Cyber threats have evolved from hypothetical dangers to near-certain realities, demanding a fundamental shift in how organizations approach security. In a recent episode of Discovering Disruptions in Tech, Howard Holton, CTO of GigaOm, sits down with Rajesh Khazanchi, CEO and Co-founder of ColorTokens, to explore this new cybersecurity paradigm. Together, they discuss how traditional security models fall short in a world where internal, or “East-West,” network traffic now makes up 85% of all traffic.
At the heart of their conversation is the concept of microsegmentation within a Zero Trust architecture—a proactive approach that limits the damage from potential breaches by minimizing lateral movement within networks. Rajesh and Howard shed light on why it’s no longer enough to rely on perimeter defenses and how embracing breach readiness and automation can help organizations stay resilient against increasingly sophisticated attacks.
You can watch the video linked below or continue reading the summary.
The Cybersecurity Lag in Network and Security Evolution
Despite rapid advancements in computing and storage technology, networking and security practices have struggled to keep pace. Over the last two decades, we’ve transitioned from bare-metal servers to virtualization, embraced microservices, and adopted cloud computing. Yet, in the realm of networking, we’re still heavily reliant on outdated constructs, and security practices seem even further behind.
Rajesh and Howard highlight how the internet’s original open design has led to a security landscape full of patches and band-aid solutions. New startups emerge to address the latest attack vectors, but many of these solutions add complexity without truly enhancing security. Organizations are increasingly realizing that a reactive approach is no longer sufficient. This sets the stage for a new, more proactive approach in cybersecurity—microsegmentation.
The Rise of East-West Traffic and Internal Threats
A major challenge in modern cybersecurity is the rise of internal or “East-West” traffic, which now constitutes roughly 85% of all network traffic. This includes machine-to-machine communications and user-to-system interactions within an organization. While traditional firewalls focus on North-South traffic—data entering and leaving the network—this only accounts for about 15% of total activity.
This gap creates an entry point for attackers: once inside the network, they can exploit the flatness of most network structures to move laterally. Rajesh points out that most systems today operate on flat networks, which means that if one device is compromised, it can impact the entire network. This context underscores the need for microsegmentation to contain internal threats by controlling movement within the network.
The Need for Microsegmentation: Limitations of Traditional Segmentation
Microsegmentation emerges as a strategic response to these internal threats, offering the ability to create internal boundaries within the network and restrict lateral movement. Traditional network segmentation falls short, as it often focuses on network optimization rather than security and lacks the visibility needed to truly manage communications between systems.
Rajesh likens current segmentation practices to a medieval fortress—high outer walls but minimal internal defenses. Once an attacker breaches the perimeter, there is little to stop them from moving laterally. Microsegmentation, however, places security controls closer to each asset, creating smaller, isolated zones that prevent widespread damage from a single breach. This approach is critical to transforming networks from “open fields” into secure, segmented spaces.
Challenges in Implementing Microsegmentation
Implementing microsegmentation at scale can be daunting. As Howard notes, managing policies for every system to control inbound and outbound traffic creates operational overhead. Imagine trying to apply these policies across thousands of servers—by the time initial policies are established, the network has likely evolved, requiring further adjustments.
Rajesh shares an example of a hospital that employs eight people full-time to audit firewall policies, a process that takes six months to complete one cycle. This example highlights the immense resource demands, especially in complex environments. Acknowledging these challenges is essential to approaching microsegmentation with realistic expectations.
Breach Readiness: Preparing for “When” Not “If”
Embracing a “when” mindset rather than an “if” mindset shifts the focus from preventing breaches to preparing for them. Microsegmentation is a foundational part of a breach-ready approach that enables rapid response to minimize damage when a breach occurs. Rajesh and Howard advocate for a phased plan that prepares organizations to act before, during, and after a breach.
- Before the Breach: Segment critical assets and establish baseline traffic patterns.
- During the Breach: Quarantine affected areas swiftly to prevent lateral spread.
