Comment garantir la réussite des projets de microsegmentation : choisir les bons outils
You can reliably deliver microsegmentation projects — but only with the right approach. In this blog series, we have provided guidance proven to deliver real-world projects that bring great benefits while being straightforward and cost-effective.
In part one, we explored the three top ways to ensure microsegmentation projects succeed.
In part two, we outlined three strategic principles that increase project success rates.
In part three, we shared the six biggest risks to projects and how to mitigate them.
In this final article, we’ll discuss the one factor that often separates microsegmentation projects that succeed from those that fail — the tools they use.
This article will explore:
- Why legacy tools fail to deliver microsegmentation in modern environments.
- What to look for when evaluating a modern microsegmentation tool.
- How organizations have used Illumio to reliably deliver successful microsegmentation projects across complex and challenging modern networks.
The problem with using legacy tools for microsegmentation
Your microsegmentation strategy can only do so much.
You can build a strategy that incorporates every proven strategic principle and best practice. You can design a bullet-proof roadmap that accounts for and mitigates common project risks. You can identify your high-value assets, prioritize their security, and break your microsegmentation projects into logical, achievable, bite-size chunks.
But eventually, you will need to use a segmentation tool to bring your strategy to life. And if you rely on the wrong tool for the job, then your thoughtful strategy will most likely fail to come to life. Here’s why.
Most existing segmentation tools were not designed to create scalable, granular microsegmentation between the systems inside of large, constantly changing IT environments.
These legacy tools tend to fall into one of two categories:
- Internal firewalls, private VLANs, switch ACLs, NAC, and the like
- Somewhat newer software-based networking platforms, including VMware NSX, Cisco ACI and Cisco DNA
These tools share many of the same shortcomings:
- They require you re-architect your network to use them
- They require a forklift upgrade of your networking equipment.
- They are tied to the physical network.
- They create significant disruption and require extensive staff time or professional services help.
- They are either unmanageable across multiple clients, or they force you to learn complicated overlay networks to operate them.
These tools are restricted by traditional network and firewall constructs. This means that the potential for error is high, given the extensive manual processes required to build and maintain these firewalls. Beyond enforcing a few broad segments, this approach becomes impractical and increases the risk of a successful breach.
Trying to implement granular segmentation with traditional tools is expensive, complex, time-consuming, and ultimately impossible for most organizations. When security and IT teams attempt to segment their networks with traditional tools, they typically expend a lot of resources just to maintain very broad segmentation that does little to constrain the lateral movement of cyberattackers.
Clearly, organizations need new technologies to implement an effective microsegmentation strategy across their digital infrastructure.
What to look for in a modern microsegmentation tool
Not every modern microsegmentation tool delivers the same results. When evaluating new tools to drive your microsegmentation project, there are a few qualities you should look for. Any tool with these qualities will address the fundamental limitations of legacy network and security tools and make microsegmentation practical and straightforward.
A modern, effective microsegmentation tool must:
- Rethink the segmentation problem from the ground up. Some legacy microsegmentation tools are trying to update their functionality to adapt to modern environments. This is a step in the right direction, but it’s not enough. Networks have changed too much at a fundamental level. You need a microsegmentation tool that was designed specifically to solve the new and unique security challenges that modern networks create.
- Have proof that it can scale in the real-world. Some modern microsegmentation tools sound good on paper but have not yet solved the complex and subtle problems that appear in real-world microsegmentation projects. Most of these tools are limited to supporting a few hundred workloads. Look for tools that have segmented tens of thousands or hundreds of thousands of workloads, applications, servers and systems.
- Offer support teams with industry-leading implementation expertise. Many organizations can’t design and implement large-scale microsegmentation strategies on their own. They simply don’t have the experienced internal resources required to work through these projects without outside assistance. Any microsegmentation tool provider must also offer ample support to help assist customers throughout their project.
- Utilize host-based segmentation. Network-based segmentation — layering external tools over your network to manage your segmentation policies — no longer works. This approach was designed to segment environments that were on-premises and largely static. It fails when applied to modern networks. Look for tools that perform host-based segmentation by configuring the native firewall controls that exist in operating systems and networking assets.
- Provide real-time, centralized traffic maps. Most legacy tools — and some modern tools — create a siloed, fragmented view of your network. They force you to collect, centralize and normalize their different data sources into a single authoritative view of your network. That process is high-effort, time-consuming, and error-prone. Look for tools that automatically give you a unified, “single source of truth” for your network traffic.
- Perform end-to-end segmentation from one console. Finally, look for tools that make it quick and easy to create and manage microsegmentation policies for any size network. That means from one console, you can segment across clouds, on-premises data centers, and distributed, remote endpoint devices. The best tools can segment workloads across your IT environment while automatically updating policy as your digital infrastructure changes.
Any tool that meets these criteria will provide the fundamental capabilities you need to drive a successful microsegmentation program. Illumio provides these capabilities.
How Illumio is pioneering microsegmentation
Illumio is a unified platform designed to make it quick and easy to enforce microsegmentation across modern, hybrid computing environments. Illumio addresses the limitations of traditional network tools and provides a new approach to rapidly segment at both broad and granular levels, at any scale. It works equally well for start-ups to Fortune 500 companies.
Illumio meets, or exceeds, each of the criteria necessary for driving successful microsegmentation projects.
- Illumio rethinks the segmentation problem. Illumio was founded in 2013 to address the limitations of legacy networking and security tools, which were failing to effectively support the security requirements of modern networks. Illumio was specifically designed to deliver microsegmentation projects across modern distributed, virtual and dynamic networks.
