Illumio Blog
October 25, 2017

Extending Illumio to Protect Critical Regulated Environments

Ram Duggirala,

In 2014, Illumio revolutionized micro-segmentation by introducing the Adaptive Security Platform (ASP) with distributed, host-based enforcement that includes real-time visibility and security for all data center and cloud computing environments. As our solution and our customers mature, we’ve seen Illumio extending into new areas, many of which are critical regulated environments with legacy operating systems like IBM AIX and Oracle Solaris at their core.

ill-blog_hero_image_AIX_Solaris_Release_v1.jpg

VEN AND NOW

One of the key components of the Illumio solution is the Virtual Enforcement Node (VEN), which is installed in the workload (a.k.a. operating system) and plays an important role in collecting context about communications between application components and receiving instructions from the Policy Compute Engine (PCE) to enforce micro-segmentation policy. That policy is enforced using the native OS firewall and, since launch in 2014, we have supported Windows Filtering Platform in Windows Server and iptables in Linux.

Customers deploy Illumio ASP to segment and control communications between applications, reduce the attack surface, and restrict the possibility of threats moving laterally across their environments. We see that customers increasingly want to use Illumio’s micro-segmentation to address more and more use cases to protect critical environments.

In many of these environments, we see of a mix of OSs that include not only the typical Windows and Linux servers, but also legacy operating systems like AIX and Solaris. These legacy OSs oftentimes are running critical services found in environments that are regulated – where customers need to meet compliance requirements, such as HITRUST, PCI, and GDPR.

Another such critical environment that falls under regulation is SWIFT. Found in many financial institutions, SWIFT environments are used to pass financial messages between banks, depositories, and other financial entities. With this essential role, properly functioning, secure operation of these environments is crucial to all SWIFT members. Since SWIFT gained traction in 1990s when bare-metal servers were the norm, many of our customers have IBM AIX and Oracle Solaris workloads running in SWIFT environments.

Learn more about Illumio's recommended best practices for securing SWIFT in this blog post from Nathaniel Gleicher. 

INTRODUCING SUPPORT FOR IBM AIX AND ORACLE SOLARIS

We’re excited to introduce VENs for IBM AIX and Oracle Solaris, providing full visibility and native enforcement of micro-segmentation policy to help customers protect more critical applications and meet compliance requirements for environments with these operating systems. The VEN on these systems is a lean agent that delivers security using the existing IPFilter module inside AIX and Solaris. The VEN provides workload context and receives instructions from the PCE, which it uses to program IPFilter to enforce micro-segmentation rules.

The 17.1.0 VEN is now available for the following versions of AIX and Solaris:

AIX 6.1 Technology Level 9 (64-bit)
AIX 6.1 Technology Level 9 (64-bit)
AIX 6.1 Technology Level 9 (64-bit)

Solaris-11.3 SPARC (64 bit)
Solaris-11.3 SPARC (64 bit)
Solaris-11.3 SPARC (64 bit)

Topics: Adaptive Security, micro-segmentation

Share this post: