Illumination: Application Dependency Map

Illumination application dependency mapping takes live telemetry data provided by Virtual Enforcement Nodes to visually display traffic flows between applications and workloads and the processes that comprise them. It baselines an application’s connectivity so that security teams can enforce segmentation policies for their organization’s applications and detect anomalous behavior.

Illumination enables you to visually model policies and provide immediate feedback about any flows that may be blocked when moving into enforcement mode. This capability provides assurance that enforcing segmentation will not break an application.

With vulnerability maps, you can overlay an application dependency map with third-party vulnerability scan data—allowing security teams to see a live map that demonstrates the highest severity vulnerabilities on each workload and the level of exposure of those vulnerabilities. These insights can be used to prioritize patching, and if no patch is available, Policy Generator can be used to build segmentation policies that act as compensating controls for unpatched vulnerabilities.

Illumio Vulnerability Maps

How different teams use Illumination application dependency mapping

• IT operations teams use Illumination to monitor the traffic traversing their organization’s data centers and cloud environments in real time.
• Application and security teams use Illumination to view traffic within and between applications.
• Security teams use Illumination to detect policy violations and failed attempts to connect. They can also view how a bad actor can traverse the environment and use this insight to define segmentation policies to block these open pathways and thereby reduce the attack surface.
• Applications and IT operations teams use Illumination to identify “orphaned” and mislabeled assets, which in turn helps to clean up CMDBs.

Leverage global real-time visibility to architect security segmentation

Illumination application dependency mapping uses labels attached to workloads to provide contextual application dependency maps and groups workloads based on their label sets, providing insights to the connections and flows between workloads. Illumination is also able to display these relationships across your compute running in data centers and public clouds.

This visual map facilitates collaboration across application owners, security, IT operations, and compliance. Illumination helps security and operations teams determine and validate what is in scope for various segmentation projects. Via role-based access control (RBAC), you can allow application teams/service owners to view their applications and suggest policies to protect them.

Get real-time validation during policy creation

Build mode, which overlays unprovisioned policies with historical traffic flows, indicates if rules have been written to permit communications between workloads across applications, environments, and locations. You can quickly view connections and flows that do not have rules in place, add policies to allow these flows, and flag connections that are suspicious.

Test, monitor, and enforce without breaking applications

In test mode, Illumination application dependency mapping enables security teams to test policies by alerting for any traffic that would have been dropped if the policy had been fully enforced. Traffic is not blocked, but if a flow occurs that breaks policy, an alert is generated. You can run any workload or application in test mode for any length of time.

View attackers' potential lateral movements

Security can combine vulnerability scan data with Illumination to deliver a vulnerability map. Vulnerability maps enhance Illumination by displaying the attacker’s potential pathways for moving laterally within an environment. IT operations teams use this information to prioritize an organization’s patching strategy, and security teams can use these insights to define segmentation policies.