Sight is one of the five human senses that is too easily taken for granted. Sure, we use it to great advantage by processing spatial relationships around us and seeing the faces of friends and loved ones. But why is it that so many of us can admit to squandering the gift of sight – as we stare at our jumbo television screens watching “reality” TV shows?
When it comes to information security, the one sense that is universally lacking is sight – visibility, to be more specific. Enterprises can’t easily see their application traffic, which prevents them from being able to understand where the application is and what it is interacting with. All of this makes applying effective security extremely difficult, especially in light of the dynamic changes occurring in today’s data centers and cloud infrastructures.
The closest thing to visibility involves poring through mountains of NetFlow data gathered from routers and switches in the data center, but this only creates a motionless snapshot in time. This is because the application and associated workloads (e.g., physical servers, virtual machines) have either been moved, turned off, or new compute instances have been added to meet demand. In addition, the effort to collect this information doesn’t reveal enough context to fully understand the interactions between workloads.
Enterprises need help on the inside – to discover, define and defend their data center and cloud workloads.
The Illumio Adaptive Security Platform (ASP)™ secures enterprise applications in data centers and private, public, or hybrid environments by decoupling security from the underlying infrastructure. A key capability of Illumio ASP is Illumination, which helps enterprises understand and visualize their applications and workload relationships. With a unified application-centric view, security administrators get complete visibility of traffic flows across their complex and distributed applications.
Virtual Enforcement Nodes (VENs) act like antennas on workloads and transmit contextual information to a Policy Compute Engine (PCE). Telemetry information of the workload (e.g., hostname, location, OS, uptime, interfaces, open ports, processes, connections) is collected by the PCE. Since the PCE continually gathers this information from every VEN, it has an extraordinary view of every workload interaction occurring in the application – the North-South and East-West traffic. The PCE builds a graph of workloads and their dependencies, and presents it as an interactive map in Illumination.
Enterprise applications and workloads as seen with Illumination. Arrows show live traffic flows between workloads located in the on-premises data center and Amazon Web Services.
Applications are discovered and each workload is uniquely identified using multi-dimensional labels. This enables Illumination to visually convey a clear understanding of the arrangement of the application’s interrelated parts, or its topology.
Directional traffic arrows in Illumination use colors representing discovered flows (grey), flows authorized by policies (green), and blocked flows (red). Clicking on a traffic flow immediately displays details for that particular flow, along with a rule creation wizard. Using the wizard, an administrator is able to quickly build and test security policies. Depending on the policy enforcement state, the PCE computes the optimal rules and tells the VEN to program native security controls on each associated workload.
When policies are enforced on the individual workloads, Illumination visually alerts administrators of any anomalous traffic or policy violations. This helps focus their investigation to determine if a legitimate flow was inadvertently blocked, if a workload was accidently placed in the wrong environment, or if a workload is behaving badly – such as performing reconnaissance on other systems in the data center.
HOW CUSTOMERS USE ILLUMINATION
Here are several ways Illumio customers are currently using Illumination within their security, infrastructure, and DevOps organizations:
- Containing attacks – Realizing attacks are capable of penetrating legacy perimeter security, customers use Illumio ASP to automatically stop and contain cyber attacks. Illumination shows all blocked traffic and aids administrators with remediation efforts by allowing them to easily drag and drop suspected systems into quarantine.
- Data center consolidations – Facing M&A activities, customers use Illumination to discover new (and undocumented) applications so that they can understand workload interactions and secure those systems prior to migration. The security policies are attached to the workloads and migrate with them to their new location.
- Eliminating application outages – Top of mind for developers are concerns that security control changes might lead to an outage. Customers use Illumination to easily build and test accurate security policies without breaking applications or causing an outage. Once they’ve identified all necessary application processes and traffic flows, they confidently enforce security policies in Illumination with a couple of clicks.
- Meeting compliance – Customers use Illumination to fully grasp the scope of their regulated environments, including cardholder data environments (CDE) for PCI DSS compliance. Illumination delivers live visibility of all system components and traffic connecting to/from the CDE, allowing administrators to apply fine-grained security rules that automatically block all unauthorized traffic.
To break out of the darkness, see Illumination in action for yourself.
STOPPING THE SPREAD OF ATTACKS: Find out how to use Illumio ASP to stop the spread of attacks within data centers and clouds.
SECURELY CONSOLIDATING DATA CENTERS: See how Illumio ASP helps you discover application interactions and apply security before, during, and after location moves.
To go deeper, read this whitepaper to see an example of how to gain visibility behind your firewall.