Adaptive Security Platform (ASP)TM

banner-img.png
banner-img.png

The Illumio ASP reduces cyber risk in data center and cloud environments by delivering application traffic visibility, adaptive segmentation and encryption with no dependency on the network or hypervisor.

platform-image-right

Platform

Illumio ASP is a distributed software platform designed to continuously protect communications within and across tiers of applications, wherever they are running. It creates secure and granular segmentation to compartmentalize workloads and applications, reducing the attack surface exposed to cyber vulnerabilities.

 

Illumio ASP is decoupled from the infrastructure. It supports all modern server computing formats (Windows/Linux, virtual machines, containers) and all computing environments (data center, private and public cloud). View Data Sheet »

Policy Compute Engine

Policy Compute Engine

The Policy Compute Engine (PCE) is the central brain of the Illumio ASP. It constantly computes the optimal security policy and enforcement for the workloads and applications under management. The PCE:

  • Discovers application topology and applications flows
  • Features rich APIs that integrate with orchestration tools (Puppet, Chef) and CMDB systems for key context/telemetry, security policy discovery and high-level management 
  • Enables automatic key management for encryption

VIRTUAL ENFORCEMENT NODE

The Virtual Enforcement Node (VEN) is a lightweight software agent that is installed in the operating system of any server, VM, or container. It collects telemetry (network flows, workload information) and programs the native stateful firewall in the host (iptables in Linux, Windows Filtering Platform). The VEN:

  • Unlike traditional agents, it is not in the data path — think of it as an antenna
  • Controls stateful native layer-3 and layer-4 firewalls to deliver segmentation
  • Has no requirements for virtual chokepoints or complex traffic steering
  • Delivers real-time alerts of potential policy violations and tampering
Virtual Enforcement Node
Policy Model diagram

POLICY MODEL: WRITE ONCE, ENFORCE EVERYWHERE

Illumio’s declarative policy model allows IT and security teams to describe in natural language how applications are segmented from an operational perspective.

  • Declarative model enforces the business logic of security while abstracting the network complexity
  • Natural-language security policies eliminate the need to know IP addresses, VLANs, subnets, zones, or security groups
  • Whitelist model ensures the smallest attack surface by permitting only allowed connections vs. blocking long lists of unauthorized connections

AGILE SECURITY: READY-TO-DEPLOY POLICIES, WORKFLOW INTEGRATION

Accelerate the deployment of security and reduce risk caused by errors with ready-to-deploy templates and integration with existing tools and workflows.

  • Illumio Security Templates can be deployed in minutes, simplifying the definition and implementation of policy while reducing errors and preventing security gaps for widely used, business-critical applications like Microsoft Active Directory, Microsoft Exchange, Microsoft SharePoint, MySQL, MongoDB, and PostgreSQL.
  • Automate Illumio administrative activity with scripts, orchestration platforms, or custom built-tools leveraging the Illumio API for tight integration with existing workflows.
  • Support for third-party SIEM integration extends Illumio to current logging, alerting, and troubleshooting workflows.
Agile Security
illuminate.png

Illumination

See live application traffic and policy violations.

Read More »
enforce.png

Enforcement

Nano-segment applications down to individual VMs, servers, and processes.

Read More »
secure-connect.png

SecureConnect

Protect your data with instant encryption.

Read More »
platform-image-right

EXTENDING ADAPTIVE SECURITY TO F5 BIG-IP

Illumio ASP extends adaptive security to more enforcement points, using what you already have—including F5 BIG-IP Local Traffic Manager (LTM). The integration with F5 BIG-IP LTM enables dynamic programming of ACLs on the F5 BIG-IP based on application changes (e.g., scale out). You get greater value from your IT investments and achieve application segmentation across your F5 BIG-IP LTMs.

platform_feature_graphic_v1.jpg