Adaptive Segmentationmicro-segmentation September 2, 2020

Simplify and Automate Workload Security with Illumio and Palo Alto Networks

Sam Rastogi,

The shift to the cloud and the evolution of data centers have enabled enterprises to move faster. After all, today’s application workloads are highly dynamic and now, increasingly, everywhere.

Pair that with an ever-evolving threat landscape that capitalizes on an expanding attack surface, and we’re seeing a substantial rise in the number of security breaches and threats that negatively impact businesses.

Today’s enterprises that are experiencing increased risk and security complexity are forced to work overtime to satisfy stringent security requirements, especially when it comes to micro-segmentation and Zero Trust.

To address these challenges, businesses need a simple and automated approach to deliver robust security that continually updates as dynamic workloads move across on-prem data centers and multi-cloud environments.


That’s why Illumio and Palo Alto Networks have integrated Palo Alto Networks Next-Generation Firewalls (NGFW) and Panorama with Illumio Adaptive Security Platform (ASP) software to automate dynamic security changes for workloads inside of Palo Alto Networks Dynamic Address Groups (DAGs). This means that our joint customers can streamline PAN-OS policy management and reduce manual change control tasks in order to continually update their security policies with real-time context for dynamic workloads.

Key benefits of this new integration include:

  • Comprehensive Application and Workload Visibility, which allows you to see everything across your application flows and workloads. This provides a single source of truth to enable intelligent policy management for dynamic workloads across Palo Alto Networks firewalls and Illumio software on hosts.
  • Effective Micro-Segmentation and Zero Trust, through automated policy definition, testing/modeling, provisioning and enforcement. This reduces the attack surface across East-West traffic at the network via Palo Alto Networks firewalls and on the host via Illumio software.
  • Automate Dynamic Security for Workloads, by using Dynamic Address Groups (DAGs) to streamline PAN-OS policy changes (move, add, change, delete) whenever a dynamic workload moves. This reduces complexity by pushing workload telemetry (IPs, Labels, etc.) from the Illumio Policy Compute Engine (PCE) via XML/JSON API into Panorama and Palo Alto Networks firewalls.

With Palo Alto Networks and Illumio, today’s enterprises can implement a simple, highly effective, and automated security solution for comprehensive protection of workloads everywhere. This new integration helps organizations to securely enable data center and hybrid cloud transformation while taking advantage of the best of both worlds – Palo Alto Networks industry-leading Next-Generation Firewalls together with Illumio Adaptive Security Platform (ASP) – for robust network and host-based segmentation to satisfy dynamic security requirements for micro-segmentation and Zero Trust. This integration also helps enterprises to reduce time, human effort and operational complexity to manage and maintain real-time workload security policies in Palo Alto Networks Next-Generation Firewalls and Panorama across on-prem data centers and multi-cloud environments.

For more information on the Palo Alto Networks and Illumio integration, be sure to check out:

Adaptive Segmentationmicro-segmentation
Share this post: