Blog
/
Illumio Products

Integrating Visibility and Rule Creation for Efficient Workload Security

Christer Swartz
Solutions Marketing Director
April 8, 2022
23 min. read

Workload security has two broad requirements: visibility and enforcement. Organizations need to be able to see what's going on between workloads across the entire hybrid cloud fabric, then take that information to determine what types of traffic should and shouldn't be permitted between workloads. These capabilities are essential to accurately defining a workload-to-workload policy model for Zero Trust Segmentation.

With the latest release of Illumio Core, we provide a streamlined workflow for visibility and rule creation using Illumio Explorer — making it far easier to create a scalable and automated workload policy model.

What is Explorer?

The Explorer feature allows authorized users to search a historical traffic and events database to see:

  • The impact of policies and rules on application groups and workloads
  • Workload-to-workload traffic that’s allowed, blocked and potentially blocked

Because Illumio's policy model is independent of the underlying network and cloud fabric constructs, Explorer displays all workloads across your entire IT infrastructure. Labels are applied to workloads to describe functionality, such as a "database" workload, and make it easy to group workloads based on business functions. Explorer shows exactly what traffic is active between all workloads across all functions.

For example, in a brownfield environment, new IP addresses will often appear and change dynamically, which Explorer displays dynamically. As workloads are added, deleted or changed, these events will be visible in Explorer along with the active flows between workloads.

Now, users can select flows and define rules for those flows from the same view within Explorer.

How to create rules directly within Explorer

A streamlined workflow is necessary to achieve an efficient operational model. Jumping back and forth between visibility workflows and rule creation workflows is time-consuming and increases the possibility of human error. The weakest link in any security model is a human typing on a keyboard — the fewer opportunities for human error, the better the chance of success in defining the correct policy model.

In addition to security architects defining policies, your workload security tool should be able to automatically determine the scope and existing rulesets to which any new rule can be added. If this isn’t possible, security administrators should be able to modify the scope and create any new rule as needed, directly from within the workload visibility workflow.

With our latest release of Illumio Core, all these tasks can be achieved from within Explorer, eliminating the need to perform each in a different workflow. From within the Draft mode in Explorer, all connections are aggregated by labels in the “Label-Based Connections” view, as shown here:

Illumio Explorer label-based connections

From this Explorer view, a security administrator can select specific connections and either add them to existing scopes or create new ones. A new button has been added to the Explorer Draft mode, “Allow Selected Connections," which enables the Illumio Policy Compute Engine (PCE) to recommend scopes to which selected connections can be added:

Illumio Explorer proposed rules



If a security administrator doesn't want to use any of the suggested scopes, they can add rules to the ruleset and modify them as needed:

Illumio Explorer add rules



Once the rules are accepted or modified and saved, they're displayed in the main Explorer window:

Illumio Explorer workload rules dashboard

Two workflows, one view: safer, streamlined workload security 

Workload traffic patterns are difficult to discover using tools that reside within the network or cloud fabric. For consistent protection wherever workloads live, whether in the cloud or on-premises, you need a solution that implements visibility and security directly at the workload level.

Illumio's latest innovation in Explorer is an example of our commitment to optimizing user experience and making workload security more efficient and scalable.

Combining visibility and rule creation workflows greatly simplifies the operational tasks of discovering and controlling workload policies, reduces the possibility of human error, and ultimately saves teams time. 

To learn more:

Related topics

Core

Related articles

Micro-Segmentation for App Owners: A Deeper Look at Our App Owner View Functionality
Illumio Products

Micro-Segmentation for App Owners: A Deeper Look at Our App Owner View Functionality

A deeper app owner functionality viewpoint, to help understand the benefits of micro-segmentation.

Read more
Enforcement Boundaries: 7 Use Cases Beyond Ransomware
Illumio Products

Enforcement Boundaries: 7 Use Cases Beyond Ransomware

Enforcement Boundaries are the Swiss Army knife of risk reduction. Those famous red tools can do much more than slice some cheese and apple, and Enforcement Boundaries can do much more than just fight ransomware.

Read more
Harnessing Natural Language to Define and Simplify Microsegmentation Policies
Illumio Products

Harnessing Natural Language to Define and Simplify Microsegmentation Policies

Harnessing natural language can reflect how users perceive the resources being protected as well as their attitudes toward security in general.

Read more
No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more