[DigitalToday reporter Chi-gyu Hwang] "In the AI era, zero trust is more important than ever. The era of prevention and detection is over. Now we must move to an era of isolation based on zero trust." Global breach containment specialist Illumio stressed again that microsegmentation should be central to zero-trust security strategies to secure visibility into attackers' movement paths and prevent the spread of breaches, highlighting the risks of 'lateral movement' that has emerged as a challenge in corporate cybersecurity.

Illumio on May 12 held its first media briefing in South Korea and shared its zero-trust security strategy through microsegmentation and plans to target the domestic market.

Attendees included Illumio APAC Vice President Dave Shephard, Chief Evangelist John Kindervag, the founder of zero trust, and Illumio Korea country manager Kyung-yoon Yang (양경윤).

Illumio said the imbalance is deepening between spending on corporate cybersecurity and rising losses from cyberattacks. It said this shows the structural limits of a prevention-first security model focused on stopping all attacks, and underscored the need to focus instead on minimizing damage when defenses fail.

According to the company, the Illumio platform is built on an AI security graph and helps organizations identify and block lateral movement across hybrid and multi-cloud environments. The platform consists of Illumio Insights and Illumio Segmentation.

Kindervag emphasized that isolation is a fundamental element that minimizes damage when breaches occur and enables systems to adapt and improve over time, arguing it moves organizations beyond basic resilience toward antifragility.

He also introduced the widely cited five-step zero-trust methodology. On the methodology, he said it is a practical, iterative approach that South Korean companies can apply regardless of where they are on their zero-trust journey. He said it starts by identifying the most sensitive protect surfaces, or DAAS: data, applications, assets and services, then gradually expands the scope of isolation.

Illumio highlighted that South Korean government policy is also being pursued in a direction that emphasizes zero trust.

On the National Network Security Framework (N2SF), it said the core is to end mandatory network separation for public-sector networks and replace it with a risk-based data classification model aligned with zero-trust principles. It said the policy shift enables the safe adoption of cloud, AI and external services, and is focused in particular on blocking breaches and preventing lateral movement.

On KISA zero-trust guidelines 2.0 updated in December 2024, it said the guidelines introduced a four-stage maturity model and effective implementation guidance to establish zero trust as a concrete operational architecture beyond a conceptual ideal.

It added that strengthened provisions of the Personal Information Protection Act, revised in March 2026 and set to take effect in September, raise the surcharge for personal data leaks from 3 percent of revenue to as much as 10 percent of total revenue. It said the changes also shift ISMS-P certification reviews from formal document checks to an effectiveness-focused approach that verifies whether systems actually operate, further increasing the need for breach isolation. From management's perspective, it added, breach isolation has now become an essential risk management tool, not an option.