In this 7 Minutes on ITSPmagazine Short Brand Story, Sean is joined by Benny Lakunishok, Co-Founder and CEO at Zero Networks, the company offering a simple, fully automated platform with three core capabilities designed to make true Zero Trust architecture a reality for enterprises of any size: network segmentation, identity segmentation, and secure remote access. Microsegmentation as a step in achieving security maturity is not only for advanced companies, but it can also be achieved by organizations of all sizes, maturity, and complexity.
Earlier this year, the NSA released updated zero-trust guidance in which microsegmentation is listed as a daunting, advanced endeavor, only suitable to the most mature organizations. Zero Networks is committed to challenging this sentiment. While some may hesitate, thinking microsegmentation is beyond their reach, we urge organizations to reconsider. Waiting is not an option when it comes to securing your network against evolving threats. By prioritizing microsegmentation, you're taking a proactive stance against unauthorized lateral movement, thwarting advanced attacks, and effectively blocking ransomware. Zero Networks has helped organizations of all sizes, maturity, and complexity levels to deploy our radically simple microsegmentation solution in a click, without breaking anything, and with little to no effort.
As ransomware attacks double, microsegmentation has been hailed by Gartner, Forrester, the NSA, and leading security trade media outlets, as the most promising solution for halting lateral movement and satisfying zero trust guidelines. You can’t have a zero trust architecture without microsegmentation – but you also need to implement a solution quickly, without breaking anything, and without extensive costs and complexities. Zero Networks offers exactly this solution. Zero Networks' microsegmentation solution locks down lateral movement, effectively stranding hackers and preventing them from spreading ransomware. For an added layer of security, we apply MFA authentication to the network layer, allowing organizations to protect assets that could not be easily protected by MFA before: legacy applications, databases, OT/IoT devices, mainframes, on-prem VMs, and IaaS VMs. Our just-in-time MFA also applies an additional layer of security to privileged remote admin protocols like RDP, SSH, and WinRM – commonly exploited by attackers. This also supports organizations with compliance needs. “Never trust, always verify” comes automatically with Zero Networks.
Zero Networks' microsegmentation solution provides agentless, automated, and multi-factor authentication (MFA) powered architecture. By monitoring and learning all network connections over a 30-day period, Zero Networks creates precise firewall rules that are centrally applied to all assets. This agentless architecture ensures that every asset, whether on-premises or in the cloud, including OT/IoT devices, is segmented without disrupting normal operations. One of the key challenges with traditional microsegmentation solutions is their complexity and associated costs. Forrester highlights the difficulty in quantifying the business benefits of microsegmentation due to its indirect impact on productivity and user experience. A global independent investment bank, Evercore, was undergoing the major challenge of effectively responding to an incident when a workstation was compromised, and a threat actor was able to gain access to their network to move laterally. They had firewalls, whitelists, blacklists and other measures that could slow them down but nothing that could immediately shut them down. Chris Turek, CIO of Evercore, said “Zero Networks is creating a new sphere of security capabilities.
See the platform for yourself - reach out to us at zeronetworks.com for a demo.
Learn more about Zero Networks: https://itspm.ag/zeronet-al2d2
Note: This story contains promotional content. Learn more.
Guest: Benny Lakunishok, Co-Founder and CEO, Zero Networks [@ZeroNetworks]
On LinkedIn | https://www.linkedin.com/in/bennyl/
On Twitter | https://x.com/lakunishok
Resources
Learn more and catch more stories from Zero Networks: www.itspmagazine.com/directory/zero-networks
Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Demystifying Microsegmentation | 7 Minutes on ITSPmagazine | A Zero Networks Story with Benny Lakunishok
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] Here we are. We're ready for another seven minutes on ITSP Magazine with a new brand short story. Today I'm joined by Benny Lakunishak. He's a co founder and CEO at Xero Networks, a company offering a simple fully automated platform with three core capabilities designed to make true zero trust architecture a reality for enterprises of any size.
Welcome, Benny.
Benny Lakunishok: Hi, Sean. Thanks for having me.
Sean Martin: Segmentation has been best practice for quite some time now. So talk to me about the, this concept of micro segmentation and why organizations need to think differently about how they manage their networks in that regard.
Benny Lakunishok: Cool. So micro segmentation is essentially. Not just segmenting rough segments of the organization or the network. It's every machine, every IP address, every device, client, server, VM, anything in its own bubble, in its own network segment. That's micro segmentation. That's been extremely hard to achieve in the past.
And I'm proud to say that we are making micro [00:01:00] segmentation plug and play as, as, as it stands.
