Adaptive Segmentationmicro-segmentation September 22, 2021

How a Leading Machine Tool Distributor Gained Powerful Ransomware Protection With Illumio

Sarah Squires,

Helping to keep the business run smoothly is the job of Hartwig’s IT manager, Tim Francis. Fortifying the U.S. machine tool distributor’s security posture has never been more important for him, especially after seeing others in the industry fall victim to ransomware attacks. With those attacks fresh in his memory, Francis recently redoubled his focus on Zero Trust controls.

In fact, Francis has always been ahead of the curve when it comes to Zero Trust adoption. Long attuned to the philosophy of “never trust, always verify,” Francis years ago implemented user-focused controls that included multifactor authentication and single sign-on. More recently, he explored micro-segmentation — a foundational component of Zero Trust — to keep Hartwig’s servers up and running, and to hold ransomware at bay.

Francis initially explored a well-known hypervisor-based segmentation solution. But he quickly determined it was both too costly — a separate purchase for visualization was required — and insufficient due to compatibility limitations.

Segmentation that's ‘a million times easier’

Instead, Francis selected Illumio Core for Hartwig’s data center segmentation needs. “Illumio Core looked about a million times easier,” he says, “and it was significantly less expensive than the initial vendor.”

Indeed, Francis estimates that Hartwig spent about a quarter of what it would have with the hypervisor-based solution — in both dollars and time. Saving tens of thousands of dollars is no small win.

Illumio Core suited Francis for another important reason: Hartwig’s IT department is tiny, with only two employees. Running a two-person IT shop requires an especially flexible and unified approach to visibility, segmentation and automation. After all, this two-person IT team supports over 200 employees. That includes remote workers spread across 14 U.S. states — representing the greatest risk area for ransomware.

Francis ultimately wanted Zero Trust extended to employee laptops. To do that, he knew he’d need a solution that delivers on two fronts: powerful ransomware protection and simplicity.

Deliberate Deployment

When it came to deploying Illumio Core, Francis took a deliberate approach. He started by using Illumio to understand the connections and flows across his data center.

“The old adage, ‘a picture is worth a thousand words,’ definitely applies,” Francis says. “With Illumio’s map, I get a tremendous amount of insight into our environment and traffic flows. That’s information I need to build our policies.”

Then he began turning off unused services. By shutting associated open ports, he also shut connections that attackers could exploit, significantly reducing Hartwig’s attack surface.

Francis benefited from Illumio Core’s easy-to-understand labeling system, which simplifies visualization and facilitates policy creation. He also discovered that the map makes it easy to craft policies that allow trusted communications only. Francis also took advantage of Illumio Core’s test mode, which lets him model and test policies against existing traffic flows, assessing their impact before enforcing them.

Extending Zero Trust to Endpoints

But things changed with the onset of the COVID-19 pandemic. Due to office closures in early 2020, Hartwig’s largely remote workforce quickly became fully remote. With that change came a new desire — and need — to extend Zero Trust protection to all employee laptops, no matter their location.

The perfect solution seemed out of reach until June 2020. That’s when Illumio announced Illumio Edge, a first-of-its-kind Zero Trust endpoint solution. Illumio Edge ensures that when an employee’s laptop is infected by ransomware, the attack is contained and limited to just that machine.

Although Hartwig’s IT spending is closely monitored, Francis was able to get Illumio Edge approved. After all, Hartwig had already established its trust in Illumio. In addition, company leaders realized they urgently needed ransomware resilience. It also helped that Illumio Edge was the most efficient and economical way to protect the company’s endpoints.

Francis quickly deployed Illumio Edge across all of Hartwig’s employee laptops. The learning curve was short and easy. For example, setting up automated “allowlist” policies was simple: just select the peer-to-peer applications and services that Francis wanted to permit.

Another advantage was that Ilumio Edge, just like Illumio Core, lets Francis test policies before moving them to enforcement. As a result, Hartwig can now not only prevent ransomware from propagating, but also do it without disrupting either employee productivity or business operations. What’s more, all policies now follow the user whether they’re on the network or off. Illumio Edge also lets Francis monitor blocked traffic between endpoints, an effective way to identify potential ransomware.

“With Illumio, we’re doing Zero Trust efficiently, effectively and inexpensively,” Francis says. “I have all endpoints covered, and I couldn’t be happier.”

Download the story and learn more about how Illumio Core and Illumio Edge work.

Adaptive Segmentationmicro-segmentation
Share this post: