Information security practices are undergoing a transformation. For at least a decade, environments have been becoming less perimeter-centric: Gone are the good old days when in-line controls protected the trusted, safe interior from the "wild west" of the outside. As environments become more complex and externalized, the traditional "perimeter" loses meaning. Moreover, as attackers themselves become more sophisticated, security teams increasingly need to expect that the internal environment is compromised already.