Illumio and Wiz: Automatically See, Detect, and Contain Cloud Attacks

Cloud risks are only getting worse. Based on recent research from Illumio’s Cloud Security Index 2023, 47 percent of all data breaches originated in the cloud in the last two years alone. 6 in 10 IT and security leaders believe cloud security is lacking and poses a severe risk to their business operations.  

CISOs and their security teams must begin thinking differently about cloud security. Attacks are inevitable – it’s time to put modern cloud security strategies in place that both proactively secure and reactively contain breaches and ransomware attacks.

That’s why the Wiz and Illumio have partnered to combine threat detection and Zero Trust Segmentation as part of their Zero Trust architecture. With the Wiz Cloud Security Platform and Illumio CloudSecure integration, organizations can automatically close security gaps and contain active attacks.

See, detect, and contain cloud cyberattacks – all in one integration

Organizations are managing hybrid, multi-cloud environments that are complex and ever changing. At the same time, attackers are increasingly sophisticated, especially with the help of AI and ML to generate attacks. This combination means it’s no longer sufficient for security teams to wait to manually address threats, vulnerabilities, or misconfigurations when they’re detected.  

If attackers are automating breaches and ransomware, security teams should also automate their processes.

The joint integration between Wiz and Illumio streamlines cloud security, offering a single integration that will automatically see, detect, and address cloud misconfigurations, vulnerabilities, and active attacks.  

The Wiz Cloud Security Platform scans resources for vulnerabilities and other issues. If it finds something that’s critical, it will share this information with Illumio CloudSecure. In response, Illumio CloudSecure will automatically apply security policy to close security gaps and reduce risk before malicious actors can exploit them. This means organizations can implement granular segmentation controls based on real-time threat intelligence, minimizing the attack surface and automatically containing potential breaches. 

With the joint integration, security teams gain benefits like:

• Complete visibility across hybrid, multi-cloud environments: You can’t secure what you can’t see – and that’s especially true in the cloud where instances are constantly spinning up and down. By getting end-to-end visibility across cloud, endpoint, and data center environments, security teams get deeper insights into network traffic and communications. They can then use this information to apply proactive, granular segmentation controls that fit their infrastructure’s unique needs.
• Better vulnerability management: Add network traffic flow telemetry to threat detection to have a better view of security gaps and a quicker response to vulnerabilities.  
• Faster breach containment: Don’t wait on a manual response to Wiz’s real-time threat intelligence. Illumio CloudSecure uses Wiz’s data to automatically deploy granular segmentation controls that minimize the attack surface and contain attacks.

How does the Illumio and Wiz integration work?

Wiz will scan cloud resources for vulnerabilities and other issues. And when it finds something that's of critical nature, it applies an AWS or Azure tag to that resource. 

Illumio CloudSecure will then import that tag and map it to an Illumio label. If a tag is marked as a “vulnerability,” it will trigger Illumio to map “vulnerability” to an Illumio label and apply policy based on that label to isolate the device.  

Security teams can then use Illumio to create deny rules anytime a “vulnerability” label gets applied to a host. These deny rules will kick in and isolate that workload from, for example, being able to connect via HTTP or SSH to anything else. 

The integration between Illumio and Wiz enables organizations to proactively streamline vulnerability management and breach containment in the cloud, significantly improving cyber resilience.

Zero Trust Segmentation is a backstop to threat detection

Traditional network security models rely heavily on perimeter defenses, such as firewalls, to protect against external threats. However, these defenses are not enough to secure today’s complex environments, and modern cyberattacks oftentimes bypass these defenses.  

Zero Trust Segmentation (ZTS) takes a different approach by assuming attacks will inevitably happen. Instead of assuming all attacks can be prevented, ZTS allows security teams to prepare for potential breaches and continuously improve security as the threat landscape changes. ZTS employs granular security policies and segmentation to stop attackers from being able to move laterally within the network. By segmenting the network into smaller, isolated zones and enforcing security policies based on the principle of least privilege, ZTS reduces the attack surface and limits the impact of potential breaches.  

In this context, ZTS is a backstop to threat detection platforms like Wiz by containing and isolating any threats that manage to penetrate the network perimeter or evade other security measures. Even if a threat manages to infiltrate one segment of the network, it will face additional barriers when it tries to move laterally to other segments.

ZTS also complements threat detection capabilities by providing additional context for security alerts. By correlating network traffic with segmentation policies, security teams can better distinguish between legitimate activities and potential threats. This contextual information enhances the accuracy of threat detection and allows security teams to prioritize their response efforts more effectively.

Take a test drive of Illumio free for 30 days. Start your free trial now.