market Solution For That

More users, more devices, more certificates to manage.

Samara Lynn
clock 04-17-2024 • 2 min read
Experts Warn 2024 Elections Will Be Biggest Cyberattack Targets

Experts Warn 2024 Elections Will Be Biggest Cyberattack Targets

“In the biggest global election year in history, democracy is the primary target of nation-state threat actors," the co-founder of cybersecurity firm Armis says.

Samara Lynn
clock 04-16-2024 • 3 min read