Microsegmentation

Good News: We Ruined a Customer’s Pen Test

Published August 24, 2023 by Daisy Spiridopoulos

"You guys are ruining my Pen testing software. I tried to hammer some of my machines today with our Pen tester...Zero wouldn't let it even get to the machines. I'm going to have to turn it off so I can get a good test." - Jim Paolicelli, IT Director at Atlantic Constructors, Inc.

Sorry about that Jim (!), but we’ve never been so proud to ruin a customer’s pen test; what a testament to the remarkable effectiveness of Zero Networks!

Prevent Lateral Movement, Block Ransomware

The linchpin for ransomware is lateral movement which enables it to spread far and wide within an organization. Zero Networks Segment™️ is radically simple and effective microsegmentation – essentially placing a firewall around every network asset, enabling granular security policies and a highly effective defense against today’s advanced threats.

But that granularity also introduces complexity in terms of implementation and challenges around scaling. Unlike our competition, however, Zero Networks Segment™ is fully automated in terms of policy creation, it’s agentless - centrally managing all host-OS firewalls – and it leverages just-in-time privileged access with self-service MFA to apply security to any abnormal activity, privileged users or anytime extreme security is required.

We Help Businesses Pass a Pen Test

Ironically (at least to the customer quoted above), one of the primary use cases for our solution is to enable businesses to pass a pen test - read more on that here.

The primary cause of most failed penetration tests is excessive network permissions. Traditional networks were primarily designed for connectivity, lacking robust security measures. Consequently, they tend to be overly permissive internally, granting machines more network access than necessary. This open environment simplifies an attacker's ability to move laterally once they compromise a single machine.

During penetration tests, simulated attacks often begin with one "compromised" machine. Pen testers then perform various forms of reconnaissance, identify misconfigurations, exploit vulnerabilities using weak protocols, and move laterally to determine how an attacker could exfiltrate data or deploy ransomware.

Enter Zero Networks Segment™️ which reduces network permissions to only what's necessary (reminder: this is done via automated, agentless microsegmentation). Additionally, Zero Networks applies just-in-time Multi-Factor Authentication (MFA) for sensitive, privileged connections, which attackers often exploit.

MFA-enabled microsegmentation ensures that organizations can pass a penetration test on the first attempt. Reconnaissance cannot collect information about the network behind closed ports, vulnerabilities cannot be identified and exploited, and lateral movement becomes impossible due to the closed ports. Ultimately, if attackers cannot see anything within the organizational network, they cannot exfiltrate or encrypt its data. Zero Networks' approach fundamentally enhances network security by addressing the issue of excessive network permissions at its core.

 

In conclusion, whether you’re using us to prevent unauthorized lateral movement (and so you must turn us off to conduct a good pen test with your other solutions since we’re so good at doing that 💪🏼) OR you want to put us in place to pass your pen test with flying colors, Zero Networks is here to support you every step of the way.

Request a demo today!