Illumio
Inc. announced the findings from a series of emulated attacks conducted by Bishop
Fox, a leader of offensive security and provider of penetration testing,
designed to measure how Illumio Core can contain an active ransomware attack. The emulation proved that Zero Trust Segmentation stops
attacks from spreading in ten minutes, nearly 4 times faster than detection and
response capabilities alone
.
Bishop Fox set up a purple team
test environment to measure the effectiveness of Illumio Core against an active
ransomware threat. The test, which mapped to the MITRE ATT&CK framework, was based on real threat actors' tactics,
techniques, and procedures (TTPs), and ran a series of attack scenarios to
measure the number of successfully compromised hosts and the time taken for an
attacker to complete the attack. The findings showed:
- In a network with only detection capabilities, an advanced attacker breached all hosts within 2.5
hours.
- In a network with detection and Zero Trust Segmentation
for incident response, the attacker
moved beyond its initial point of entry, compromising only 1 additional host,
and it took 38 minutes to contain and stop the attack.
- In a network using proactive Zero Trust Segmentation, it took 10 minutes to stop the attack and the attacker
could not move beyond the first compromised host.
Bishop Fox also highlighted that:
- The stricter the Zero Trust Segmentation policy and enforcement modes were, the faster the team
detected and stopped an ongoing attack.
- Illumio Core demonstrated it could significantly improve
an organization's ability to proactively limit the available attack surface and
reduce the bad actors' movement throughout the network following an initial
attack.
- Illumio Core was "especially useful" at covering EDR blind spots in locations where attacker behavior wasn't properly
detected by preconfigured EDR alerts, highlighting the importance of both
detection and response technologies and Zero Trust Segmentation in building a
modern, resilient security strategy to contain ransomware.
"When attackers move, unimpeded
and often undetected, throughout an organization's hybrid IT, we see the most
devastating consequences. Bishop Fox's testing illustrates that a security team
tasked with identifying and stopping an ongoing attack is four times faster if
they have built Zero Trust Segmentation into their environment," said PJ
Kirner, CTO and Co-founder at Illumio. "The difference between what an attacker
can do in 10 minutes and 40 or 150 minutes is dramatic, and we've seen reports
that continued collaboration among ransomware gangs is accelerating the time
between an initial compromise and ransomware deployment. That's why it's
critical to pair perimeter security and detection and response strategies with
Zero Trust Segmentation to stop the spread of a breach."
"While the results of
this emulation are impressive, they're not surprising. In real-world
implementations we see equal effectiveness using Zero Trust Segmentation like
that of Illumio Core," said Rob Ragan, Principal Researcher at Bishop Fox.
"Cyberattacks like ransomware are not just a cybersecurity problem, but a
resilience concern. Zero Trust Segmentation is an effective way to mitigate the
risks of the propagation of ransomware; and it has become a significant market
category because of its ability to transform operations, stop intruders in
their tracks to limit their impact, and ultimately reduce risk and strengthen
business resilience."
You can read the full report here.