Introducing Illumio Insights — breakthrough AI-powered observability, detection, and containment.
Read more

Experienced a Breach?

|
Contact Us
|
+1 855 426 3983
Lessons from a digital giant: How eBay Achieved Cyber Resilience — Segmenting 3,000 Servers and Never Breaking an AppLessons from a digital giant: How eBay Achieved Cyber Resilience — Segmenting 3,000 Servers and Never Breaking an App

Lessons from a digital giant: How eBay Achieved Cyber Resilience — Segmenting 3,000 Servers and Never Breaking an App

Play Video
 
PLAY VIDEO
 
PLAY VIDEO
Download story
Download THIS story
Solution
No items found.
Industry
Distribution
Environment
Challenge
Stopping lateral movement and enforcing least-privilege access across a hybrid cloud infrastructure
Use cases
Ransomware containment, Critical asset protection, Asset mapping and visibility
Location
Global
Benefits
Segmented over 3,000 servers across 250+ applications; Zero application downtime during rollout; Automated, scalable deployment with dynamic labeling; Enhanced visibility, reduced noise, faster incident response
Share this story

Key benefits

Lessons from a digital giant: How eBay Achieved Cyber Resilience — Segmenting 3,000 Servers and Never Breaking an App
Lessons from a digital giant: How eBay Achieved Cyber Resilience — Segmenting 3,000 Servers and Never Breaking an App
Lessons from a digital giant: How eBay Achieved Cyber Resilience — Segmenting 3,000 Servers and Never Breaking an App
Lessons from a digital giant: How eBay Achieved Cyber Resilience — Segmenting 3,000 Servers and Never Breaking an App

From support desk to security lead

With 134 million active eBay buyers across more than 190 markets, behind this scale is a complex infrastructure spanning thousands of workloads. To stay resilient, eBay needed more than just traditional perimeter defenses. The company needed a new security model built for hybrid environments, dynamic workloads, and constant change.

That model was Zero Trust. And that’s where Brian Hansen — now a senior systems admin at the online retailer— comes in.

“I started out answering phones in customer service,” Brian recalls. “Twenty-three years later, I’m leading a large-scale Illumio deployment protecting over 3,000 servers. Not because I started out as a security expert — but because I said yes.” When his direct manager spearheaded eBay’s push into microsegmentation, a key pillar of Zero Trust, Brian stepped up — despite having no formal background in security. “I had zero security experience. I knew what a firewall was, but that was it,” he says. “But we had the mandate — and the tools — to do it right.”

The challenge: Complexity at cloud speed

With more than 3,000 Windows and Linux servers supporting around 250 unique applications — and about 350 total environments when dev and QA are included — traditional perimeter firewalls were no longer enough. The team needed:

  • Visibility into how applications actually communicate
  • Control to contain threats — even post-breach
  • A rollout that wouldn’t break anything
  • Speed and scale without adding complexity

“We used to play whack-a-mole trying to block every threat,” Brian says. “We had to flip the model to proactively contain and control."

How eBay Rolled Out Segmentation — Safely, Gradually, and at Scale

The journey began with visibility, operating Illumio in observation mode. “For the first few months, we were focused on visibility,” Brian explains. “That helped us build confidence. When we saw what traffic was flowing — and what shouldn’t be — we could act without fear.”

Armed with real-time traffic maps, they moved to policy enforcement in stages. Grouping servers by app and environment, they created rules in small batches, validated them, then scaled up. “We didn’t try to boil the ocean. We built one solid rule set at a time,” Brian says.

Using Microsoft Endpoint Manager and PowerShell scripts, the team automated deployment and dynamic labeling. Nearly every new workload comes online labeled and in full enforcement. “We built the labels in advance. So as soon as a workload comes online and gets that label, the policy is already there,” Brian explains.

But automation didn’t just simplify deployment — it also uncovered hidden risks.

“We discovered old load balancer health checks still running, misrouted app calls, and open ports no one was using,” Brian says. “Illumio helped us shut that all down.” Even app owners were surprised: “They’d say, ‘Wait, we’re still using that port?’ And we’d show them the data.”

Mission critical first: Protect what matters most


Illumio didn’t just stop threats. It surfaced unknown and unwanted traffic.

The team started by locking down the most critical assets — DNS, domain controllers, identity systems — then moved outward. “If those go down, everything else does,” Brian says. “Illumio, let us build a resilient core first.”

The success wasn’t just technical — it was organizational. “We worked with networking, infrastructure, and app teams. Everyone played a part. That’s what made it successful,” Brian shares. “When something breaks, app teams now come to us to check Illumio first. We can usually spot the issue in minutes."

For Brian, Illumio isn’t just a one-time project. It’s a living part of eBay’s Zero Trust security strategy. “We regularly refine policies and monitor for anomalies. We’re always improving.” And his advice for others? “Don’t wait until you’ve got it all figured out. Anything you do with Illumio makes you more secure than you were yesterday.”

Results that matter

  • Zero downtime: “We didn’t break a single app during rollout.”
  • Faster troubleshooting: “We can resolve issues in minutes, not hours.”
  • Cleaner environments: “We removed legacy flows, outdated configs, and noisy traffic.”

Related stories

No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more