Investa Adds Micro-Segmentation to Security Portfolio

Bolstering their already stellar industry reputation through innovation that supports both IT and business needs

Investa Logo

Summary

Industry: Real Estate

Environment: On-premises data center applications and gradual cloud adoption

Challenge: Lack of visibility and control of lateral traffic; risks posed by legacy servers and an unsegmented network

Solution: Real-time application dependency mapping and micro-segmentation from Illumio Core

Results: Comprehensive workload and application visibility; agile, flexible security policies; breach-ready assurance

Customer Overview & Challenge

As one of Australia’s largest commercial real estate companies, Investa has a powerhouse portfolio worth over $11 billion, with steady growth predicted for the future. The company consistently delivers high-quality real estate services and outperforms for its investors. Protecting that reputation puts a spotlight on how Investa is protecting its IT environment and business-critical applications.

With the growth of cyber threats to the real estate industry, the company took a proactive “assume breach” approach, focusing on strategy to limit the impact and spread should a breach occur. Investa needed internal data center and cloud segmentation. The search for a solution kicked into gear when the risk posed by a small number of legacy Windows servers with known but non-patchable vulnerabilities became too high. “Segmentation became an imperative next step to mitigate risk and protect new and legacy workloads,” said Nathan Powell, IT Operations Manager. “We needed a way to accurately identify, visualize, and control lateral traffic.”

Investa’s objectives would require a more granular degree of segmentation than network firewalls and other traditional methods offer. Beyond that, requirements included a solution that didn’t involve reconfiguration efforts and wouldn’t hinder the organization’s cloud adoption momentum.

Illumio Solution

Nathan sought “true micro-segmentation,” which led Investa to Illumio Core.

Independent of underlying infrastructure, Illumio Core delivers visibility and granular control across any data center and public cloud environment.

“The initial deployment of Illumio agents was easy,” according to Nathan. Soon after, the real-time application dependency map, known as Illumination, provided fast value. Investa had newfound visibility into the interconnections between applications and workloads – and a quick lesson learned: “Don’t make assumptions about your environment,” Nathan said. “Our application environment was more sophisticated than we originally thought. This insight validated our decision to use Illumio; designing traditional firewall policies to provide the same level of protection would have been far more complicated and time-consuming.”

Investa gleaned insights into how critical business applications work, how users connect with different systems, and unnecessary connections that present risk. These discoveries gave the team plenty to address and were critical to informing policy decisions while offering significant peace of mind.

“The visual feedback makes it easy to paint a clear, accurate picture of the controls we have in place for our executives. It assures them that we know exactly what is talking to what. No one wants to be the company that gets breached, but if that happens, we have peace of mind that it will be contained.”

The mapping and policy decision processes have also enhanced relationships with application owners and teams. As Investa deploys new applications in the cloud, Illumio Core will continue to be an enabler of transformation – without sacrificing security.

Customer Benefits

Context-rich visibility

The real-time application dependency map provides context down to individual workloads, showing services running on the workloads and traffic flows between them, to help Investa better understand risk across environments.

Clarity and assurance

The team can easily share updates with executives and include a visual representation of Investa’s application environment and segmentation status, providing assurance that Investa is primed to limit an attacker’s mobility and minimize the impact of a potential breach.

Flexible to business needs

Infrastructure-independent micro-segmentation is ideal for dynamic environments, and with cloud adoption initiatives already in progress, Illumio Core gives Investa the ability to consistently protect applications deployed into any public cloud without introducing new networkbased risks.

Better collaboration and alignment

Illumio Core has facilitated cross-team collaboration, pulling application owners into the policy decisionmaking processes and driving alignment around what needs to be done for security.

quote

To do this same project using firewalls would have meant manually remapping how the network was operating, and even then, it wouldn’t have been true micro-segmentation. Plus, it would have been a bureaucratic mess. Illumio Core has allowed us to fully control what lateral traffic is allowed without having to use another firewall.

Nathan Powell, IT Operations Manager