Adaptive Segmentationmicro-segmentation November 6, 2014

New Needs Need New Techniques: The Promise of Adaptive Security

Matthew Glenn,

Before joining Illumio, I had a pretty long career in networking. I was at Xylan, a company that literally wrote the book on switching. After Xylan, I worked at Packet Engines, a Gigabit Ethernet routing switch vendor. Then I worked at Airespace, a company that pioneered the use of algorithms to tune the RF topology of enterprise networks. 

You could say that I was ensconced in a networking “box” mentality. 


When the “box” no longer works

Most recently, I was the vice president of Product Management at McAfee (now Intel Security) in its Network Security business unit. I was constantly thinking about inserting McAfee’s security solutions into customers’ networks. I was specifically interested in the data center, the most strategic part of an enterprise network. 

I became obsessed with how to get traffic into and out of boxes in environments that customers no longer had control over.

The struggle was finding a way to insert the McAfee technology into the data center because the data center was (and continues to be) in the midst of a massive amount of change. Whereas traffic used to be mostly into and out of the data center through a choke point (box), now the majority of traffic was between applications and tiers of applications (east-west traffic). The challenge was how to get the traffic into and out of McAfee’s virtual appliances when there was no obvious choke point.

The problem was becoming even more acute because customers were moving applications, parts of applications, and entire environments into the public cloud with service providers like Rackspace, Amazon, and Azure.

I became obsessed with how to get traffic into and out of boxes in environments that customers no longer had control over.

Because I came from a traditional “choke point” background, I had a hard time seeing any other way of solving the problem.

Even worse: if we could get the product inserted, the customers and I both had questions about the box’s performance and how predictable it would be.

The promise of SDN

Along came the promise of software-defined networking (SDN) as a way for an enterprise to control and, theoretically, segment its network. But I saw several problems with this technology:

  • I couldn’t recall any pervasive tunneling technology in enterprise networks—and SDN requires lots and lots of tunneling.
  • It was (and is) very difficult to troubleshoot.
  • Customers had to own the network. But the customers I was speaking to were interested in moving workloads to public clouds.
  • It wasn’t clear how effectively SDN could scale.
  • Using SDN would then tie an enterprise to one vendor’s hypervisor.

Clearly Pollock was right: “New needs need new techniques.”

Enter Illumio and adaptive security

When I first met Andrew Rubin, co-founder and CEO of Illumio, he put up a single slide that addressed this question. I will never forget it. It was like someone showing a photo from the Hubble Space Telescope to a person who thought the stars were pinholes in the Earth’s atmosphere.


I realized that I had been wrong. I needed to see the world from a different perspective. And I knew I wanted to be part of the team that was going to change the data center security space forever.

At Illumio, it is all about the algorithm—not about the box.

When I was at Airespace, we pioneered RF algorithms to solve the problem of manually tuning access points to find the optimal RF topology of a wireless network.

With the Illumio Adaptive Security Platform (ASP), we have optimized graph algorithms to determine the optimal security policy for a network.

Yes, “new needs need new techniques,” but you can apply old lessons to create new techniques. At Illumio, it is all about the algorithm—not about the box.



Adaptive Segmentationmicro-segmentation
Share this post: