Like the Night King, Perimeter Defense is Dead

April 29, 2019 Corey Williams

If you’ve been following the return of Game of Thrones (warning: show spoilers ahead) then you know winter has arrived.

Last season, on the back of some serious firepower in the form of an undead Dragon, the White Walkers finally breached the Great Wall and descended upon the seven kingdoms. The iconic scene and subsequent fallout this season reminds me, in many ways, of how the castle-and-moat strategy has also failed against the growing sophistication of today’s cybersecurity threats.

For so long, cybersecurity has been an industry driven by barriers. Perimeter defense was king, and so were the technologies that established walls, gates, and moats that kept evil forces at bay. But today, the number and scale of cyber attacks continue to grow. The Great (fire)Wall is no longer the end-all, be-all to stop threats and keep the kingdom safe. Here’s why…

Like a Wight Dragon, the Cloud has Blown Up the Perimeter

In the age of digital transformation, a growing number of business resources must now exist outside the traditional perimeter. As companies embrace more cloud services — and move everything from infrastructure, applications, and data to the cloud — they’re blowing more holes (or at least introducing more weak points) in their own firewalls. With so many new entry-points, even the strongest perimeter defense strategy today can’t alone keep the castle from being infiltrated.

While the majority of company leaders prioritize reinforcing their cybersecurity defenses against malware, bad guys continue to walk right through the front gates. Eighty-one percent of breaches today involve compromised credentials (weak or stolen passwords). These are essentially the “keys to the kingdom” since traditional castle-and-moat strategies were never meant to account for what happens once the walls have been breached. Once they’re inside, what’s in place to stop them from accessing even more services?

Information, the Secret Weapon Against the Dark

None of this even takes into account the growing sophistication of today’s cybersecurity threats. Like the Night King’s undead army, threats from malicious actors have grown in number and power. Whether it’s phishing, brute force attacks, or keystroke loggers, they don’t even need a fire-breathing zombie dragon to put a hole in your barriers and leave the business at risk of being overrun. So if perimeter defense is dead, what can be done to stop their march?

In the absence of effective barriers, the biggest weapons companies have to wield against malicious actors is information. The future of identity relies on having enough information, or “context,” to verify every user, on every device, for every login. With growing cloud adoption and more apps, users, and devices seeking access on the go, from across the globe – there’s so much now that exists beyond the traditional perimeter. Security today can’t be as binary as determining whether an access request came from within or outside of the firewall.

Winter is here, and the wall has been breached. To win the ultimate battle of good and evil, we’re going to need to regroup and rethink our approach when it comes to identity and access management.

One increasingly popular approach to cybersecurity is Zero Trust. Click here to see more on the importance of this strategy today, then tune in for our next installment of this blog series where we’ll break down the core tenets of Zero Trust, starting with how to verify every user.


Read the series on Zero Trust here:

Zero Trust Series – 1  What Is Zero Trust and Why Is it So Important?

Zero Trust Series – 2 Like the Night King, Perimeter Defense is Dead

Zero Trust Series – 3 Imposter Syndrome: Why You Can’t Separate the “Good Guys” from the “Bad Guys”

Zero Trust Series – 4 Passwords are Just one Piece of the Cybersecurity Puzzle

Zero Trust Series – 5 The Future of Cybersecurity is Artificial: Intelligence Will Transform Enterprise Governance

Zero Trust Series – 6 Protect, Detect, Deter, Respond is Not a Security Strategy.

Zero Trust Series – 7 Upping the Security Ante: How to Get Teams’ Buy-in for Zero Trust

Zero Trust Series – 8 Next-Gen Access and Zero Trust are the PB&J of Security

Zero Trust Series – 9 Passwords Need Fixing. Zero Trust is the Solution.

Zero Trust Series – 10 The One-Two Punch of Zero Trust. Verify Every User, Validate Every Device.

Zero Trust Series – 11 “Should I Stay or Should I Go?” Artificial Intelligence (And The Clash) has the Answer to Your Employee Access Dilemma.

Zero Trust Series – 12 Grow Up! Plotting Your Path Along the Zero Trust Maturity Model

Previous Article
Biometric Authentication – Our ‘Unique Human Identities’ Under Attack
Biometric Authentication – Our ‘Unique Human Identities’ Under Attack

Editor’s Note: In late 2018, CyberArk published five cybersecurity predictions for 2019. This deep-dive blo...

Next Article
Q&A: Threat Analytics, Detection and Response in the Cloud
Q&A: Threat Analytics, Detection and Response in the Cloud

A WIRED article detailing a nation state attack recently caught my attention. The piece introduced the conc...