Aviatrix Blog 
As data breaches continue to hit the industry, and regulatory bodies update data compliance rules, tech leaders are taking more steps to improve their network security postures. Figuring out which solutions to invest in, how much of security is training vs. technology, and how to measure success are difficult tasks, especially for enterprise organizations.
As I wrote about recently for Forbes, you can’t be a perfectionist when it comes to security. As our CEO, Doug Merritt, said earlier this year, “the bad actors are already in” – inside of your apps. CEOs, CTOs, CIOs, and CISOs need to adapt by not focus their efforts on blocking every threat actor from getting in, but preventing lateral movement, data theft, and the release of malware or ransomware into their systems.
Here are a few starting points for strengthening cloud network security:
Start with Visibility
Much of the ongoing, indispensable work of security is simply awareness: where are your apps and services? What are your network’s typical traffic patterns? Where might an attacker be able to gain access and move laterally? An essential first step is gaining network-wide visibility so you can spot potential vulnerabilities and any anomalies in user logins or traffic patterns.
Aviatrix CoPilot provides this multi-region, multicloud visibility by displaying all of your cloud accounts in one centralized view. You can keep an eye on traffic patterns, potential threats, cloud costs, and your network’s egress with real-time telemetry and policy management.
Taking Endpoint Protection to the Next Level
As Aviatrix CISO John Qian pointed out, endpoints are one of the main attack vectors – but you need to complement traditional endpoint detection and prevention (EDR) solutions with solutions that protect your entire network, leaving no gaps. Make sure you are using network-wide encryption, segmenting your network to prevent lateral movement, implementing egress filtering to keep traffic from going out to suspicious domains, and reducing your attack surface by keeping traffic off the public internet.
Aviatrix reinforces endpoint protection by offering secure, high-performance encryption for single-, hybrid, or multicloud environments, streamlining network segmentation, and filtering egress traffic.
Shutting Down Phishing Scams
Don’t let your employees’ inboxes be the single point of failure. All it takes is one click on a well-doctored email to let an attacker in – but, more hopefully, all it takes is some planning and training to prevent a breach.
Aviatrix’s cloud network security solution offers a feature called AnomalyIQ that helps you spot unusual traffic patterns that could mean phishing has opened up an impersonation attack through email.
At Aviatrix, cybersecurity awareness is part of our everyday culture. In addition to formal annual training on spotting phishing and social engineering tactics, employees are encouraged to proactively share suspicious emails in a public messaging channel—always accompanied by a lighthearted tone that helps reinforce the lesson without inducing fear. For example, a spoofed message might be shared with a tongue-in-cheek comment like, “Sure thing, [executive being impersonated], I’ll grab those gift cards right away!” This approach creates a memorable moment of shared learning, keeps everyone alert, and promotes a security-first mindset across the organization. Our IT team is also promptly notified to investigate and respond.
Trusting but Verifying Identity
Verizon’s 2025 Data Breach Investigation Report found that the most common initial actor vector for data breaches were stolen credentials; they were responsible for 22% of breaches. 88% of basic web application attacks involved the use of stolen credentials. While it can be frustrating to have to review credentials and monitor permissions, credentials are a valuable asset that organizations need to guard jealously.
Aviatrix UserVPN offers a user-friendly way for secure access by helping you manage all VPN users, VPN certificates, and VPN user visibility from one central location.
Resiliency as a Stronghold
In a worst-case scenario, an attacker gets in and takes out your network. Create a last line of defense by storing offline backups that will stay free of malware or ransomware.
Aviatrix’s high availability (HA) gateways offer a way to stay online even if some gateways go down. Our Backup and Restore feature also gives you the ability to back up your data to cloud service provider accounts. To help the recovery process, we offer logging that you can export to external logging services to break down what happened later.
Why Network Security Is Your Last, and Most Important, Line of Defense
In the wake of digital transformation and the rapid shift to remote work, accelerated by the global pandemic, the concept of the traditional network perimeter has all but vanished. Employees no longer sit safely behind corporate firewalls. They access cloud-hosted workloads from home networks, coffee shops, and airports. As a result, the once well-defined boundary between “inside” and “outside” the corporate network has become irrelevant.
This shift in how we work has significantly expanded the threat surface. Today, with the rise of Generative AI and the increasing adoption of Agentic AI systems—autonomous models that interact with multiple cloud services and data sources—the exposure risk is even higher. Large Language Models (LLMs), for instance, tap into data across multiple clouds, often introducing unseen vulnerabilities related to data privacy and control.
Let me share a real-world example. A CISO I know, responsible for security at a large utility provider, once described a breach that changed the way they think about security. Their environment was armed with every best-in-class security tool. But attackers still got in, not through a phishing email or a zero-day exploit, but through a small development environment that had been granted overly permissive access to a production database. That single gap enabled a ransomware group to quietly exfiltrate sensitive data. The lesson? You can have all the tools, alerts, and dashboards, but without proper network controls in place, you are vulnerable.
This illustrates a broader issue. For too long, network security has been treated as a cost center—something that doesn’t directly impact revenue, and therefore, not a strategic priority. Meanwhile, cybercriminals have flipped the equation. They’ve monetized unauthorized access to critical networks. Their operations are agile, well-funded, and often more advanced than the defenses they face. When your attackers treat access as an asset and you treat security as overhead, you’re at a dangerous disadvantage.
There is good news, though. Despite how fast threat actors are evolving, the fundamentals of computer science haven’t changed. Data still moves across networks. What’s changed is that these networks are no longer confined to a data center. They are distributed across multiple clouds, SaaS platforms, edge locations, and user endpoints. To secure this environment, we need distributed firewalls, not centralized ones.
As a leader in secure cloud networking, Aviatrix provides a distributed cloud firewall architecture that enables visibility, control, and security across hybrid and multicloud environments. It embeds security directly into the network data plane, allowing organizations to inspect, segment, encrypt, and enforce policy at every point where data flows—without relying on legacy models or cloud-provider lock-in.
Final Thoughts: Security as Limiting and Neutralizing
Your cloud network security posture is vital to your success as a company. Instead of spending all your time trying to keep attackers out, start by assuming a breach and implementing practical measures to prevent attackers from having any victories to celebrate:
- Establish network-wide visibility and monitoring
- Segment your network to prevent lateral movement
- Implement egress filtering to keep them from smuggling any data out
- Protect network endpoints with comprehensive security policies
- Train employees to recognize phishing scams
- Verify user identity consistently
- Set up a resiliency plan to recover data
- Use distributed firewalls with centralized control
Learn more about how CXOs can secure network data:
- Explore how you can mitigate the risks of shared cloud infrastructure.
- Discover a brief overview of how Aviatrix provides critical visibility.