Here at ColorTokens, most CISOs we speak with understand the need to stop lateral movement attacks. They know that they will inevitably have an initial compromise at some point, for the simple reason that when it comes to perimeter security, the attacker only has to be right once; the defender must be right every single time. All it takes is one employee to succumb to a phishing attack or MFA prompt bombing, and the hackers achieve an initial compromise.
Once the attacker gains initial access, they then move laterally through your network, searching for high-value assets to disrupt operations, steal sensitive data, or encrypt critical systems for ransom. That’s where our Xshield Enterprise Microsegmentation Platform™ comes in: it prevents unauthorized lateral traffic, while allowing valid business processes to proceed. Hackers can’t just wander the halls of your enterprise castle looking for the treasure room. After all, you wouldn’t be motivated to pay a ransom if all the hacker could encrypt was your company holiday list.
Are You Breach Ready? Uncover hidden lateral attack risks in just 5 days. Get a free Breach Readiness Assessment with a visual roadmap of what to fix first.
However, we sometimes come across articles about microsegmentation projects using other solutions that have implementation and operational problems. For example, in an article published last week on the Data Breach Today site, the author makes the case that most microsegmentation projects don’t achieve the value that was expected:
“Microsegmentation has long been touted as the gold standard and preferred strategy for restricting hackers’ lateral movement. It locks down network traffic between applications and reduces the blast radius for breaches. Vendors say it’s transformative, but if you walk into most large enterprises, you’ll find it half-implemented.”
(Here’s the link to the article: Why Microsegmentation Is Just a Dream for Many IT Teams)
But is microsegmentation really just a dream? At ColorTokens, over the last several years, we have focused on operational excellence to ensure that our clients do realize the value of microsegmentation.
Most other solutions require you to install software, gain visibility into assets and traffic, and then define traffic policies for each enterprise application. This policy definition process often takes two weeks or more for every application. This is partially a cultural problem in organizations; it requires collaboration between the security team, the application team, and possibly the desktop/infrastructure team. This can be a lengthy process to schedule and execute. Often, the application team itself doesn’t fully understand the ports and paths used by enterprise apps, so defining appropriate lateral movement controls takes a long time.
Such a timeline becomes a problem when an organization has hundreds or even thousands of enterprise apps. It delays actual microsegmentation enforcement by months, or even years. As a result, many microsegmentation projects get stuck at the visibility stage and never fully implement Zero Trust policies. This leaves the organization vulnerable to lateral movement attacks, and the lengthy delay in realizing benefits diminishes leadership’s confidence in the CISO’s cybersecurity strategy.
To address this problem, ColorTokens has developed a unique approach to making enterprises breach ready. Xshield lets you significantly enhance your security posture within the first days to weeks of your microsegmentation journey, using what we call Progressive Policy Enforcement. Instead of trying to build application-specific policies one app at a time, Xshield lets you quickly establish enterprise-wide controls for the most exploited ports and paths, as defined by the MITRE Lateral Movement Attack Techniques knowledge base and CISA Threat Advisories. These resources and others are instantiated right in our user interface and updated every 24 hours.
We then define policies that control inactive ports. You’d be surprised how many times we conduct a proof-of-value engagement and find that thousands of ports are open that have never received valid business traffic. Why leave these ports open for the attacker’s convenience? Next, we move on to controlling lateral movement via elevated-privilege, management, and infrastructure ports.
Access Forrester Wave™ Report | Discover why ColorTokens was rated ‘Superior’ in OT, IoT, and Healthcare Security.
At this point, without requiring the security team to collaborate with the application and infrastructure teams, you can already achieve a 50-80% improvement in your security posture, as measured by reduction in blast radius and attack surface. This makes it very difficult for hackers to execute lateral movement attacks. It disrupts the ransomware attacker’s business model because they cannot traverse your enterprise and encrypt enough high-value assets to demand a ransom payment. Using Xshield, this is typically implemented for the whole enterprise within 60 to 90 days. Then you can proceed with defining policies that control traffic to specific enterprise applications and their dependencies.
This immediate improvement in your security posture shows up in Xshield’s risk-based reports and dashboards, which CISOs can use to communicate the benefits to their peers, leadership, and oversight bodies. The ability to quickly demonstrate value lends credibility to the Zero Trust microsegmentation project plan, helping security leaders build consensus within their organization in support of their cybersecurity initiatives. At ColorTokens, we’re making microsegmentation not just a dream, but a reality.
To schedule a conversation with our expert solutions specialists about how we can help your organization Be Breach Ready, you can reach us here.
