Cybersecurity Videos

All News Deals Social Blogs Videos Podcasts Digests

Cybersecurity CIO Pulse Enterprise

Inside the Containment Era — Doug Merritt on Why Cloud Security Has to Get Back to First Principles

•May 26, 2026

Techstrong TV (DevOps.com)

Techstrong TV (DevOps.com)•May 26, 2026

Why It Matters

Network containment restores a fundamental security control missing in most cloud estates, directly limiting breach impact and protecting critical business operations.

Key Takeaways

•Cloud network segmentation is the missing control in modern security.
•Aviatrix promotes a “containment era” using ingress/egress filtering per workload.
•Traditional data‑center principles must be re‑applied to multi‑cloud environments.
•Default‑deny for identity contrasts with permissive default network policies.
•Reducing blast radius limits breach impact and supports continuous breach assumptions.

Summary

Doug Merritt, former Splunk CEO and now Aviatrix chief, frames the current security landscape as entering a "containment era." After chronicling Splunk’s growth from a $200 million ARR startup to a $3.2 billion enterprise, he argues that the industry’s focus has shifted from perimeter prevention to rapid detection and, now, runtime containment of compromised workloads in the cloud. He emphasizes that network controls—once a staple of on‑prem data‑center security—have been largely ignored in multi‑cloud deployments. By treating each workload like a submarine compartment, Aviatrix advocates for default‑deny ingress/egress filtering and deterministic communication paths, thereby shrinking the blast radius of any breach. This approach complements identity‑based controls, which already operate on a default‑deny model, and fills the permissive gap left by cloud providers' shared‑responsibility model. Merritt illustrates his point with vivid analogies and real‑world incidents, noting how a breach at a single pod could cascade across thousands of workloads if network segmentation is absent. He cites high‑profile ransomware events at Nike, Jaguar and Tesco to underscore the business disruption caused by uncontrolled lateral movement. Aviatrix’s solution bundles firewall‑like micro‑segmentation, NAT, IDS/IPS, and policy enforcement into a unified software‑defined networking layer for AWS, GCP, Azure, and OCI. The implication for enterprises is clear: without granular network containment, even the most sophisticated identity and endpoint defenses are insufficient. Organizations must adopt Aviatrix’s first‑principles framework to enforce per‑workload policies, limit blast radius, and assume continuous breach—a shift that could dramatically reduce downtime, ransom payouts, and reputational damage.

Original Description

In this episode of TechStrong TV, Alan Shimel sits down with Doug Merritt — Chairman, CEO and President of Aviatrix and former CEO of Splunk — for a wide-ranging conversation about why the next era of cybersecurity has to be the containment era, and what cloud-first enterprises need to do about it right now.

Doug walks through his journey from scaling Splunk from $200M to $3.2B in ARR by leading the industry into the detect-and-respond era, to landing at Aviatrix in 2023 and pivoting the company from multi-cloud networking pioneer to a runtime containment platform for the cloud. He explains why the network — long forgotten in cloud architectures — has quietly become the most important cyber control point, and why "the OSI seven-layer model still works" even in a world of MCP servers, agentic AI and autonomous attacks.

The core idea: stop optimizing only for detection and start optimizing for blast radius. Doug breaks down why every workload — VMs, containers, serverless functions, PaaS and SaaS calls — needs ingress/egress inspection and a default-deny posture, why micro-segmentation finally becomes possible thanks to AI and intent-based policy, and how Aviatrix's distributed policy enforcement, intent-based language ("dev should never talk to prod") and deep cloud-native integration are bringing first-principles network security back to the cloud.

Alan and Doug also dig into the new attacker reality — AI-driven vulnerability discovery, autonomous lateral movement, and the Tesco / Jaguar-style ransomware blast radius that boards can no longer ignore — and why Doug believes "breaches will become the new norm," making containment the single most important investment for any modern security program.

A must-watch for CISOs, cloud architects, platform engineers and anyone running mission-critical workloads in AWS, Azure, GCP or OCI.

Chapters:

00:00 Introduction

00:30 Doug's journey at Splunk and the detect-and-respond era

03:00 Joining Aviatrix and the pivot to runtime containment

06:00 Who is Aviatrix and the Threat Research Center

08:00 What is the containment era?

11:00 Blast radius and default-deny as the new mental model

13:00 Why network security got forgotten in the cloud

15:30 Assume continuous breach — Jaguar, Tesco and AI-driven attackers

18:00 Inside the Aviatrix architecture — distributed enforcement and intent-based policy

21:00 Why AI finally makes micro-segmentation practical

22:30 Closing thoughts — blast radius as a board metric

Guest: Doug Merritt, Chairman, CEO and President, Aviatrix — https://aviatrix.ai

Host: Alan Shimel, TechStrong Group

Subscribe to TechStrong TV for more conversations with the leaders shaping DevOps, cybersecurity, AI, and cloud-native technology.

#Aviatrix #CloudSecurity #ZeroTrust #Microsegmentation #AISecurity

Comments

Want to join the conversation?

Loading comments...