A major current theme in enterprise computing is the compartmentalization of security approaches, where enterprises and security teams set escalating parameters for managing breaches. In essence, making it such that penetrating the first layer doesn’t deal damage to critical workloads and/or result in the theft of crucial data.

The idea works very much like that of a submarine, according to PJ Kirner (pictured), co-founder and chief technology officer of Illumio Inc.

“Submarines are built with water-tight compartments inside of them,” he said. “So when there is a physical breach, like what happens when a torpedo is deployed, you close off that compartment. There are redundant systems in place, but you close off that compartment. That one small thing you’ve lost, but the whole ship hasn’t gone down.”

Kirner spoke with theCUBE industry analyst Dave Vellante at AWS re:Inforce, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed approaches like zero-trust microsegmentation as viable for combating the expanding hybrid attack surface brought on by hyperconnectivity. (* Disclosure below.)

Attacking ransomware: A CISO’s perspective

CISOs, critically, head up enterprise security operations and decide its short and long-term direction. Undoubtedly, the role of chief information security officer has been magnified significantly in today’s ransomware landscape.

The CIA identifies three major markers that affect the positioning of public and private sector data/workloads for malicious exploitation: integrity, confidentiality and availability. The latter has especially proven a strong point of ingress for malicious actors and drawn the attention of CISOs, according to Kirner.

“It really taxes the availability problem. If you lock up all your laptops and can’t actually do business anymore, you have an availability problem,”  he said. “They might not have stolen your data, but you know, they locked it up, and now you can’t do business.” 

Subequently, CISOs have been granted access to unprecedented resources to wage war against the ransomware scourge. Lateral movement — a modern technique cyber attackers use to breach systems by moving deeper in the network — is a major gap CISOs should look to plug, according to Kirner.

“Often what happens is there’s an initial point of breach, like someone has a password or clicked on  a phishing link,” he explained. “And then you might be compromised at a low level place that doesn’t have a lot of data or is not worthwhile. Then you have to get from that place to data that is actually valuable. That’s where lateral movement comes into play.”

Contemporary segmentation and compartmentalization will become less and less effective as cyber attackers become increasingly savvy, Kirner added. Organizations must, therefore, evolve more intricate lateral movement prevention strategies.

“One area in which we’ve done some research on segmentation is, imagine putting up a maze inside your data center or cloud. So that the attacker having to get from that initial breach to the crown jewels takes a lot longer when you have a segmented environment as opposed to if you have a very flat, linear network,” he stated

The reasoning is that a longer time taken to reach their goal will make continuing an attack less viable for the malicious actor.

Illumio’s take on zero trust

Zero-trust security became such a hot-button topic that big cloud and open-source players like Amazon Web Services, Snowflake and Red Hat have had to cosign. But beyond being just a buzzword or badge of honor, it’s a security philosophy with principles that are more important today than ever before, according to Kirner.

“For me, there’s actually two really important concepts, and so one is the idea of least privilege,” he explained. “AWS says they’ve done it. They have embraced least privileges, and a lot of good systems that have been built from scratch do. But not everybody has least privilege kind of controls everywhere. Secondly, least privilege is not about a one-time thing; it is about continuously monitoring.”

The second of those concepts is the “assume breach” mentality, where security practitioners act as though the breaches they’re trying to prevent already happened.

“Assume breach is something where you assume the attacker is already in where you trying to prevent. You always still should probably prevent the people from clicking on the bad links, but from a security practitioner point of view, assume this has already happened. They’re already inside. And then what do you have to do,” Kirner concluded.

Illumio will provide more enterprise security analysis during the upcoming AWS Startup Showcase event, airing on Sept. 7.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event:

(* Disclosure: Illumio Inc. sponsored this segment of theCUBE. Neither Illumio nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE