Explorer enables security, application, operations, compliance, and audit teams to search and analyze historical records of all observed traffic between workloads for planning, auditing, reporting, and troubleshooting.
Explorer gives you the ability to query the Policy Compute Engine (PCE) traffic database for historical data that can be used for compliance and audit as well as policy development. With an easy-to-use interface, Explorer does not require you to be familiar with networking constructs like VLANs, subnets, and IP addresses to run searches. You simply type your search parameters using plain-text language and filter results by specific time period; specific ports, protocols, or processes; and actions that were taken on that traffic based on policies (for example, “allowed” vs. “potentially blocked” vs. “blocked”).
Via role-based access control (RBAC), authorized users among security, IT operations, compliance, and audit teams can also query for traffic information, which they can then use for troubleshooting, security incident response, forensic investigations, compliance, and audit reporting. Authorized users can also query the PCE traffic database for any traffic flows across segmented environments and validate their organization’s segmentation strategy.
Simplify collaboration among IT operations, security and application owners
When IT teams plan a segmentation project such as separating Test, Dev, and Prod or ringfencing their organization’s SWIFT or PCI cardholder data environments, they want to be able to validate that these environments are effectively separated from one another.
- Explorer augments the information from Illumio Core's application dependency map by enabling authorized users to query the traffic database for any traffic flows across segmented environments.
- IT operations, security, and application owners can use search results to refine the traffic flows that should be allowed or blocked within and across segmented environments.
Support compliance, audits, investigations, and troubleshooting
- Compliance teams query Explorer to validate that the scope and controls for segmentation comply with the control statements.
- Audit teams use the results of Explorer to validate the efficacy of the segmentation controls and identify issues and control gaps.
- IT operations and security teams query Explorer for planning, troubleshooting, incident response, and forensic investigations of year-old traffic.
Get comprehensive live visibility into workloads
Using Explorer, security teams can run a search on unmanaged IP addresses and convert them into unmanaged workloads. You can then use this information to define and enable policies on the connections and flows between unmanaged and managed workloads.