/
Segmentação Zero Trust

How SWACRIT and ROS\\TECH Closed the Segmentation Gap With Illumio

It wasn’t until after the migration was complete that the gap became clear.

SWACRIT Systems, a fast-growing high-tech manufacturer and member of the Swarovski Group, had just completed a complex domain migration.  

On paper, everything looked secure. But something was missing.

“We realized we had a well-structured architecture but no real network segmentation,” said Daniel Hofer, IT Systems Engineer at SWACRIT. “That left a critical hole in our security posture.”

The domain was modernized, but the network was flat. And in a world of escalating threats, that meant a breach could spread fast.

That realization kicked off a journey to close the segmentation gap and strengthen SWACRIT’s Zero Trust strategy.  

In a recent Illumio webinar, Hofer joined Robert Rostek, CEO of cybersecurity consultancy ROS\\TECH, and Illumio Director of Critical Infrastructure Solutions Trevor Dearing, to share how Illumio helped them identify the problem, implement microsegmentation, and gain visibility and control that traditional firewalls simply couldn’t offer.

From strong identity controls to a segmentation gap

SWACRIT had recently modernized its IT environment, following best practices for Active Directory (AD) hardening, tiered administrative access, and general cyber hygiene.

“We did everything right on the identity and permissions side,” Hofer said. “But there was one piece missing — network segmentation.”

Without segmentation versus with segmentation

ROS\\TECH helped lead the initial hardening effort.

“We start every project with the basics,” Rostek said. “Do you have backups? Have you removed legacy settings? Are your admin workstations secure? Once that’s done, the next priority is segmentation, both identity and network.”

They initially considered traditional VLAN-based segmentation. But Rostek was quick to point out its limitations.

“We’ve done classic VLAN segmentation for years,” he said. “It’s possible to implement, but it’s incredibly difficult to maintain over time. Networks change constantly — new servers, new software, shifting roles. VLANs can’t keep up.”

Why SWACRIT chose host-based segmentation with Illumio

Instead of traditional approaches, SWACRIT went with host-based segmentation using Illumio. The decision came down to one word: flexibility.

“Deploying the Illumio agent was straightforward,” Hofer said. “And starting in visibility-only mode gave us time to learn before making any changes.”

That observation phase lasted just over a month. In that time, the team analyzed communication patterns, identified high-risk paths, and began building granular policy sets, all without disrupting business operations.

“The key deciding factor was ease of implementation,” Hofer explained. “Illumio let us see what was happening, then build rules based on real data.”

That visibility extended beyond basic traffic. “With hardware firewalls, you might see source and destination,” said Robert. “With Illumio, you see the user, the process, and the context. That’s a game-changer.”

The key deciding factor was ease of implementation. Illumio let us see what was happening, then build rules based on real data.

Turning visibility into security

Once Illumio was fully deployed, the benefits went beyond segmentation.

Rostek highlighted two core priorities: securing administrative paths and eliminating unnecessary peer-to-peer communication.

“We were able to lock down who could RDP into jump boxes, who could access critical systems, and where management protocols like WinRM could be used,” he said.

On the client side, Illumio enabled dynamic, label-based rules that stopped lateral movement without disrupting legitimate workflows.

“We completely blocked client-to-client communication, except for what was needed,” Rostek said. “And we didn’t have to hardcode IP addresses or manually manage exceptions. Labels handled it.”

Finding the unknowns: shadow services and misconfigurations

Illumio didn’t just improve security. It also surfaced misconfigurations and shadow IT.

“My favorite example is when we saw our main firewall trying to print to a print server,” Rostek said, laughing. “That obviously made no sense. Turned out someone had misclicked an NAT setting. Without Illumio, we never would’ve caught it.”

Other discoveries included machines running music streaming platforms and forgotten monitoring agents still broadcasting on the network. “These weren’t threats,” Robert said, “but they were signs of hygiene issues we could now clean up.”

For Hofer, Illumio’s detailed traffic visualization gave him unprecedented insight into SWACRIT’s infrastructure.

“It helped us understand communication across geographic locations, internal systems, and even our ERP ecosystem,” he said. “The tag-based system made it easy to interpret complex traffic patterns even at scale.”

Illumio visibility map

Building modern security that scales

With operations spanning Austria, Germany, and the Czech Republic — and a growth trajectory that’s seen headcount quadruple since 2015 — scalability was a must.

“With traditional firewall approaches, growing means buying new hardware and increasing network capacity,” Hofer said. “With Illumio, we just install an agent and apply a label. The rules follow automatically.”

With traditional firewall approaches, growing means buying new hardware and increasing network capacity. With Illumio, we just install an agent and apply a label. The rules follow automatically.

Even SWACRIT’s OT systems — including manufacturing machines not running traditional operating systems — were covered.  

“We added them as unmanaged workloads and assigned labels,” Hofer explained. “From that point, they could only communicate using protocols we explicitly allowed. That’s Zero Trust in action.”

Illumio delivers simple segmentation at scale

For Rostek, one of the biggest roadblocks he sees is perception.

“People think host-based segmentation is too complex,” he said. “But with Illumio, it’s easy, especially compared to managing VLANs across global environments.”

And the benefits speak for themselves: visibility, scalability, faster implementation, and stronger security — all with less overhead.

Hofer agrees.

“This is the most scalable solution I’ve found on the market,” he said. “And it grows with us.”

Missed the webinar? Watch the full recording here to see how SWACRIT and ROS\\TECH brought segmentation to life with Illumio.

Tópicos relacionados

Artigos relacionados

Deloitte reconhece a Illumio como vencedora do Tech Fast 500
Segmentação Zero Trust

Deloitte reconhece a Illumio como vencedora do Tech Fast 500

O Deloitte Technology Fast 500 reconhece as empresas de tecnologia que mais crescem com base na porcentagem de crescimento da receita do ano fiscal nos últimos três anos.

4 principais insights do guia de mercado da Gartner® de 2023 para microssegmentação
Segmentação Zero Trust

4 principais insights do guia de mercado da Gartner® de 2023 para microssegmentação

Obtenha informações do Guia de Mercado do Gartner sobre a implementação da microssegmentação, também chamada de Segmentação Zero Trust (ZTS), para proteger ambientes híbridos, interromper o movimento lateral e criar Zero Trust.

Cinco motivos pelos quais seu arquiteto de nuvem adorará a microssegmentação
Segmentação Zero Trust

Cinco motivos pelos quais seu arquiteto de nuvem adorará a microssegmentação

Para um arquiteto de nuvem, ir para a nuvem é mais do que apenas uma mudança de local.

Quatro dicas de um CISO de manufatura sobre contenção proativa de violações com a Illumio
Resiliência cibernética

Quatro dicas de um CISO de manufatura sobre contenção proativa de violações com a Illumio

Conheça as dicas do CISO de manufatura Jamie Rossato para organizações que buscam se proteger proativamente contra violações com o Illumio ZTS.

5 dicas de confiança zero para varejistas e fabricantes da Brooks Running
Resiliência cibernética

5 dicas de confiança zero para varejistas e fabricantes da Brooks Running

Saiba por que a varejista de calçados Brooks Running é um exemplo brilhante de uma empresa que implementa controles Zero Trust de forma prática.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?