With vulnerability maps, you can overlay an application dependency map with third-party vulnerability scan data—allowing security teams to see a live map that demonstrates the highest severity vulnerabilities on each workload and the level of exposure of those vulnerabilities. These insights can be used to prioritize patching, and if no patch is available, Policy Generator can be used to build micro-segmentation policies that act as compensating controls for unpatched vulnerabilities.
Illumination uses labels attached to workloads to provide contextual application dependency maps and groups workloads based on their label sets, providing insights to the connections and flows between workloads. Illumination is also able to display these relationships across your
This visual map facilitates collaboration across application owners, security, IT operations, and compliance. Illumination helps security and operations teams determine and validate what is in scope for various segmentation projects. Via role-based access control (RBAC), you can allow application teams/service owners to view their applications and suggest policies to protect them
Build mode, which overlays unprovisioned policies with historical traffic flows, indicates if rules have been written to permit communications between workloads across applications, environments, and locations. You can quickly view connections and flows that do not have rules in place, add policies to allow these
In test mode, Illumination enables security teams to test policies by alerting for any traffic that would have been dropped if the policy had been fully enforced. Traffic is not blocked, but if a flow occurs that breaks policy, an alert is generated. You can run any workload or application in test mode for any length of time
Security can combine vulnerability scan data with Illumination to deliver a vulnerability map. Vulnerability maps enhance Illumination by displaying the attacker’s potential pathways for moving laterally within an environment. IT operations teams use this information to prioritize an organization’s patching strategy, and security teams can use these insights to define micro-segmentation policies.