and Isolate Threats
Whether in modern cloud environments or
legacy datacenter deployments, attackers know that most organizations:
- Focus on perimeter-based,
preventive security controls.
- Lack the internal controls to
restrict internal, east-west network traffic.
- Lack the
visibility to detect long-lived, low-level attacks within enterprise
Attackers do what works, and prevention eventually fails.
Since most organizations focus most of
their defense efforts on perimeter-based, preventive controls – modern
attackers still spend most of their time and resources attempting to
breach perimeter defenses. Experience has taught them that getting
"beyond the castle walls" is the hard part. Once inside,
attackers expect to be able to navigate with relative impunity and,
thus, can take their time poking and prodding their way through the
enterprise – maintaining Command & Control while moving laterally
toward their high-value target(s).
As enterprises move to multi-cloud
deployments, the enterprise "perimeter" has gone from being
centralized, static and physically defined – to distributed (think
"multi-cloud"), dynamic (configurable through Cloud Provider
APIs) and logically defined (think "floating / public IPs").
On top of this, self-service cloud (virtualization) technologies have
improved efficiency and scalability at the expense of security and
visibility. There are simply more security-relevant assets and
controls, changing more often, than ever before.
Thus, a new approach is needed – one that
allows organizations to continue to benefit from the efficiency and
scalability made possible by the cloud while enhancing security
operations through deep Visibility, continuous Compliance, and