- Illumio is proven to scale in the real world. Since 2013, organizations have used Illumio to effectively implement microsegmentation projects that were previously impossible. Illumio has documented case studies where customers used our platform to segment tens or hundreds of thousands of applications and assets, with no significant impact on network performance or application availability.
- Illumio supports strategy formation and implementation. Illumio provides hands-on support services at every stage of delivering successful microsegmentation projects. Illumio can help with designing the right strategy, as well as authoring, enforcing and evolving the right policies.
- Illumio creates real-time, centralized network visibility. Quelques minutes après le lancement, Illumio crée un carte complète des dépendances des applications et une image en temps réel des flux de trafic au sein de votre environnement informatique. Cette visibilité vous permet de déterminer facilement les politiques que vous devez mettre en œuvre pour chaque projet.
- Illumio effectue une segmentation basée sur l'hôte. Illumio ne superpose pas d'outils externes à votre réseau. Illumio configure plutôt les contrôles de pare-feu natifs qui existent déjà dans presque tous les systèmes d'exploitation. Vous n'avez pas besoin de toucher à votre architecture informatique sous-jacente. Cela permet de segmenter rapidement les environnements à n'importe quelle échelle.
- Illumio réalise une segmentation de bout en bout. Illumio crée une microsegmentation entre réseaux multicloud, hybrides et sur site. Il segmente les charges de travail, les terminaux et les plateformes cloud. De plus, il simplifie, rationalise et automatise chaque étape de la gestion des politiques et de la maintenance continue.
En adoptant cette nouvelle approche, Illumio rend la microsegmentation réalisable pour les organisations de toutes tailles.
Exemples concrets de microsegmentation avec Illumio
Illumio a fait ses preuves dans le monde réel. La plupart des organisations innovantes utilisent Illumio pour segmenter leurs réseaux. Illumio est utilisé par :
- Plus de 15 % des entreprises du Fortune 100
- 6 des 10 plus grandes banques mondiales
- 5 des principales compagnies d'assurance
- 3 des 5 plus grandes entreprises SaaS
Nos clients ont utilisé Illumio pour protéger les réseaux modernes à l'échelle de l'entreprise. Voici quelques exemples récents :
- Un site de commerce électronique a utilisé Illumio pour sécuriser 11 000 systèmes en 3 mois et passer avec succès un audit critique.
- Une plateforme SaaS de premier plan a mis en œuvre Illumio pour sécuriser 40 000 systèmes dans le cadre d'une automatisation complète de DevOps, y compris en matière de politiques et d'application.
- Une grande banque dépositaire compte sur Illumio pour sécuriser 1 billion de dollars par jour de transactions financières sous le contrôle de la réglementation fédérale.
Voici ce que les clients ont dit à propos de l'utilisation d'Illumio pour la microsegmentation :
« Illumio a comblé une lacune pour laquelle il n'existait aucune solution auparavant. Outre le respect des réglementations de conformité, nous avons constaté des améliorations drastiques de notre posture de sécurité globale. »
— Steffen Nagel, responsable des technologies de l'information, Frankfurter Volksbank
« L'obtention d'une visibilité en direct sur les flux entre les charges de travail et les chemins des protocoles a apporté une valeur ajoutée immédiate. La possibilité d'utiliser la carte pour autoriser facilement le trafic des listes et atteindre le niveau de segmentation requis permettra de gagner un temps considérable par rapport à la programmation manuelle des règles de pare-feu. »
— Mikael Karlsson, responsable de l'infrastructure informatique, AFA Försäkring
« L'attrait initial [pour Illumio] était vraiment sa simplicité. Le fait de pouvoir couvrir le physique et le virtuel et de présenter des informations de manière très résolue change la donne. »
— Andrew Dell, directeur de la sécurité informatique, QBE Insurance
Illumio nommée leader de la microsegmentation par Forrester
Forrester a classé Illumio parmi les leaders à la fois dans The Forrester New Wave : Microsegmentation, Q1 2022, et The Forrester Wave : Zero Trust eXtended Ecosystem Platform Providers, Q3 2020.
Nous croyons notre leadership dans ces deux rapports Forrester Wave confirme ce que notre liste croissante de clients sait déjà : Illumio établit la norme en matière de microsegmentation prévisible et évolutive qui soutient une approche unifiée et disciplinée de la sécurité Zero Trust.
C'est ce que nous appelons Segmentation Zero Trust.
Selon Forrester : « La confiance implicite sur le réseau doit cesser, et la microsegmentation est la clé. »
Réussissez votre projet de microsegmentation dès aujourd'hui
Dans cette série en quatre parties, nous avons décrit une approche pratique et éprouvée pour réaliser des projets de microsegmentation qui réussissent là où d'autres échouent. Nous avons abordé les principales raisons pour lesquelles les projets de microsegmentation échouent, les principales sources de risques que ces projets comportent, les principes stratégiques qui guident les projets vers la réussite et, enfin, les outils qui peuvent donner vie de manière fiable à la microsegmentation.
Passez à l'étape suivante pour déterminer si Illumio est le bon partenaire lors de la conception et de la mise en œuvre de votre prochain projet de segmentation :
- Téléchargez notre guide détaillé Comment élaborer une stratégie de microsegmentation en 5 étapes.
- Accédez à une copie gratuite de La nouvelle vague de Forrester : la microsegmentation, premier trimestre 2022 où Illumio est nommé Leader.
- Calendrier une démonstration gratuite et une consultation avec nos experts en segmentation Zero Trust.