Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Self-defending networks: what resilience teams are missing


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: Security spending is projected to reach $239 billion in 2026 while globally reported data compromises hit a record high in 2025, a gap the source argues reflects weak architectural enforcement rather than weak tooling, according to Zero Networks. The practical shift is from catching attacks faster to constraining how far they can move once inside.

NHIMG editorial — based on content published by Zero Networks: How to Build a Self-Defending Network, a framework for cyber resilience

By the numbers:

Questions worth separating out

Q: How should security teams reduce lateral movement without disrupting business operations?

A: Security teams should reduce lateral movement by combining identity-aware segmentation, tightly scoped administrative access, and automated containment rules.

Q: Why do detection tools alone fail to deliver cyber resilience?

A: Detection tools fail when they identify malicious activity after the attacker has already used valid access to move laterally.

Q: What do organisations get wrong about internal trust and Zero Trust?

A: Many organisations treat Zero Trust as a perimeter replacement rather than an internal enforcement model.

Practitioner guidance

  • Benchmark internal blast radius Map east-west paths, open privileged ports, and identity-dependent access routes so you can see where one compromise can still spread.
  • Enforce identity-aware segmentation Tie segmentation rules to user, workload, and admin identity rather than only to subnet or host location.
  • Close high-risk administrative protocols Review SMB, RDP, WinRM, and RPC exposure and remove standing access where the business can support it.

What's in the full article

Zero Networks' full post covers the operational detail this analysis intentionally leaves for the source:

  • The 5-stage resilience maturity model and how to benchmark your current containment posture.
  • The operational explanation of how microsegmentation, identity-aware access controls, and ZTNA work together in the self-defending model.
  • The article's discussion of deterministic, human-on-the-loop automation and how it is used to contain movement without adding manual overhead.
  • The security metrics Zero Networks uses to tie resilience to business outcomes, including uptime during attack conditions and mean time to containment.

👉 Read Zero Networks' framework for building a self-defending network →

Self-defending networks: what resilience teams are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Blast-radius control is now a resilience discipline, not a network tuning exercise. The article correctly shifts the conversation away from how many tools a team owns and toward how much damage a valid compromise can cause. That is a governance problem because internal trust, privilege scope, and containment design determine whether a breach stays local or becomes enterprise-wide. For identity programmes, this means blast-radius reduction belongs in the same conversation as least privilege and lifecycle control.

A question worth separating out:

Q: How do you know if containment controls are actually working?

A: Containment controls are working when a compromised asset cannot pivot into adjacent systems and the incident remains bounded to a small part of the environment. Measure whether policies block lateral movement automatically, whether exceptions are rare, and whether uptime remains stable during attack simulation. Alert volume alone is not a useful proof point.

👉 Read our full editorial: Self-defending networks expose the gap in resilience-by-detection



   
ReplyQuote
Share: