Illumio

Billions Spent on Defense, But Still Easy for Skilled Actors

It's remarkable to think that, despite the c. $160bn spent on cybersecurity each year, the number, and cost, of ransomware attacks remain elevated, and not too far off the 2021 peak. And, as a whole, the number and severity of data breaches are creeping higher each year.

Enterprises are now deploying numerous sophisticated defenses, such as NGFWs (Next-Gen Firewall), NGAVs (Next-Gen Antivirus), CWPPs (Cloud Workload Protection Platform), CSPMs (Cloud Security Posture Management), Threat Intelligence services, and advance Security Operations supported by SOARs, SIEMs, and data lakes. Yet this still isn't enough to stop talented bad actors.

One may think it should be sufficient, however. Compare it to the billions of dollars banks spend each year on physical security. This proves to be highly effective, as even the most talented would-be bank robbers, decide to take a different criminal route. What makes it vastly easier for cybercriminals, is the IT and workforce sprawl that has gotten way more extreme in recent years, attributed to cloud computing and COVID-19. As a consequence, notwithstanding the plethora of advanced security defenses that orgs have deployed, there is always a way in for a smart cybercriminal.

Many smart bad actors are exploiting the distributed era of enterprises to launch ransomware attacks. When we contemplate ransomware is more profitable with orders of magnitude lower risk than cocaine trafficking, it's clear why this is a popular cybercrime. These skilled actors have even launched Ransomware-as-a-Service, enabling lesser skilled cybercriminals to launch their own ransomware attacks, which has greatly contributed to the rise in attack frequency.  

Enterprise sprawl, the highly attractive risk-reward of ransomware, Ransomware-as-a-Service, and the cybersecurity technical debt culminated from the numerous point solutions - all contribute to an increasing precarious set of circumstances for all types of orgs.

Microsegmentation: the Solution to Stop Ransomware

One effective solution to thwart ransomware, however, is microsegmentation. Ransomware attackers, once they've gotten inside the corporate network, must move around inside the network looking for valuable systems and data. Microsegmentation is a solution that enables quick and easy segmenting of a network, so that unauthorised users cannot move around freely.

Microsegmentation falls under the umbrella of Zero Trust, which is becoming the accepted overarching security philosophy for hybridized and distributed enterprises. The main principle of Zero Trust is to view every connection request, to a resource or another user, as untrustworthy by default. Before Zero Trust this wasn't the case, as anybody already inside the network (on-prem or via VPN) could easily connect and get authenticated to access resources.

Microsegmentation supports and enforces the Zero Trust philosophy by making it very easy for SecOps, NetOps, and DevOps to make sure entities (users, machines) are only connecting to other entities that they absolutely need to. In essence, it is about hardening the network, viewing every request, especially unusual ones, as untrustworthy, and making it difficult for bad actors to snoop around.

Illumio: Microsegmentation Leader

Illumio is a late-stage startup that is emerging as a leader in the nascent microsegmentation space. The company has a novel approach to segmenting an enterprise's network. They deploy an agent on machines (servers, clients) that taps into the controls of the native firewall in the operating system. From the central control plane, SecOps or NetOps can use these agents to control the native firewalls, and allow/block connections across the network, accordingly. It is a really low-effort way to both harden and segment a network and quickly respond to detected intruders.      

Essentially, Illumio has leveraged software-defined technologies to create a centralised control plane that can orchestrate decentralised security enforcement, which is an ideal approach to protect highly distributed enterprises.

Illumio isn't completely unique in this regard, because there are few other vendors that are leveraging software-defined technologies to create this product architecture (centralised control + decentralised enforcement). However, they are unique in utilising the native operating system firewall, installed on pretty much every machine. By leveraging an existing and very valuable resource in this way, Illumio can deploy relatively lighter agents that consume fewer RAM, disk, and CPU resources per machine. This makes deploying and operating Illumio relatively less taxing on the environment. And this easier to deploy and operate quality ought to support Illumio's GTM efforts.

For institutional investors, on request, we can do tailored research or memos into any specific aspect of Illumio, ransomware, microsegmentation, or cybersecurity more broadly. For all types of investors, here are individual reports either solely focused on Illumio or including Illumio to some degree.

For institutional inquiries please email [email protected].

Reports

Pre-IPO: Illumio (October 2021)

Illumio memo for Contrary Research (research division of Contrary Capital) - Free to read at Contrary Research

A Technical Overview Of Segmentation – The Panacea To Stopping Ransomware (January 2022)