- After the Breach: Identify patient zero, assess impact, and fulfill regulatory requirements.
This proactive strategy enables organizations to move from a reactive security posture to a state of readiness, increasing resilience against attacks.
The “Progressive Breach Ready” Approach
For organizations starting out, Rajesh highlights that implementing microsegmentation doesn’t have to be overwhelming. Start with the highest impact and least effort areas:
- Malicious/Risky/Unused: Begin with highest impact known bad trojans/malicious and high risk deprecated communication protocols. Close out unused and inactive communication ports that are just unnecessary attack surface
- Critical management and infrastructure: Apply macro-segmentation to the heart of lateral movement attack ports frequently management and infrastructure ports like RDP, SMB, SSH, WinRM etc. These cannot be blocked but can be highly controlled and monitored.
- Application Controls: Implement granular microsegmentation policies for the sensitive and critical applications. Leverage automation to manage policies at scale.
This progressive and prioritized approach allows organizations to reduce their attack surface and overall breach impact quickly and then gives a pathway for continuous improvement.
Integrating Microsegmentation with Other Security Measures
Microsegmentation is a powerful component of a Zero Trust architecture but doesn’t operate in isolation. It must integrate with tools like Endpoint Detection and Response (EDR) solutions, user behavior analytics, and identity management systems.
Howard explains that by reducing the attack surface through microsegmentation, organizations can lessen the workload on these tools, enabling security teams to focus on genuine threats. For example, fewer alerts mean that teams can prioritize high-risk incidents rather than wading through excessive log data.
Recovering Quickly
We have to accept that impenetrable security is unattainable. The number of vulnerabilities continues to climb, and attackers are becoming more sophisticated. What we can do is make security resilient. By drastically cutting down the number of “lateral movement paths” with microsegmentation, we turn a catastrophic breach situation into one with a highly contained blast radius and much faster recovery.
Rajesh highlights that customers have seen up to a 90% reduction in event/log analysis effort, enabling them to focus on meaningful threats rather than being overwhelmed by data. This shift not only improves security but also enhances operational efficiency.
Achieving Manageable, Proactive Security
Microsegmentation is no longer a luxury; it’s the foundational element of an enterprises cyber-defense plan. But it’s important to approach it with a breach ready mentality. Don’t try to “swallow the elephant whole.” Use modern tools to solve modern problems at a pace your organization can handle.
Think beyond just segmentation. Prepare for breach readiness by developing a playbook for how to respond when—not if—an attack occurs. Equip your team with the tools and knowledge they need to act swiftly and effectively.
In the end, security is about reducing risk to a manageable level. By adopting microsegmentation and integrating it into a comprehensive security strategy, organizations can protect their critical assets and maintain business continuity in the face of inevitable cyber threats.
If you want to craft a breach readiness playbook, with microsegmentation at its heart, please feel free to reach out to us here.
Ready for the video? Check out the link below! Plus, you’ll find all the speaker details right there, too!
About the Speakers
Rajesh Khazanchi
Co-Founder, Chief Executive Officer, ColorTokens inc.
Howard Holton
Chief Technology Officer, GigaOm
Rajesh Khazanchi
Co-Founder, Chief Executive Officer, ColorTokens inc.
Rajesh Khazanchi, CEO and Co-founder of ColorTokens, is at the forefront of cybersecurity innovation, leading ColorTokens to accelerate growth over 300% annually in the last three years. With deployments in over 100 large enterprises across sectors like healthcare, manufacturing, and more, Rajesh is passionate about solving complex problems and creating value for customers through a culture of excellence and innovation.
Howard Holton
Chief Technology Officer, GigaOm
Howard Holton, Chief Technology Officer or GigaOm, brings a wealth of knowledge in innovative and scalable solutions, focusing on helping customers solve business problems using the latest technologies and best practices. With a mission to be a trusted advisor and agent of change, Howard has a proven track record of delivering outcome-based strategies and building high-performing teams across various industries.
