Partners & Integrations

Powerful Security Ops, Powerful Segmentation

Given all the powerful tools an organization can deploy as part of an effective SecOps arsenal, we are left wondering if there can be too much of a good thing.   

To improve security operations of these many tools – and the alerts they generate – SIEMs are what many of us rely on to centrally manage security through a "single pane of glass" as the cliché goes. 

Teams rely on their SIEM for insights from across their entire security posture for a few key reasons. First, they quickly identify serious threats the organization may face. Second, it allows for reduced investigation times in getting the relevant context and detail about attacks. And third, it lets teams respond faster with more automated actions and workflows.   

With this being the case, vendors must offer clean integration with SIEMs to make life easier for security teams.  

For this reason, Illumio has a deep integration with Splunk. Joint customers better understand their security posture and can respond to attacks in a few clicks. The Illumio integration uses intuitive and carefully crafted visualizations so teams can see and understand what is happening in a glance and respond in a click. With Splunk and Illumio, we let teams know what machines may be compromised in the data center or if there is a deficient segmentation policy. 

However, being able to answer these important questions is just the beginning of the benefits of our Splunk integration: 

  • Know where to put valuable team resources: Event alerts plainly highlight the security events that are occurring so teams know what assets may be impacted – and where to respond immediately. 
  • Know if segmentation is secure: Experienced attackers may attempt to tamper with firewalls and segmentation settings to gain access to data. For this reason, we show you how secure your segmentation is by highlighting firewall tampering attempts in iptables or Microsoft WFP (Windows Filtering Platform). This shows you immediately if a server is attempting to gain illegal privileges or bypassing security policies.  
  • See attempted attacks in progress: In an attack, lateral movement is often preceded by port scans. While they are not inherently bad, port scans often indicate someone is conducting reconnaissance to see where they can move internally. Our integration highlights port scans to know immediately that there is suspicious activity indicating an imminent attack. 
  • See what machines are acting suspiciously: Our clear visualization of top blocked traffic by host so you know quickly if a host is being attacked. Additionally, this visualization can also tell you if the host segmentation policy is wrong, resulting in unexpected blocked traffic. 
  • Perfectly thread the needle between business and secops: In one glance, you’ll know about any potentially blocked traffic before pushing policies into enforcement. This means you’ll easily confirm segmentation policies before going live to ensure you do not break the business application you are trying to protect.   
  • Investigate fast: When investigating a workload exhibiting abnormal behavior, you’ll want to immediately discover what the problem is. All workload details, traffic events, and audit events are brought together into a single view, reducing the amount of investigative legwork involved. 
  • Stop attacks in a click: Our integration delivers crisp security visibility in Splunk, but just as importantly, it also allows teams to take action. You can quarantine suspicious workloads that directly from Splunk in a single click.   
  • Create alerts with a few clicks: Creating alerts requires teams to master syslog messages, understand their content, as well as context, deeply and then create regular expressions. With a graphical interface that allows users to create new alert configurations for the most critical Illumio PCE-generated messages, users can quickly leverage alerting from Splunk to help with administering their Illumio deployment.  

We'll take a closer look at the features of our Splunk integration in another blog post, so sit tight. 

To get started with our most recent version, please head to Splunkbase and download: https://splunkbase.splunk.com/app/3658/.

Related topics

No items found.

Related articles

Get Simplified Automation with Illumio Single Sign-On for the Microsoft Azure Active Directory App
Partners & Integrations

Get Simplified Automation with Illumio Single Sign-On for the Microsoft Azure Active Directory App

Get Illumio's SSO app for a simple, convenient, and secure way for organizations to manage user access to the Illumio PCE.

Illumio at Microsoft Ignite 2022: Simple Breach Containment to Protect Azure Assets
Partners & Integrations

Illumio at Microsoft Ignite 2022: Simple Breach Containment to Protect Azure Assets

We’re excited to be at the hybrid Microsoft Ignite 2022 conference on October 12-13.

Illumio Integrates with Splunk to Improve Security Operations Response Time
Partners & Integrations

Illumio Integrates with Splunk to Improve Security Operations Response Time

Illumio adaptive micro-segmentation technology is quickly becoming a foundational part of the security stack and an essential tool to protect applications running in data center and cloud environments.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?