Unlike traditional perimeter defenses such as firewalls, software-based microsegmentation enforces granular, internal network controls. By applying unique policies to each segment, it blocks attackers from moving laterally after an initial breach.
Ransomware thrives on lateral movement, but ColorTokens Inc. and CrowdStrike Holdings Inc. use software-based microsegmentation to contain its spread. Attackers are forced to hit containment walls at each step, reducing the breach blast radius, Mac Grant (pictured, right), vice president of Americas sales and channels at ColorTokens.
“I think what we want to shout from the mountaintops is there is an ability to stop lateral movement, and there is an ability to be sure that you will not experience a debilitating cyber attack,” he said. “The way to make that happen is to properly microsegment your environment, and it can get done with our integration with CrowdStrike. It can get done in 90 days. We don’t have to look at a two-year or three-year deployment plan. We can deliver real value in 90 days to an organization, real risk mitigation.”
Grant and Sunil Muralidhar (left), vice president of marketing and partnerships at ColorTokens, spoke with theCUBE’s Dave Vellante and Rebecca Knight at Fal.Con, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how software-based microsegmentation reduces the attack surface, blocks lateral movement, and supports zero-trust principles. (* Disclosure below.)
How software-based microsegmentation contains breaches by blocking lateral movement
Software-based microsegmentation shortens the breakout period by restricting attacker movement, increasing detection opportunities and forcing adversaries to slow down at every step. By enforcing fine-grained, workload-to-workload policies that block unauthorized east–west traffic, it ensures attackers encounter barriers at every pivot point, even after breaching one machine, according to Muralidhar.
“I think CrowdStrike has been measuring the breakout period for the last several years, and you can see it’s nosedived by about 90%,” he said. “What microsegmentation does is actually helps you get more time. It adds more friction to the attacker, so the attacker is not free to move on so easily. It reduces the attack surface for the attacker to move around, and that’s what the [security operations center] teams would love from us.”
ColorTokens’ “Be Breach Ready” approach focuses less on fully preventing attacks and more on preparing for the inevitable. By stopping lateral movement, organizations can block ransomware takeovers and limit major security incidents, according to Grant.
“If you look at our tagline from our website, you’ll see, ‘Be Breach Ready,’” he said. “What we mean by ‘Be breach ready’ is [that] it’s not a matter of if, but when somebody’s going to get past some sort of defense. There’s been a lot of time and effort put into protecting organizations from breaches occurring. Our job picks up when they do occur; we want to defeat lateral movement through the proper use of software-based microsegmentation.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of Fal.Con:
(* Disclosure: TheCUBE is a paid media partner for Fal.Con. Neither ColorTokens Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE