Illumio collaborated with Microsoft to add microsegmentation support for Microsoft Azure Firewall, now in General Availability. Get access now from the Azure Marketplace listing.
Illumio for Microsoft Azure Firewall helps Azure customers enforce Zero Trust Segmentation and go beyond network and application filtering. It helps the firewall operations teams understand rules with rich context of the resources they are protecting. With rich context, administrators can easily determine which resource is secured by the rule, who owns it, and perform rule lifecycle management more confidently.
Reference resources with labels rather than IP addresses
IP addresses and hostnames have traditionally played a vital role in applying firewall policies. However, in the dynamic and ever-changing landscape of the cloud, their relevance is limited. This is primarily due to the constantly shifting nature of cloud resources, rendering IP addresses and hostnames less effective in maintaining robust security measures. This traditional approach to managing firewalls leads to cumbersome processes and limited flexibility.
Illumio for Azure Firewall seamlessly integrates with the Azure Resource Manager, using its capabilities to ingest Azure resources and their corresponding tags. Through this integration, resources are accurately mapped to workloads within Illumio for Azure Firewall, while their tags are linked to the respective labels associated with each workload. This ensures a precise one-to-one mapping between the representation of a resource and its metadata in Azure and its associated workload and labels within Illumio.
Illumio’s context-based policy is inherently dynamic, mirroring the ever-changing nature of your Azure deployment. It continuously adjusts to accommodate changes in resources and their associated context, providing optimal security coverage at all times. By removing the need to rely on IP addresses, security teams can streamline policy management, respond swiftly to evolving security requirements, and build a comprehensive Zero Trust strategy.
Auto provisioning: Quicker cloud migration and faster ROI
As organizations embark on their digital transformation journey, automation and simplicity become key enablers. Illumio's collaboration with Azure Firewall empowers customers to adopt and progress their cloud migration efforts with ease.
With Illumio’s auto provisioning, security policies are automatically applied to new resources and adapt to changes in real-time. This eliminates manual configuration overhead, reduces the risk of misconfigurations, and ensures that security policies cover all the necessary changes within the Azure environment. Embrace automation and simplicity while fortifying your security posture.
Simulate security policy without breaking applications
Deploying new security policies without fully understanding their impact can be a risky endeavor. Organizations often struggle to apply least-privilege policy because they are concerned about breaking critical applications. Illumio for Azure Firewall addresses this challenge with its simulation mode.
Through this draft policy mode, security teams can validate the effectiveness of their security policies before implementing them in full enforcement. The simulation mode within Illumio enables users to assess the actual traffic that would have been blocked if enforcement and traffic were allowed based on policy.
By leveraging this simulation mode analysis, customers gain a secure and predictable approach to continuously enhance their security posture. The simulation mode offers several key benefits:
Highlight previously unknown or forgotten connections: The simulation mode uncovers connections that may have been overlooked or forgotten, shedding light on potential security gaps. This insight allows organizations to proactively address these connections and ensure comprehensive security coverage.
Identify potentially missed policies: By simulating traffic flow, organizations can identify any policies that might have been missed during the initial implementation. This proactive approach enables security teams to fine-tune their policies and prevent potential vulnerabilities from being exploited.
Review policy impact on application stability: Before enforcing a policy, security teams can review its impact on applications to ensure that they will not be disrupted. This capability minimizes the risk of unintentional outages or performance degradation, providing peace of mind and continuity of operations.
Once the policy has been thoroughly reviewed and validated, deploying it to Azure Firewall is seamless with a direct deployment option from the Illumio console. Armed with this knowledge and visual clarity, security teams can confidently fine-tune policies, mitigate risks, and make informed decisions to strengthen their security infrastructure.
Realizing the value of Illumio for Microsoft Azure Firewall
During Public Preview, Illumio's partners experienced firsthand the value and immediate impact of Illumio’s integration with Azure Firewall.
A European digital services organization achieved quick wins with Illumio for Azure Firewall. Their security team was able to quickly self-onboard. Within a few weeks, Illumio helped them meet GDPR compliance requirements by quickly setting up a SaaS cluster with Illumio for Azure Firewall, create and implement firewall rules, and get visibility into their Azure firewalls.
A large financial services organization in the United States validated that they could have leveraged simulation mode from Illumio for Azure Firewall to test the policy they’d built. They also validated that they could use Illumio’s application dependency map to see, troubleshoot, and resolve any issues before ever implementing the policies in their environment. Illumio for Azure Firewall can help security teams ensure they’re deploying policy that doesn’t negatively impact business operations.
Additionally, our partner organizations of every size, regardless of the number of firewalls in their environment, saw benefits with Illumio for Azure Firewall. Whether an organization had a handful of firewalls or a vast network with numerous instances, the integration delivered consistent benefits and addresses the common challenges security teams face when scaling Azure Firewall. Quickly scaling and optimizing Azure Firewall deployments in complex, hybrid infrastructures can get challenging. Illumio helped to fill these gaps by making the deployment process more accessible, faster, and efficient for security teams of any size.
Read a step-by-step tutorial on getting started with Illumio for Micorosft Azure Firewall from the Azure Network Security Blog.