Sean Martin: Yeah, because the, the networks have changed, right? The types of networks change and, uh, the types of access to those networks, both with people and, and machines have changed. So talk about some of the challenges organizations face.
Benny Lakunishok: I mean, the main challenges with micro segmentation is, uh, there's a few, like you need to deploy agents. And a few other things that are friction points. But the main one is that it's very manual. You need to understand before you micro segment machine, an application, a client, a device, what it needs to remain open.
Inbound mainly, maybe also outbound, depending on how you micro segment. And that allow listing per machine is excruciating. It is long, it is hard. You typically pay three times more than the original price just to make it. Go in with professional services, that's the impossible thing to do. [00:02:00] And we make that easy by fully automating, by having it completely agentless and a few other goodies that we have.
Sean Martin: And so my understanding is we're really trying to get a grasp on some of the lateral movement that, uh, some of the attackers use here. And I guess one way of doing that is by ensuring that authentication and authorization is in place so that as. Things are trying to move. We can validate that. Is that correct?
Benny Lakunishok: Yeah, I mean, there's more detail to that, but lateral movement is the main thing, problem that micro segmentation solves, that we solve. And some of it is, you just want to close, some of it, you just want to open, and then there's a lot in the middle that you want to close. To open temporarily after verification, we're actually the only vendor that has something like that with MFA enabled built into it.
[00:03:00] So you only open certain connections after an MFA. That's bolted into our micro segmentation solution. And we're actually the only one that have that, and it's also patented.
Sean Martin: And it covers Networks. I mean, let's be honest, some legacy, legacy networks, uh, exist. And I mean, mainframes are starting to make a comeback, but mainframes exist.
Um, but we also see the other end of the spectrum with, uh, IOT networks and OT networks, uh, certainly VMs and containers that all adds challenge to, uh, to making this possible. And I presume you, you have, uh, the solution to that too, correct?
Benny Lakunishok: Yes. So our platform is essentially cementing. Every assets type it can be the most legacy of legacy, which is These stupid devices, OTs, IOTs, just stuff connected to some switch.
We can do those. We can do classical, let's call it legacy on prem, that's more IT oriented. And we can also do cloud, by the way. Like [00:04:00] your network can be a hybrid of things you have on prem, both IT and OT, and things you have in the cloud. Both VMs and PaaS services, platform as a service. There's a service in the cloud.
We can do all of them, and it's all in one UI. You see all of your assets with all types, from all types, in one UI, and you submit them in one UI, and also the visibility of the connections of everything in one place.
Sean Martin: And talk to me, uh, quickly about the, the protocols as well. Um, is all that you talk about those different devices and different communications between them, uh, How do you ensure that like things like rdp and ssh and things like that are controlled too?
Benny Lakunishok: Yeah, so There's a wide variety of protocols. Obviously the ones you specifically mentioned Let's call them the privilege or the admin protocols the rdp the ssh the winrm Those are actually with us never open and that's a very good [00:05:00] thing We open them on demand for a temporary amount of time after you prove it's you with MFA.
So, with other micro segmentation solutions, you probably have to keep it open to some extent. Um, fairly open, let's say. And with us, all of these admin ports that are heavily used by attackers and ransomware are always closed. And you have to MFA to open one temporarily for you. And that's really a big needle mover to security.
Sean Martin: And you mentioned automation earlier. I presume that's, uh, driven by some understanding of the network. So you do some learning of how things work and how they connect, right? Talk to me about how that works.
Benny Lakunishok: That's a huge topic and I don't think we have enough time to cover that. But in a nutshell, we took a big problem that everybody threw machine learning and AI bullshit at.
And are failing in actually succeeding in learning that and [00:06:00] we divide it into a lot of small pieces And each of them we did in a simple way and it's super accurate It's very deterministic and we know what do we want to keep open? What do we want to keep closed or what do we mfa and mfa the good part about it?
It's not for the normal employee. Typically the default is just for the privileged stuff that it is DevOps, technical people and attackers need. So that's the automation. Obviously the server to server, the service accounts, everything that's machine to machine, the automation knows how to pick up and make sure that's open.
Sean Martin: How can folks connect with you to, to get started?
Benny Lakunishok: Oh, you can just go to our website and those like click to see a demo and We'll show you how all this works and then if you want those our pilot is obviously for free We have some customers after seeing the demo.
They just literally bought and segmented thousands of machines in a click But through the website mainly
Sean Martin: wonderful. Well [00:07:00] Benny. Thanks for sharing this story with us That's been seven minutes here on ITSP magazine.
Benny Lakunishok: Thank you, Sean