Policy Generator ensures the process of creating optimal micro-segmentation policies for any type of workload (bare-metal, virtual machines, containers) is simple—regardless of where it’s running.

icon_secureconnect_white_circle

Policy Generator is a simple workflow built into the Adaptive Security Platform® (ASP). It pairs with Illumio ASP's labeling and policy modeling capabilities to provide an easy-to-use interface for creating micro-segmentation policies. It matches historical connections, the processes these flows communicate with, and workload labels to automatically suggest policies for controlling intra- and inter-application traffic.

 

 

 

BENEFITS

SIMPLIFY COLLABORATION BETWEEN APPLICATION OWNERS AND SECURITY

Policy Generator allows you to build micro-segmentation policies that protect critical applications. You can assign different teams ownership of different applications using role-based access control (RBAC):

  • Application owners can use Policy Generator to review flows and create micro-segmentation policies for individual applications, but they will not have the ability to approve and provision those policies—this is typically the responsibility of another group to ensure a separation of duties. Application owners can create these rules using declarative policies that use labels. Application teams therefore do not need to understand the underlying network infrastructure or keep track of networking constructs, such as IP addresses and VLANs, to create robust policy.
  • Security teams can view, test, update, and provision the policies proposed by application teams.

DEFINE POLICIES WITH THE RIGHT LEVEL OF GRANULARITY

Policy Generator provides an easy-to-use interface for selecting the granularity (or level of restrictiveness) of your organization’s micro-segmentation policies. You can define traffic restrictions for workloads at the environment level (least granular), application level, role/tier level, or even by the process/service running on individual workloads (most granular).


LEVERAGE VULNERABILITY INFORMATION TO CREATE RISK-BASED POLICIES

When vulnerability maps are enabled, Policy Generator incorporates vulnerability information and the exposure of each vulnerability, which can be used to prioritize patching. If patching is not an option, Policy Generator will recommend micro-segmentation policy that can be used as a compensating control until a patch is available.