Adaptive Segmentationmicro-segmentation December 3, 2021

Cloud Traffic Monitoring and Control Made Better

Anders Viden, Senior Director, Product Management

With Illumio Core, Illumio is the acknowledged leader in Zero Trust segmentation for on-premises data centers and systems.

Illumio Core is an easy, fast and proven micro-segmentation solution that delivers intelligent visibility, a radically simple policy creation engine, and automated segmentation and enforcement in minutes.

But as co-founder and CTO PJ Kirner points out in his interview on the launch of Illumio CloudSecure, many organizations dangerously underestimate the risks from their multi-cloud and hybrid digital infrastructure, as well as their responsibilities for maintaining secure cloud operations.

And that's why we built CloudSecure. Thanks to key innovations, Illumio has brought the industry-leading security capabilities of Illumio Core to the cloud.

Flow telemetry without agents

While Illumio Core uses agents to gather flow information about application communications, it isn't viable to use agents for collecting traffic telemetry in public clouds.

So CloudSecure gathers public cloud traffic data without agents by using API connections to such sources as Amazon S3 buckets.

Using APIs, CloudSecure collects telemetry from many sources beyond applications. Because CloudSecure is infrastructure agnostic, it can provide real-time visibility into traffic flows for load balancers and firewalls, as well as the many — and growing — as-a-service offerings from cloud vendors, such as lambda functions, Kubernetes as a service, database as a service, even AI as a service.

Real-time visibility not available in CSPM tools

A big part of cloud security is making sure your accounts are configured properly. That’s the job of cloud security posture management (CSPM) tools. They’re designed to identify misconfiguration issues and compliance risks in the cloud. And that’s very important to know. CSPMs tells you what could happen.

But CSPM tools can't tell you what is happening right now in your cloud. And they can't tell you what has happened in the past. CloudSecure can.

CloudSecure captures application and other traffic data in real time while preserving that telemetry for security forensics or other tasks.

And the Illumio application dependency map provides this visibility across all your cloud accounts, not per account. It’s a single view showing historical and real-time flow data — no siloed views here.

multi-cloud visibility

A single platform to manage all your security groups in the cloud

Comprehensive visibility is important. And no solution in the market provides visibility the way Illumio does. But the next step after seeing what’s happening is controlling what’s happening — that means policy enforcement, regardless of workload or infrastructure.

Many cloud customers distribute security to individual business groups. Responsibility is spread out, with no centralized way to view and manage cloud security groups.

With CloudSecure, you have a single interface for determining security policy and reducing risk exposure.

After CloudSecure has analyzed your traffic, it will provide policy recommendations to loosen or tighten rules.

CloudSecure offers a dashboard that shows all security groups and policy recommendations across accounts and providers. Through the dashboard, you can go rule by rule and turn recommendations on or off.

An approval workflow ensures that all rules get a “thumbs up” before they’re applied. This allows you to do progressive enforcement, while seeing the real-time impact of policies group by group.

See your risk exposure in the cloud

With CloudSecure's intuitive dashboard, you can drill into how each rule is applied and where it's attached to various objects.

You can also understand the risk exposure for each of your security groups based on our recommendations. For example, you may have a rule that allows access to an entire subnet, when in fact, the business only requires communication between two hosts.

So, you could reduce that exposure by applying two rules individually for those hosts and the necessary port rather than an entire subnet.

Initially, many security organizations make rules too broad because they're not sure what needs to communicate between clouds and on-premises systems. But they never circle back to reduce the scope.

CloudSecure's rule recommendation engine reduces your open communication pathways to only what is absolutely required based on the observed traffic.

The traffic telemetry and metadata that CloudSecure gathers offer organizations a holistic view across public cloud vendors and accounts — providing a unified view of your hybrid cloud traffic that both your security and IT teams will love.

Learn more and see a demo of how Illumio CloudSecure can help your organization gain the necessary visibility and control to bring complete cloud security to your organization.

Adaptive Segmentationmicro-segmentation
Share this post: