Illumio Edge Architecture Overview
Illumio Edge delivers visibility and segmentation
to stop lateral movement between endpoints.
With easy cloud-based deployment and a lightweight agent that follows the user, Illumio Edge makes use of existing host firewalls to enforce security on endpoints.
This all starts with a different approach to segmentation – at an architectural level. Illumio Edge is not tied to your network. This foundation eliminates the limitations and challenges of network-based segmentation.
Illumio Edge Architecture
Core Components
Virtual Enforcement Node
Illumio Edge’s Virtual Enforcement Node (VEN) is a lightweight agent that runs on your organization’s end-user laptops. But it’s not your average agent. It uses virtually no CPU, won’t bring down network performance, and has proven its resiliency in the data center.
The VEN is completely invisible to the user but gives you visibility of every flow in and out of their machines. It collects that context and telemetry and sends it to the Policy Compute Engine.
CrowdStrike customers will be able to use the Falcon agent with Illumio Edge as of July 2020. Read more about it here.
Cloud-Delivered Policy Compute Engine
Illumio Edge's Policy Compute Engine (PCE) uses endpoint visibility and telemetry as the basis for building the perfect whitelist policy. Once created, the PCE sends these policies back to the endpoint VEN that programs the Windows-based firewall with the right policy. The policy only allows specific, whitelisted inbound connections, dramatically reducing the risk of malware and ransomware spreading from machine to machine.
As a cloud offering, the PCE is hosted and managed by Illumio, with its intelligence and policy orchestration occurring in the cloud. This means there’s no management or operational expenses for your team.
Core Capabilities
Cloud-delivered
Distributed enforcement for massive scale with no performance impact
Lightweight agent lets security follow the user
Automated Zero Trust policy
Off-network protection
Network agnostic – zero configuration
to existing network
Complementary to EDR and endpoint security solutions, including CrowdStrike agent integration
Endpoint-to-endpoint visibility
Uses native OS firewall
No host OS overhead
