Solving Cyber Resilience: Combine a Zero Trust Philosophy with Advanced Microsegmentation

With global ransomware attacks increasing by 15% in 2024, the question for security leaders isn’t if they will face a breach, but when. To ensure they’re prepared for cyber threats and incidents, many organizations are adopting cyber resilience strategies, with a particular emphasis on Zero Trust Architecture.  

In a recent webinar, Dr. Chase Cunningham, aka Dr. Zero Trust, and António Vasconcelos, Customer Engineer at Zero Networks, discussed the importance of Zero Trust in the modern threat landscape, why the right mindset is critical for enhancing resilience, and how microsegmentation makes it easier than ever to build a cyber resilient architecture.  

In case you missed it, check out key moments from the session below or watch the on-demand webinar here. 

Most Cyber Pros Look to Zero Trust to Drive Security  

There’s no doubt that security leaders view Zero Trust as vital to improving security posture today, but it’s taken more than a decade to arrive here.  

António: Let's begin with this data point that we extracted from a survey that we conducted where we asked [about] the importance of zero trust as a factor in improving the overall security posture. And it's very evident, very clear that everyone is saying that it's either extremely important or very important. No questions there. But I do have a couple of questions for you, Chase. How long have we been talking about zero trust? 

Chase: We've been talking about ZT conceptually for over 100 years. If you think about cyber specifically, I'd say we've been talking about it for probably about the last 15. So, it's only taken about a century and 15 years to catch up and get to where we are – which, hey, I mean, progress is progress.  

"If you really look at this, only about 10% of the folks that you talk to said, ‘Nah, not doing any ZT things. Doesn't make any sense. It's just kind of whatever.’ That's great, because if we compare this to five years ago, it would be pretty much the other side of the coin."

António: Do you also think that zero trust eventually is being subverted as a term? I believe that very often it's being used as something which is not the exact intent or original goal of it. 

Chase: Yeah, well, I mean that's kind of the double-edged sword of what goes on with real strategy – the moment that everybody starts gravitating towards something because it works there's the sharks in the water that look at this and go, “Oh, well, we do that thing too.” And then they start making their own version of it and it becomes kind of diluted. But there's a lot of very valid, very long-term academic research about this. 

“I'm actually kind of glad that there's still 10% of people that say zero trust is not a thing ... The world needs slow gazelles, unfortunately. So, the doubters and the haters can be the doubters and the haters because I'd rather have you get ripped apart than somebody that actually understands strategy. So please continue doubting because the lions are waiting in the weeds for you.” 

As Security Spending and Breaches Rise, a Mindset Shift Is Critical 

Over the last several years, investments in security and risk management have risen – but so have globally reported data breaches. This trend suggests that throwing budget at breach prevention isn’t enough; it’s time to accept the reality that compromises will occur and focus on resilience.  

António: Fortunately, there's a bigger investment in cyber or business risk in general for the last couple of years. It is a non-argument that boards, C-level people, management, etc. understand that nowadays cyber and business risk should be top of mind in general … What we obviously expected is, as these budget investments continue to increase, that we would see the opposite trend of data breaches going down … but we still continue to see that increase again from 2021 to 2024, something like 660% increase of data breaches. So, what are we doing wrong? What's happening? 

Chase: I don't think we're doing much wrong. I think what we're actually seeing here is that there's been this amalgamation and growth within small and mid-sized businesses also being required to do stuff in cybersecurity. And the reporting has increased, the compliance initiatives have increased, there's a larger pool to pull from. 

Chase: We're spending more money ... to try and solve the problem. However, some folks are still not accepting that a breach is an inevitability and they're not applying controls to limit the scope of the breach, if you will. And I think that's where we get a lot of this wrong.  

“I tell people all the time when I'm talking zero trust: accept breach.” 

Fortunately, constructing a microsegmented architecture with the mindset that breaches will occur minimizes the impact of cyber incidents.  

António: How does proper architecture limit the blast radius of an adversary? 

Chase: The crux of the whole thing is if your architecture is actually accurate and correct and segmentation is where it's supposed to be, it’s like in the Navy, we call it watertight integrity – I can take a missile hit; ship still stays afloat. I'm not the Titanic where if one compartment floods, everybody drowns, and we wind up with a bad Leo DiCaprio movie. That’s what you're trying to get away from.  

Microsegmentation: A Dynamic Approach to Compliance and Cyber Defense 

Modern networks are dynamic – compliance and security strategies should be, too. Microsegmentation is comprehensive yet flexible enough to adapt to evolving environments and demands – and keep the same maximum level of security throughout.  

Chase: You're in a digital system, people do different things, networks move, infrastructure changes burst and go away. There is no way to maintain compliance and legally do business if you are not considering how compliance is actually supposed to be enabled and doing the segmentation side of it.  

“The truth of the matter is if you're not segmented correctly, you're not microsegmented, and it's not dynamic in nature, you're not compliant because changes occur.” 

António: This was a question also that we did in our survey: what is the importance of microsegmentation for cyber defense? And once more, 55% said very important, 19% of them said extremely important. Nothing, again, that we need to counter-argue here. 

Still, despite the widely recognized value of microsegmentation, implementation challenges remain top of mind for many organizations.  

Antonio: When you bring microsegmentation into a conversation, the first thing that security practitioners think about is pain. Because that's exactly how things, one way or the other, have happened over the past couple of decades. 

Although modern microsegmentation solutions like Zero Networks have advanced beyond the legacy challenges that drive most concerns, new hurdles often emerge on the path to cyber resilience.  

António: What I see is, as Zero comes in into the picture, technology is no longer the blocker – it's now change management that is the blocker. How do you actually change your business, change your operations, change your processes, reeducate people on how things are done to then adapt to that new strategy, that new end goal, which is microsegmentation? 

Zero Networks’ Automated Approach to Building a Cyber Resilient Architecture 

Microsegmentation doesn’t have to strike fear into the hearts of security leaders. Zero Networks’ automated microsegmentation solution implements in days – not years. Zero makes it easy for organizations of any size to build a resilient, Zero Trust Architecture without the never-ending manual work associated with microseg – tagging, grouping, and policy creation and management. Request a demo to see how Zero can make microsegmentation set-it-and-forget-it at your org.