New Bishop Fox Emulation Uses Zero Trust Segmentation to Stop Ransomware Attacks in Less Than 10 Minutes

Illumio Core stopped attacks from spreading across hybrid IT 4 times faster than detection and response alone

 Sydney Australia — Thursday 11 August 2022 — Illumio Inc., the Zero Trust Segmentation company, today announced the findings from a series of emulated attacks conducted by Bishop Fox, a leader of offensive security and provider of penetration testing, designed to measure how Illumio Core can contain an active ransomware attack. The emulation proved that Zero Trust Segmentation stops attacks from spreading in ten minutes, nearly 4 times faster than detection and response capabilities alone.

Bishop Fox set up a purple team test environment to measure the effectiveness of Illumio Core against an active ransomware threat. The test, which mapped to the MITRE ATT&CK® framework, was based on real threat actors’ tactics, techniques, and procedures (TTPs), and ran a series of attack scenarios to measure the number of successfully compromised hosts and the time taken for an attacker to complete the attack. The findings showed:

  • In a network with only detection capabilities,an advanced attacker breached all hosts within 2.5 hours.
  • In a network with detection and Zero Trust Segmentation for incident response, the attacker moved beyond its initial point of entry, compromising only 1 additional host, and it took 38 minutes to contain and stop the attack.
  • In a network using proactive Zero Trust Segmentation, it took 10 minutes to stop the attack and the attacker could not move beyond the first compromised host.

Bishop Fox also highlighted that:

  • The stricter the Zero Trust Segmentationpolicy and enforcement modes were, the faster the team detected and stopped an ongoing attack.
  • Illumio Core demonstrated it could significantly improve an organisation’s ability to proactively limit the available attack surface and reduce the bad actors’ movement throughout the network following an initial attack.
  • Illumio Core was “especially useful” at covering EDRblind spots in locations where attacker behavior wasn’t properly detected by preconfigured EDR alerts, highlighting the importance of both detection and response technologies and Zero Trust Segmentation in building a modern, resilient security strategy to contain ransomware.

“When attackers move, unimpeded and often undetected, throughout an organisation’s hybrid IT, we see the most devastating consequences. Bishop Fox’s testing illustrates that a security team tasked with identifying and stopping an ongoing attack is four times faster if they have built Zero Trust Segmentation into their environment,” said PJ Kirner, CTO and Co-founder at Illumio. “The difference between what an attacker can do in 10 minutes and 40 or 150 minutes is dramatic, and we’ve seen reports that continued collaboration among ransomware gangs is accelerating the time between an initial compromise and ransomware deployment. That’s why it’s critical to pair perimeter security and detection and response strategies with Zero Trust Segmentation to stop the spread of a breach.”

“While the results of this emulation are impressive, they’re not surprising. In real-world implementations we see equal effectiveness using Zero Trust Segmentation like that of Illumio Core,” said Rob Ragan, Principal Researcher at Bishop Fox. “Cyberattacks like ransomware are not just a cybersecurity problem, but a resilience concern. Zero Trust Segmentation is an effective way to mitigate the risks of the propagation of ransomware; and it has become a significant market category because of its ability to transform operations, stop intruders in their tracks to limit their impact, and ultimately reduce risk and strengthen business resilience.”

You can read the full report here.

— ENDS —

Research Methodology

Throughout March and April of 2022, two Bishop Fox consultants conducted a succession of attack emulation on a test environment, one acting as the attacker (red team) and one acting as the defender (blue team). The team ran five attack scenarios and measured the number of successfully infected or compromised hosts, the time it took the attacker to complete the scenario, and the number of TTPs successfully executed.


About Illumio

Illumio, the Zero Trust Segmentation company, prevents breaches from spreading and turning into cyber disasters. Illumio protects critical applications and valuable digital assets with proven segmentation technology purpose-built for the Zero Trust security model. Illumio ransomware mitigation and segmentation solutions see risk, isolate attacks, and secure data across cloud-native apps, hybrid and multi-clouds, data centers, and endpoints, enabling the world’s leading organisations to strengthen their cyber resiliency and reduce risk.


Illumio Contact:

Hayden Jewell

Media & Capital Partners (on behalf of Illumio)

New Media Releases

Rubrik Surpasses $400 Million in Subscription ARR and Launches Rubrik Zero Labs, Data Threat Research Unit to Help Combat Global Cyber Events

The launch of Rubrik Zero Labs, Rubrik’s new cybersecurity research unit to analyse the global threat landscape, report on emerging data security issues and give organisations research-backed insights and best practices to secure their data against the increasing threat of cyber events.
The appointment of Former Mandiant Vice President and distinguished cybersecurity expert, Steven Stone, to head the newly-launched Rubrik Zero Labs
It has surpassed $400 million in software subscription annual recurring revenue (ARR) to date, growing over 100 percent year over year.

Macquarie Telecom Group delivers 8 successive years of EBITDA growth

Macquarie Telecom Group (ASX: MAQ) has announced its FY22 results, topping its guidance and marking the eighth successive year of EBITDA growth with a 19.8% rise to $88.4M as demand for its cyber services rose.

The company exceeded $300 million in revenue (8.5% rise) across its data centre, cloud, government and telco businesses, with CEO David Tudehope highlighting strong growth in the company’s cyber security services. In FY23, Macquarie will continue to invest heavily, including by increasing the total IT load capacity of its IC3 East data centre by 1 megawatt and injecting up to $80M in CAPEX.

Recent Podcast Episodes

The Production Team

The KBI Production Team write and hunt down the information security professionals need to know. They present news updates and thought-piece articles designed to provide educational content and insights for the industry. You can reach out with any ideas or requests for subject coverage to with your message.

Share This