Illumio Products

Little-Known Features of Illumio Core: Analyzing Network Flows With Mesh

In this series, Illumio security experts highlight the lesser known (but no less powerful) features of Illumio Core.

Today’s complex environments require an accurate, easy-to-understand view into network flow data. These kinds of network diagrams help illustrate the overall topology of the network, offering an intuitive layout of network interaction.  

At Illumio, we’re always looking for innovative ways of understanding network communication flows — what existing layers could be stripped back to reveal more granular connections, patterns, and relationships?  

That’s why we’ve developed Mesh visualization to accompany the Illumio Map. In this blog post, learn more about Mesh visualization features and how it can benefit your team.  

Key benefits of Mesh

Mesh shows multiple data dimensions at once so teams can get a clearer picture of how each data point interacts with others in their environment. Here are the advantages Mesh offers:

  1. High-dimensional data representation: A standout strength of Mesh is its ability to portray high-dimensional data. Every dimension manifests as a vertical axis, and data points are visualized as lines that intersect these axes. Mesh visualizes network traffic data that includes  source, destination, port, and processes — all from one view.
  1. Cluster identification: In Mesh, patterns (like clusters or outliers) can emerge when multiple lines follow a similar path across the axes. This can help teams quickly identify certain patterns or anomalies in the network flow data.  
  1. Simple representation: Mesh provides a structured, organized view of traffic flows, especially when the dimensions (or axes) are logically ordered.
  1. Compactness: Mesh can represent a vast amount of data in a compact space by adjusting the spacing and ordering of its axes.
  1. Avoid node-edge overlap: In Mesh, each line represents a data point, and while lines can overlap, they don't have potentially confusing overlapped nodes and edges.
  1. Enhanced data structuring: Mesh methodically places data points along the axes in sequential order, significantly reducing the randomness and clutter seen in node-link diagrams where nodes and links are usually arranged randomly. This neat ordering directly contributes to a crisper, more comprehensible visualization.

Mesh’s 4 axes of insight

With Mesh, you can see multiple axes of insight into your network in a single view, including:

  1. Source and destination processes: These axes depict the senders and receivers in the network traffic scenario, providing insights into the inbound and outbound paths of data.
  1. Source: By indicating the origin of the network traffic, this axis reveals significant information about the starting point of the traffic flow.
  1. Port number: Understand the specific ports through which data flows, highlighting potential vulnerabilities or bottlenecks.
  1. Destination: This axis discloses the culmination point of your network traffic, pinpointing where your data packets end up whether it’s an expected endpoint or not.  

7 ways Mesh delivers personalized network insights

Mesh offers a wealth of features that empower users with complete, granular insights into their endpoints and servers:

1. Instant data insights

Hover over data points to gain immediate, detailed insights without any extra clicks or navigational steps.  

  • Detail on-demand: Extract more information from data points upon hovering.
  • Efficient exploration: Directly interact with data, reducing the need for additional steps.
2. Granular data dive

Dive into deeper layers of data, transitioning from grouped labels down to the granularity of individual IP addresses.

  • Hierarchical exploration: Dive deep into data layers, from grouped labels to individual IP addresses based on the grouping order.
  • Structured navigation: Transition smoothly between overarching views and detailed data segments.  
3. Brushed data focus

Highlight specific intervals on an axis to focus in on and isolate distinct data segments.  

  • Targeted analysis: Isolate specific data ranges to focus on segments you care about.
  • Rapid data reply: Change perspectives with a single interaction by dragging, increasing, or decreasing the length of your range selector.
  • Efficient interactive exploration: Secure your perfect story point, and switch to explore mode for an uninterrupted, reflective review of each traffic flow.
4. Dynamic axis adaptability

Reorder the axes based on user preference, facilitating different perspectives and uncovering new insights.  

  • Discovery potential: Uncover unexpected data patterns through flexible axis arrangements and easily tailor layouts to fit specific analytical needs.
  • Efficiency: Modify views swiftly with drag-and-drop, reducing the need for full restarts.
  • User empowerment: Navigate freely, unbounded by a fixed layout, catering to evolving analytical requirements.
  • Dynamic reporting: Transition visualization in real-time during presentations, addressing queries or emphasizing data nuances.
5. Axis tailoring

Tailor Mesh by removing unnecessary axes, keeping only dimensions that are pertinent to your current exploration.

  • Tailored workflow and interface: Dynamically add or remove axes to suit specific needs while anchoring on the essential source and destination axes, fine-tune to optimally resonate with your preferences.
  • Focused analysis: Specialize and streamline the lens to emphasize crucial data points.
6. Intelligent data ordering

Organize the data based on either tick names or the frequency of connections, allowing for a more intuitive visualization layout.  

  • Prioritized insights: Highlight heavily trafficked connections or specific endpoints.
  • Comparative understanding: Easily identify outliers or commonalities in data.
7. Responsive policy panel

Quickly draft traffic control policies using panel that unveils data connections in tabular format and dynamically updates them based on brushed links.

  • Data-to-action: Seamlessly transition from visualzing connections to implementing policies in a unified interface.
  • Dynamic updates: The table adjusts in real-time based on selected data intervals, ensuring only relevant traffic details are displayed.
  • Quick policy drafting: Expedite the policy creation process, allowing or blocking traffic with ease.

Empower your traffic exploration

Let Mesh illuminate the intricacies of your network flow. Instead of sifting through overwhelming tables or oversimplified graphs, use Mesh to:

  • Uncover hidden patterns in your network flow
  • Rapidly identify outliers or potential security threats
  • Optimize network performance by identifying bottlenecks or overused ports

Contact us today to learn more about getting complete, end-to-end visibility of your entire hybrid attack surface with Illumio.

Related topics

Related articles

Better Endpoint Protection with CrowdStrike and Illumio Edge
Illumio Products

Better Endpoint Protection with CrowdStrike and Illumio Edge

Illumio Edge, our Zero Trust endpoint solution, is now available via Illumio, as well as in the CrowdStrike Store, activated via the CrowdStrike Falcon agent.

Integrating Visibility and Rule Creation for Efficient Workload Security
Illumio Products

Integrating Visibility and Rule Creation for Efficient Workload Security

Workload security has two broad requirements: visibility and enforcement.

Little Known Features of Illumio ASP – Policy Compute Engine Certificate Checks
Illumio Products

Little Known Features of Illumio ASP – Policy Compute Engine Certificate Checks

In this quick series, the Illumio product management team will highlight the lesser known (but no less powerful) features of Illumio ASP.

How an Illumio Engineer is Shaping the Future of Security Visualization
Illumio Products

How an Illumio Engineer is Shaping the Future of Security Visualization

Discussing data breach visualization with Kuhu Gupta, a senior member of technical staff at Illumio, and her research findings on the subject.

Preparing For Zero-Day Exploits Like MOVEit? Get Application Visibility
Cyber Resilience

Preparing For Zero-Day Exploits Like MOVEit? Get Application Visibility

Learn why comprehensive application visibility is essential to prepare for zero-day exploits like MOVEit and how Illumio can help.

Little-Known Features of Illumio Core: SOAR Platforms Integrations
Illumio Products

Little-Known Features of Illumio Core: SOAR Platforms Integrations

Learn how Illumio Core's integrations with third-party SOAR platforms ensures new and unknown malware can't spread through your network.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?