Federal Government & Public Sector

Federal and public sector IT leaders are adopting Zero Trust or least-privilege security strategies and deploying micro-segmentation as a foundational component in order to keep up with FISMA, NIST, DHS, and OMB mandates to identify their high value assets (HVA), map their dependencies, and take steps to reduce the attack surface via segmentation.

challenge

Government mandates and guidelines such as DHS Binding Operational Directive 16-01 and OMB Memorandum M-17-09 require government IT leaders to identify their HVAs so that they can better understand their risk and vulnerability, and then take steps to reduce their attack surface. To effectively secure HVAs, agencies need to be aware of and have a plan for addressing the following challenges:

Applications likely run on a combination of legacy infrastructure and new forms of compute and possibly even reside in GovCloud.
Overheads that stem from managing and scaling VLANs, subnets, and firewall rules.

Solution

To effectively secure HVAs, government IT leaders are shifting their mindset from detection and prevention to containment and remediation – also known as cyber resiliency. The focus is on limiting the ability of bad actors to take advantage of compromised hosts as entry points to traversing the internal network and reaching HVAs. Adopting a Zero Trust security architecture and using micro-segmentation as a foundational component is quickly becoming good hygiene.

The Illumio Adaptive Security Platform® (ASP) offers federal and public sector agencies the following benefits:

Effectively execute Zero Trust security strategy
Use native enforcement points to mitigate cost and management overheads

Illumio ASP delivers micro-segmentation as a foundation of Zero Trust security:

Application dependency mapping (Illumination) provides workload, application, and connection visibility.
Policy Generator automatically calculates the optimal firewall/segmentation rules based on contextual information about the environment, workloads, and applications.
Continuous monitoring by turning every host in your data center and public cloud into points of visibility and into sensors that detect unauthorized connection attempts and policy deviations.
Vulnerability maps overlay third-party vulnerability scan data and use this information to determine patching strategy and to apply micro-segmentation as a compensating control.
Integrates with third-party FIPS validated cryptographic modules that conform to the Federal Information Processing Standards (FIPS) 140-2 standard. Download our third-party affirmation letters for FIPS 140-2 compliance.
Currently undergoing evaluation for Common Criteria certification – the NIAP Protection Profile for Enterprise Security Management, Policy Management.

Learn more:

Secure High Value Assets in Federal Agencies

Illumio ASP enables federal and public sector agencies to use existing infrastructure investments to meet compliance regimens instead of re-architecting environments and introducing more networking infrastructure. By programming the Layer 3/Layer 4 stateful firewalls native to each host OS, you can eliminate cost and management overhead.

Illumio ASP optimizes policies and programs rules for the following enforcement points:

Layer 3/Layer 4 firewalls in the host OS – Windows Filtering Platform (WFP) for Windows, iptables for Linux, and IPFILTER for AIX/Solaris.
Programs ACLs for:

Load balancers (F5) and switches (Arista)
Containerized hosts
Cloud security groups (AWS Security Groups and Azure Security Groups)

SecureConnect programs IPSec connectivity between Linux or Windows workloads to enable secure, encrypted communications without requiring any changes or upgrades to your existing network infrastructure across private data centers or public clouds (AWS, Azure, Google Cloud, Rackspace).

Learn more:

Solutions

Micro-Segmentation

Visibility

Migration

Compliance & Risk

Microsoft

Industries

What We Do

How to Build aMicro-SegmentationStrategy

Overview

Services

Solution Architecture

Segmentation Templates

Product Integrations

Product Documentation

FAQ

Illumio Adaptive Security Platform®

OVERVIEW

Experience Illumio

Technology Partners

Business Partners

Nutanix + Illumio

Partner Inquiry

Support Starts Here

Telephone Support

Direct hotline support is available 24/7.

Support Portal

The Segment

New: Online Community

Media Kit

How to Build aMicro-SegmentationStrategy

RESOURCE CENTER

Featured Resources

All Resources

News

Awards

Events

Media Kit

What We Do

Management

Board of Directors

Investors

Careers

Solutions

FEDERAL GOVERNMENT & PUBLIC SECTOR

challenge

Solution

Effectively execute Zero Trust security strategy

Use native enforcement points to mitigate cost and management overheads

How to Build a

MICRO-SEGMENTATION STRATEGY

News Sign Up Form

FOLLOW US:

How to Build a
Micro-Segmentation
Strategy

Illumio Adaptive Security Platform^®

How to Build a
Micro-Segmentation
Strategy