Stowe Australia Malware-Proofs Data Centers with Illumio Cloud

“Smart” IT demands superior protection from epidemics with best-of-breed segmentation.

Stowe Logo

Summary

Industry: Construction

Environment: Data centers across Australia

Challenge: Finding a more effective solution than firewalls to malware-proof internal data centers supporting critical IT infrastructure

Solution: : Illumio Secure Cloud for preventing lateral movement behind the firewall

Results: Superior ease of use and granular policy to limit the attack surface, with adaptive policy change and no manual firewall rule-changing required

Customer Overview & Challenge

Australia’s oldest and largest private electrical contractor, Stowe provides data centers and other communications solutions for the Global 100. More than a century after replacing gaslights with electricity for their clients, Stowe now constructs cutting-edge “Smart” buildings with IoT elements – across a greatly expanded attack surface. To prevent malware epidemics that are designed to move laterally, Stowe needed stronger data center segmentation, limiting the spread of breaches by blocking unauthorized East-West traffic and reducing lateral movement.

While already segmented into coarse zones through the WAN with firewalls, Stowe’s IT team, led by Karl Houseman, sought a higher degree of granularity to prevent unauthorized hopping between branches, servers and applications on a flat network – with an approach that scaled beyond manually programming firewall rules. “We’re putting on services monthly, if not weekly, to support field staff. You can’t maintain segmentation at that rate using firewalls; you need something dynamic.”

Illumio Solution

Stowe chose Illumio Secure Cloud for its speedy deployment, ease of use compared to manually programming firewalls, and more granular segmentation policy. “Illumio is simple. You install it, you run it, you label your application workloads in their respective environments, and you enforce it. Ease of use cannot be overstated. We downloaded and had it up and running in a day.”

Illumio’s host-based segmentation makes cloud-based deployment safe and effective, without touching the underlying network. “We don’t have a ‘cloud first’ policy; we have a best-of-breed policy. We build data centers and own our infrastructure – we can rack and stack – but there was no advantage to us running it internally. Illumio’s cloud solution is maintained, it’s always on the latest version, it made far more sense.”

As a trusted provider of critical IT infrastructure, ensuring preventive data protection for clients is paramount to Stowe’s team. “When something compromises the network internally, Illumio is the best. Anti-virus is not enough. A hacker is not a virus – that’s a user, essentially on your internal network. How do you stop them? Illumio is cheap for the peace of mind it gives.”

Customer Benefits

Visibility

Stowe leverages Illumio’s application dependency map to view traffic flowing across the network as a single pane of glass – useful not only for segmentation, but to see what’s talking on which port, for diagnostics and performance troubleshooting.

Network independence

“Illumio looks at the application level as opposed to a hard-wired IT level. It ensures segmentation with IT and port-based rules, but it performs the discovery and mapping and intelligence behind it, independent of the infrastructure.”

Simplicity and ease of use

“Illumio is an easy product, very intelligent, and easy to explain to CFOs, CEOs, and MDs who aren’t technically-minded. Risk mitigation is on their agenda as well.”

quote

When something compromises the network internally, Illumio is the best. Anti-virus is not enough. A hacker is not a virus – that’s a user, essentially on your internal network. How do you stop them? Illumio is cheap for the peace of mind it gives.

Karl Houseman, Group Technology Officer