Illumio and Bishop Fox Release First-of-its-kind Test Report Quantifying the Efficacy of Micro-Segmentation

Key findings illustrate that micro-segmentation slows attackers by up to 22X, depending on the size of environment and policies in place

Sunnyvale, CA — June 4, 2020 — Illumio, the leader in segmentation for workload security, today announced that it has partnered with red team specialists Bishop Fox to conduct and document an industry-first blueprint on how to measure the efficacy of micro-segmentation based on the main components of the MITRE ATT&CK® framework.

“Folks are generally aware of why they should implement micro-segmentation and its central role in any Zero Trust strategy. What has been missing until now is the ability to quantify the benefits of micro-segmentation through a clear testing methodology that can be repeated by any organization to validate the results in their own environments,” said Raghu Nandakumara, Illumio Field CTO.

Through its implementation of the MITRE ATT&CK® framework, a set of tactics and techniques used by red teams to classify attacks and assess risk, Bishop Fox evaluated and measured the ability of micro-segmentation to effectively limit lateral movement and therefore hinder an attacker’s progress.

The report illustrates that when implementing application ringfencing policies to 100 workloads, it is 4.5X more difficult for an attacker to enumerate and reach its target. When that environment expands to 1000 workloads, that increases to 22X more difficult for an attacker, dramatically deterring bad actors from reaching their target.

Whether a sophisticated adversary or a fast-spreading ransomware attack, a common element across all high-profile breaches is lateral movement – the ability for malicious actors or malware to traverse a network. Micro-segmentation brings a Zero Trust mindset to the lateral movement problem by blocking any network communications that are not explicitly authorized, stopping an adversary or malware in its tracks.

“One of the key takeaways from this report is that as the size of a protected estate increases, the attacker’s job gets measurably more difficult (between 4.5x and 22x), even as the granularity of micro-segmentation policy is kept constant,” said Ronan Kervella, Bishop Fox Senior Security Consultant. “For security architects and infrastructure teams alike, these quantitative findings demonstrate a strong justification for implementing micro-segmentation across your enterprise. With data points like these to better inform potential security strategies, security leaders should feel empowered to take the leap in extending their micro-segmentation capability sets across the entirety of their IT estates.”

To learn more about Bishop Fox’s assessment, download the full report here, check out the latest on Illumio’s blog, and join us for a live webinar on Tuesday, June 16.

About Illumio

Illumio enables organizations to realize a future without high-profile breaches by providing visibility, segmentation, and control of all network communications across any data center or cloud. Founded in 2013, the world’s largest enterprises, including Morgan Stanley, BNP Paribas, Salesforce, and Oracle NetSuite, trust Illumio to reduce cyber risk. For more information, visit www.illumio.com/what-we-do and:


Lauren Bogoshian

[email protected]


Related news


Illumio Announces Incident Response Partner Program and New Product Features to Fight Ransomware

Illumio Zero Trust Segmentation Dashboards Make it Easy to Improve Ransomware Resilience as Proven Incident Response Partner Program Empowers DFIR Providers with ZTS


Illumio Launches Zero Trust Segmentation ROI Calculator to Help Organizations Maximize Cyber Investment

Illumio ZTS platform delivered 111 percent return on investment and 66 percent reduction in blast radius


Illumio Names Gautam Mehandru as Chief Marketing Officer

Promotion to CMO follows Illumio’s record fiscal year and record Q4 performance fueled by impactful marketing initiatives

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?