AI is widening the asymmetry between attackers and defenders

Assumed breach mindset

Historically, organisations poured money into endpoint detection and response (EDR) and perimeter firewalls, but those investments are no longer sufficient to deal with the machine speed of AI-powered adversaries.

Instead, they must adopt an assumed breach mindset, Nandakumara said. “It’s not just the inevitability that cyber attacks are going to happen, but also the inevitability that a cyber attack – the initial intrusion into a target environment – will be successful.”

That calls for security teams to build cyber resilience, so they can withstand an attack by limiting its blast radius and containing the breach – for instance, by applying granular microsegmentation at the network layer to trap an attacker who has bypassed perimeter controls.

“Ultimately, the attacker is looking for some kind of vulnerability or misconfiguration to compromise so that they can get access to the network. If you better secure the network, you directly prevent or limit the attacker from moving around,” Nandakumara said.

However, Nandakumara warned that security teams must clearly distinguish between microsegmentation as a technical capability and the policy outcomes they want to achieve. Granularity, whether separating individual ports and processes or simply isolating production from non-production environments, is simply a matter of policy, dictated by business risk.

Complementing SASE and the modern security stack

While technologies such as secure access service edge (SASE) and zero trust network access (ZTNA) have seen growing adoption, Nandakumara clarified that microsegmentation solves a fundamentally different problem.

He compared SASE services from cloud security suppliers such as Zscaler and Cloudflare to a building’s security guards. “They are essentially all focused on the front door. How do we take users that may be anywhere and securely connect them to your corporate environment?”

Illumio, on the other hand, operates exclusively inside the perimeter. “How do we give you complete visibility and secure all of that connectivity within your building?” Nandakumara said, adding that the two approaches are complementary and necessary for a holistic zero-trust architecture.

He also claimed that while cloud security suppliers have moved into the microsegmentation space, many have struggled due to underlying architectural limitations. “Desiring to take the same architectural approach and extending it to microsegmentation doesn’t necessarily work or is very difficult to do without introducing significant more complexity into the customer environment,” he said.

OT convergence brings new segmentation demands

Historically, operational technology (OT) networks that host industrial control systems and critical infrastructure lacked internet connectivity, making visibility and control difficult. However, as OT and IT environments converge, organisations are suddenly finding their OT systems exposed.

According to Nandakumara, the market has changed dramatically in the past 18 months. What used to be a theoretical, “throwaway” question about whether OT segmentation was possible has now become a critical priority.

“Through a combination of regulatory factors and modernisation of OT environments, we’re now starting to see a real focus on wanting to segment OT environments,” Nandakumara said.

Whether it’s OT threats or AI agents, Nandakumara believes the core tenets of security remain the same – it is simply the scale and speed that are changing.

“I don’t think cloud really introduced novel security challenges; it just made the same fundamental security things even more important, because everything was essentially one misconfiguration away from being exposed,” Nandakumara said. “It’s the same with AI, but on a scale and complexity we’ve not seen before.”