Blog
/
Illumio Products

Integrating Visibility and Rule Creation for Efficient Workload Security

Christer Swartz
Solutions Marketing Director
April 8, 2022
23 min. read

Workload security has two broad requirements: visibility and enforcement. Organizations need to be able to see what's going on between workloads across the entire hybrid cloud fabric, then take that information to determine what types of traffic should and shouldn't be permitted between workloads. These capabilities are essential to accurately defining a workload-to-workload policy model for Zero Trust Segmentation.

With the latest release of Illumio Core, we provide a streamlined workflow for visibility and rule creation using Illumio Explorer — making it far easier to create a scalable and automated workload policy model.

What is Explorer?

The Explorer feature allows authorized users to search a historical traffic and events database to see:

  • The impact of policies and rules on application groups and workloads
  • Workload-to-workload traffic that’s allowed, blocked and potentially blocked

Because Illumio's policy model is independent of the underlying network and cloud fabric constructs, Explorer displays all workloads across your entire IT infrastructure. Labels are applied to workloads to describe functionality, such as a "database" workload, and make it easy to group workloads based on business functions. Explorer shows exactly what traffic is active between all workloads across all functions.

For example, in a brownfield environment, new IP addresses will often appear and change dynamically, which Explorer displays dynamically. As workloads are added, deleted or changed, these events will be visible in Explorer along with the active flows between workloads.

Now, users can select flows and define rules for those flows from the same view within Explorer.

How to create rules directly within Explorer

A streamlined workflow is necessary to achieve an efficient operational model. Jumping back and forth between visibility workflows and rule creation workflows is time-consuming and increases the possibility of human error. The weakest link in any security model is a human typing on a keyboard — the fewer opportunities for human error, the better the chance of success in defining the correct policy model.

In addition to security architects defining policies, your workload security tool should be able to automatically determine the scope and existing rulesets to which any new rule can be added. If this isn’t possible, security administrators should be able to modify the scope and create any new rule as needed, directly from within the workload visibility workflow.

With our latest release of Illumio Core, all these tasks can be achieved from within Explorer, eliminating the need to perform each in a different workflow. From within the Draft mode in Explorer, all connections are aggregated by labels in the “Label-Based Connections” view, as shown here:

Illumio Explorer label-based connections

From this Explorer view, a security administrator can select specific connections and either add them to existing scopes or create new ones. A new button has been added to the Explorer Draft mode, “Allow Selected Connections," which enables the Illumio Policy Compute Engine (PCE) to recommend scopes to which selected connections can be added:

Illumio Explorer proposed rules



If a security administrator doesn't want to use any of the suggested scopes, they can add rules to the ruleset and modify them as needed:

Illumio Explorer add rules



Once the rules are accepted or modified and saved, they're displayed in the main Explorer window:

Illumio Explorer workload rules dashboard

Two workflows, one view: safer, streamlined workload security 

Workload traffic patterns are difficult to discover using tools that reside within the network or cloud fabric. For consistent protection wherever workloads live, whether in the cloud or on-premises, you need a solution that implements visibility and security directly at the workload level.

Illumio's latest innovation in Explorer is an example of our commitment to optimizing user experience and making workload security more efficient and scalable.

Combining visibility and rule creation workflows greatly simplifies the operational tasks of discovering and controlling workload policies, reduces the possibility of human error, and ultimately saves teams time. 

To learn more:

Related topics

Core

Related articles

Little Known Features of Illumio ASP – Broadcast and Multicast Filters
Illumio Products

Little Known Features of Illumio ASP – Broadcast and Multicast Filters

In this edition of the Little Known Features of Illumio ASP series, we highlight broadcast and multicast filters.

Read more
Better Endpoint Protection with CrowdStrike and Illumio Edge
Illumio Products

Better Endpoint Protection with CrowdStrike and Illumio Edge

Illumio Edge, our Zero Trust endpoint solution, is now available via Illumio, as well as in the CrowdStrike Store, activated via the CrowdStrike Falcon agent.

Read more
Fight Ransomware Fast With Enforcement Boundaries
Illumio Products

Fight Ransomware Fast With Enforcement Boundaries

You have two main ways to fight ransomware. You can either be proactive, working to block future attacks. Or you can be reactive, responding to an active breach.

Read more
No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more