/
Partners & Integrations

Illumio for Microsoft Azure Firewall Brings Benefits of Zero Trust Segmentation to Azure Firewall

Illumio collaborated with Microsoft to add microsegmentation support for Microsoft Azure Firewall which is now in Public Preview. You can sign up for the Public Preview by emailing [email protected] or via the Azure Marketplace listing.

Illumio for Azure Firewall helps Azure customers enforce Zero Trust Segmentation and go beyond network and application filtering. It helps the firewall operations teams understand rules with rich context of the resources they are protecting. With rich context, administrators can easily determine which resource is secured by the rule, who owns it, and perform rule lifecycle management more confidently.

With Illumio for Azure Firewall, you can:

  • Use Azure resource tags to define firewall rules: Policy is easier to define, easier to understand, and security remains consistent even as resources come and go
  • Improve your understanding of how resources are communicating: Enriching Azure Firewall flow logs with resource tags to build a dependency map provides a clear picture of how resources interact
  • Safely test Azure Firewall rules before deploying: The wrong policy can leave you over-exposed or break a critical application, so the ability to validate the effect of new rules prior to deployment reduces these risks

Simplifying Zero Trust Segmentation using Illumio for Azure Firewall

Illumio for Azure Firewall uses the Azure cloud platform to secure connectivity between resources across your Azure virtual networks and at your Azure perimeter.

"Illumio for Azure Firewall is a modern and efficient approach to traditional firewall management. It brings native public cloud metadata into rule management. Traffic visualization now informs traffic management, and this might change the way we operate so that we open only required and more specific ports for designated traffic."

– Markus Lintuala and Mika Vilpo, Elisa

Reference resources without depending on the underlying infrastructure

While IP addresses and hostnames are important properties of a network’s infrastructure, and are utilized to apply Firewall policy, they have limited relevance in the cloud – especially because the ephemeral and dynamic nature of many cloud resources cause them to change constantly.

Illumio for Azure Firewall integrates with the Azure Resource Manager to ingest Azure resources and their tags. Resources are mapped to workloads in Illumio for Azure Firewall, and their tags are mapped to respective labels associated with each workload. This ensures that there is a one-to-one mapping between the representation of a resource and its metadata in Azure and its associated workload and labels in Illumio.

illumio-illumination-map
Illumio's Illumination map

Using this context-based approach, customers can leverage the insights they now have to build the most appropriate, least-privilege security policy to protect their Azure resources. Illumio for Azure Firewall allows the security rules on the Azure Firewall to be constructed using the same context that informs and enriches the flow data.

Representing firewall rules in the context of the resources they are protecting makes it much easier to understand rules. By doing so, customers will significantly improve the policy life cycle management process. This, in turn, simplifies conversations around ownership, relevance, and validity.

To be truly useful, the security policy itself must also adapt to ensure that at any point in time access is granted to only those resources that match the context specified in the rule. This requirement for adaptive policy is one that Illumio has solved for customers with its data center and endpoint products for years and now brings to Azure Firewall – the context-based policy is dynamic in nature, just like your Azure deployment, constantly adapting to accommodate the changes in your resources and their context.

illumio-rule-writing
Illumio rule writing

Simulate security policy – don’t break applications

With context-based visibility and security policy, two of the key pillars of achieving a Zero Trust posture are in place. But often organizations struggle to apply least-privilege policy because they are concerned about breaking critical applications.

Illumio for Azure Firewall has this covered.

Through its draft policy mode, security teams can validate the outcome of their security policies before moving them to full enforcement. Simulation mode enables users to evaluate actual traffic flowing through the firewall that would have been blocked if enforcement and traffic were allowed based on policy.

This simulation mode analysis lets customers achieve a safe, predictable way to constantly improve their security posture by:

  • Highlighting previously unknown or forgotten connections
  • Identifying potentially missed policy
  • Enabling a review of policy to confirm that an application will not break with policy enforcement
illumio-flows-map
Illumio Illumination with flows

And once you’re confident in the policy, you can deploy it to your Azure Firewalls directly from the Illumio for Azure Firewall console and feel confident that you have taken another step on your Zero Trust journey.

Easily enforce Zero Trust security on any Azure Firewall

By bringing capabilities to Azure Firewall, Illumio:

  • Simplifies visibility of any communication across your Azure Firewall environment
  • Eases authoring of security rules that automatically adapt with your Azure deployment
  • Ensures safe and simple policy simulation to expose the effect of rules before they’re enforced
  • Enables achievement and maintenance of least-privilege access on the Azure Firewall

“We are excited to see Illumio for Azure Firewall reach Public Preview. The product provides a huge productivity boost and enables us to achieve Zero Trust firewall policy quickly, easily, and at scale.”

— Robert Smit, Azure MVP

Learn more about Illumio for Azure Firewall Public Preview.

Watch this video about how Illumio's partnership with Microsoft is innovating Azure network security.

Or contact Illumio at [email protected].

Related topics

No items found.

Related articles

Balancing Security and User Experience with Illumio and F5
Partners & Integrations

Balancing Security and User Experience with Illumio and F5

Learn how to extract additional value from BIG-IP application delivery services with Illumio and F5.

Illumio Integrates with Splunk to Improve Security Operations Response Time
Partners & Integrations

Illumio Integrates with Splunk to Improve Security Operations Response Time

Illumio adaptive micro-segmentation technology is quickly becoming a foundational part of the security stack and an essential tool to protect applications running in data center and cloud environments.

Get Simplified Automation with Illumio Single Sign-On for the Microsoft Azure Active Directory App
Partners & Integrations

Get Simplified Automation with Illumio Single Sign-On for the Microsoft Azure Active Directory App

Get Illumio's SSO app for a simple, convenient, and secure way for organizations to manage user access to the Illumio PCE.

Illumio Zero Trust Segmentation Delivers Provable Risk Reduction and ROI
Zero Trust Segmentation

Illumio Zero Trust Segmentation Delivers Provable Risk Reduction and ROI

Read how Illumio Zero Trust Segmentation delivers 111% ROI based on the new Forrester TEI study.

How Brooks Uses Illumio to Stop Ransomware from Running Rampant
Ransomware Containment

How Brooks Uses Illumio to Stop Ransomware from Running Rampant

See why Brooks chose Illumio Zero Trust Segmentation to ensure reliability for their retail and ecommerce businesses.

10 Biggest Moments From Illumio’s Biggest Year
Zero Trust Segmentation

10 Biggest Moments From Illumio’s Biggest Year

Read the highlights from Illumio's most successful year as the 10th year in the company's history begins.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?