Cybersecurity unicorn Illumio today said it closed a $225 million Series F funding round that pushed its valuation to $2.75 billion.

The late-stage funding, led by Thoma Bravo with support from Franklin Templeton, funds managed by Hamilton Lane, and Blue Owl Capital division Owl Rock, brings the segmentation pioneer’s total raised to $557.5 million, and it gives Illumio founder and CEO Andrew Rubin plenty of new capital to spread the gospel of zero trust.

There’s too much confusion around zero trust, and it will likely get worse before it gets better, Rubin said. “I actually think is more confusion now than there’s ever been, and it’s being driven by two things,” he added. “One, everybody is talking about zero trust for the first time. Literally everyone — all the way to the president of the United States.”

In fact, U.S. President Joe Biden’s recent executive order on cybersecurity requires federal agencies adopt several best practices including zero-trust frameworks. Rubin led a team that contributed to the mandate’s zero-trust language.

“And to just to acknowledge the reality: Every cyber vendor is now a zero-trust cyber vendor, at least on their website,” Rubin continued. “So there is a lot of confusion about this relatively new thing that all of a sudden everybody’s talking about.”

However, there is a “real definition” of zero trust, and it’s pretty simple to understand, Rubin said: “It is a mindset of assume breach. That’s the core, foundational principle of zero trust. It doesn’t say assume breach of your servers, or assume breach of your endpoints, or assume breach of your clouds. It means assume breach of everything, and then build a security architecture or strategy and a framework off of that assumption.”

In other words, zero trust is not a single product or technology. But it does have some key enabling technologies, and segmentation is one of them.

“Segmenting your networks is a core pillar of zero trust, and you can’t look somebody in the eye and say you’re running a zero-trust security mindset, architecture, and framework, but you don’t have a segmented network,” Rubin said. “And so for us what we say to our customers very openly is: We’re a step on your zero-trust journey, but we’re a very big step, as opposed to a very small step, and that’s where segmentation and zero trust collide.”

Segmentation, or microsegmenation, enables fine-grained security policies to be assigned to applications. The approach improves network security by integrating it directly into a virtualized or containerized workload without requiring a hardware-based firewall. It reduces a company’s attack surface by essentially sealing off applications from the rest of the network, thus preventing an attacker from gaining access to the wider system.

While security wasn’t a well-known use case for the technology when Illumio launched in late 2014, segmentation has since become an essential tool in an organization’s security arsenal, and, more recently, in developing a zero-trust framework.

Illumio’s segmentation technology originally focused on data center workloads. It added cloud and container support a couple years ago, and last year it extended segmentation to individual application instances and endpoints via its Illumio Edge product.

Today, several Fortune 100 companies and hundreds of global enterprises use Illumio’s software-as-a-service (SaaS) platform, including the three top enterprise SaaS companies, five of the leading insurance companies, and six of the 10 biggest banks in the world, the company claims.

Illumio will use the latest investment to “significantly ramp” its go-to-market efforts, Rubin said. “And that’s all go to market, it’s not just hiring more salespeople.” This also includes hiring more engineers, customer success reps, support teams, and marketers, as well as investing in channel, managed security services provider, and systems integrator partners.

The vendor will also get to work on product enhancements: “We’re also building and continuing to innovate on adjacencies or extensions of the platform,” Rubin said.

But even more important than Illumio’s $225 million funding round is that cybersecurity spending hit $173 billion last year, meanwhile we suffered the worst events in U.S. history, Rubin said.

“In the last 180 days, we’ve watched SolarWinds, we’ve watched Microsoft Exchange, we’ve seen JBS and Colonial,” he said. “We’ve watch breaches for the first time go beyond data or a cyber incident and have a physical-world impact. Something’s got to change. We can’t just spend all that money on detection and assume we’re gonna catch everything, because the math no longer works.”

This requires a new mindset in how we approach security, and one that assumes a breach will happen. “We are going to get breached, it’s going to happen again after that. Our job is to try and prevent as much as possible and avoid catastrophe when it happens, but to say that second part of that sentence you have to acknowledge that it’s going to happen in the first place.”

Rubin said he believes we’re getting closer to that tipping point. “I think having a strong voice from the White House, watching the lines at gas stations [following the Colonial Pipelines ransomware attack], physical-world impacts that real people have to deal with gets us closer,” he said. “But until we’re all the way there, I don't think we’ve gone far enough.”