Illumio and Bishop Fox Release First-of-its-kind Test Report Quantifying the Efficacy of Micro-Segmentation

Key findings illustrate that micro-segmentation slows attackers by up to 22X, depending on the size of environment and policies in place

Sunnyvale, CA — June 4, 2020 — Illumio, the leader in segmentation for workload security, today announced that it has partnered with red team specialists Bishop Fox to conduct and document an industry-first blueprint on how to measure the efficacy of micro-segmentation based on the main components of the MITRE ATT&CK® framework.

“Folks are generally aware of why they should implement micro-segmentation and its central role in any Zero Trust strategy. What has been missing until now is the ability to quantify the benefits of micro-segmentation through a clear testing methodology that can be repeated by any organization to validate the results in their own environments,” said Raghu Nandakumara, Illumio Field CTO.

Through its implementation of the MITRE ATT&CK® framework, a set of tactics and techniques used by red teams to classify attacks and assess risk, Bishop Fox evaluated and measured the ability of micro-segmentation to effectively limit lateral movement and therefore hinder an attacker’s progress.

The report illustrates that when implementing application ringfencing policies to 100 workloads, it is 4.5X more difficult for an attacker to enumerate and reach its target. When that environment expands to 1000 workloads, that increases to 22X more difficult for an attacker, dramatically deterring bad actors from reaching their target.

Whether a sophisticated adversary or a fast-spreading ransomware attack, a common element across all high-profile breaches is lateral movement – the ability for malicious actors or malware to traverse a network. Micro-segmentation brings a Zero Trust mindset to the lateral movement problem by blocking any network communications that are not explicitly authorized, stopping an adversary or malware in its tracks.

“One of the key takeaways from this report is that as the size of a protected estate increases, the attacker’s job gets measurably more difficult (between 4.5x and 22x), even as the granularity of micro-segmentation policy is kept constant,” said Ronan Kervella, Bishop Fox Senior Security Consultant. “For security architects and infrastructure teams alike, these quantitative findings demonstrate a strong justification for implementing micro-segmentation across your enterprise. With data points like these to better inform potential security strategies, security leaders should feel empowered to take the leap in extending their micro-segmentation capability sets across the entirety of their IT estates.”

To learn more about Bishop Fox’s assessment, download the full report here, check out the latest on Illumio’s blog, and join us for a live webinar on Tuesday, June 16.

About Illumio

Illumio enables organizations to realize a future without high-profile breaches by providing visibility, segmentation, and control of all network communications across any data center or cloud. Founded in 2013, the world’s largest enterprises, including Morgan Stanley, BNP Paribas, Salesforce, and Oracle NetSuite, trust Illumio to reduce cyber risk. For more information, visit www.illumio.com/what-we-do and:


Lauren Bogoshian

[email protected]


Related news


EY Announces Andrew Rubin of Illumio as an Entrepreneur Of The Year® 2024 Bay Area Award Winner

Celebrating the bold leaders who disrupt markets, revolutionize industries and transform lives.


Houston Eye Sets its Sights on Cyber Resilience with Illumio Zero Trust Segmentation

Houston Eye to protect business-critical applications and patient data with the Illumio ZTS Platform


Illumio and Netskope Announce Zero Trust Partnership to Strengthen Enterprise Resilience Against Cyberattacks

Zero Trust Segmentation combined with Zero Trust Network Access delivers dynamic protection across modern hybrid IT

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?