After reading this article from Dark Reading, I now see why it's so hard to stop the spread of cyber-breaches. It seems that the writer still thinks you can stop cyber criminals with a bigger, better firewall. That thinking is why the impact of cyber crimes will double from 3 to 6 trillion dollars by 2021. Firewalls stop people from getting in the front door...Big, expensive, feature rich front doors do help but heck why not just try the backdoor....I bet it's even left open.
The way to deal with breaches is to assume you will be or have already been breached. With that line of thinking you then focus on the most important assets within your organization. Those assets, that if lost, will put you out of business. Be sure to use the litmus test of “if said asset was gone can we run our business?”...if the answer is YES...then it’s not critical.
Once you have classified those assets, you then can segment them from everything else with very fine-grained rules restricting connectivity (aka segmenting) to only other assets needed to run the business. Those big, bad, NGFWs can provide this type of segmentation but is that really the right approach? Putting all the different devices behind a firewall EQUALS lots of work, costs and pain, not to mention the inability to easily control communications between the assets themselves.
Why not just leave your assets where they are and however they are running? What if you could logically create the segmentation you want no matter the type of asset (physical/virtual/container), the location (public/private cloud), or level of control? Check out illumio ASP. Otherwise, go right ahead and save 3.92 million dollars for the costs of that breach (US companies ...you need to save 8.19M) and contribute to that big cyber crime cost ticker that keeps going up and up...
According to Ponemon, the time it takes to identify and contain a breach can take as long as two years