Illumio and Bishop Fox Release First-of-its-kind Test Report Quantifying the Efficacy of Micro-Segmentation

Key findings illustrate that micro-segmentation slows attackers by up to 22X, depending on the size of environment and policies in place

Sunnyvale, CA — June 4, 2020 — Illumio, the leader in segmentation for workload security, today announced that it has partnered with red team specialists Bishop Fox to conduct and document an industry-first blueprint on how to measure the efficacy of micro-segmentation based on the main components of the MITRE ATT&CK® framework.

“Folks are generally aware of why they should implement micro-segmentation and its central role in any Zero Trust strategy. What has been missing until now is the ability to quantify the benefits of micro-segmentation through a clear testing methodology that can be repeated by any organization to validate the results in their own environments,” said Raghu Nandakumara, Illumio Field CTO.

Through its implementation of the MITRE ATT&CK® framework, a set of tactics and techniques used by red teams to classify attacks and assess risk, Bishop Fox evaluated and measured the ability of micro-segmentation to effectively limit lateral movement and therefore hinder an attacker’s progress.

The report illustrates that when implementing application ringfencing policies to 100 workloads, it is 4.5X more difficult for an attacker to enumerate and reach its target. When that environment expands to 1000 workloads, that increases to 22X more difficult for an attacker, dramatically deterring bad actors from reaching their target.

Whether a sophisticated adversary or a fast-spreading ransomware attack, a common element across all high-profile breaches is lateral movement – the ability for malicious actors or malware to traverse a network. Micro-segmentation brings a Zero Trust mindset to the lateral movement problem by blocking any network communications that are not explicitly authorized, stopping an adversary or malware in its tracks.

“One of the key takeaways from this report is that as the size of a protected estate increases, the attacker’s job gets measurably more difficult (between 4.5x and 22x), even as the granularity of micro-segmentation policy is kept constant,” said Ronan Kervella, Bishop Fox Senior Security Consultant. “For security architects and infrastructure teams alike, these quantitative findings demonstrate a strong justification for implementing micro-segmentation across your enterprise. With data points like these to better inform potential security strategies, security leaders should feel empowered to take the leap in extending their micro-segmentation capability sets across the entirety of their IT estates.”

To learn more about Bishop Fox’s assessment, download the full report here, check out the latest on Illumio’s blog, and join us for a live webinar on Tuesday, June 16.

About Illumio

Illumio enables organizations to realize a future without high-profile breaches by providing visibility, segmentation, and control of all network communications across any data center or cloud. Founded in 2013, the world’s largest enterprises, including Morgan Stanley, BNP Paribas, Salesforce, and Oracle NetSuite, trust Illumio to reduce cyber risk. For more information, visit www.illumio.com/what-we-do and:


Lauren Bogoshian

[email protected]


Related news


Illumio Appoints John Lens as Chief Revenue Officer

Former Alteryx and VMware sales leader to seize momentum in Zero Trust Segmentation and lead all revenue operations to fuel global growth


Illumio Appoints L. David Kingsley as Chief People Officer

Former Alteryx, Intercom, and Salesforce Human Resources Executive to Accelerate Growth and Foster Employee Engagement.


Illumio Simplifies Zero Trust Policy Enforcement with the General Availability of Illumio for Microsoft Azure Firewall

Illumio for Azure Firewall visualizes and secures traffic between Azure resources and simplifies firewall rule management with Zero Trust Segmentation

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?