Public sector technology and security leaders are adopting Zero Trust or least-privilege security strategies and deploying micro-segmentation as a foundational technology in their respective security architectures to meet with FISMA, NIST, DHS, and OMB cyber risk mandates. These mandates require organizations to identify high-value assets (HVA), map dependencies across applications and workloads, and take steps to reduce the attack surface via segmentation.

The Illumio Adaptive Security Platform^®  prevents the spread of breaches by delivering real-time application dependency mapping and micro-segmentation. Federal and public sector organizations use Illumio to protect critical applications by disrupting the lateral movement of bad actors inside data centers and cloud environments.

Benefits

Deploy A Zero Trust security strategy

Enable micro-segmentation with orchestration and analytics to protect critical systems from lateral movement attacks.

• Gain real-time visibility into connections and flow across high-value applications and systems and understand the attack surface
• Create micro-segmentation policies that follow the workload
• Continuously detect for change, unauthorized connection attempts, and policy deviations
• Integrate with third-party SIEM and orchestration tools to automate security operations workflows

Isolate protected systems for compliance and risk management

Address risk from flat networks and segment to comply with OMB, DHS, and other regulatory mandates to isolate protected data.

• Validate the scope of covered systems
• Create rules to detect anomalous behavior and unauthorized and failed connections
• Avoid breaking applications via policy modeling and targeted monitoring with visual feedback
• Enable queries and reports for compliance audits and security investigations
• Comply with federal certification and reporting requirements:
  • FIPS 140-2 third-party affirmation letters
  • Common Criteria certification
  • Approved Products List for the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) Program

Improve vulnerability and patch management

Overlay third-party vulnerability scan data with an application dependency map to identify an attacker’s potential pathways.

• Prioritize patching strategy
• Use micro-segmentation as a compensating control
• Avoid breaking applications by applying the right level of micro-segmentation

Secure heterogeneous compute environments

Deliver a single control plane for architecting and operationalizing security across microperimeters.

• Create micro-segmentation policies across bare-metal, virtual machines, clouds, containers, load balancers, and switches
• Program the custom level of micro-segmentation granularity—from environmental separation (coarse-grained) to process-level control (fine-grained)

Activate enforcement points that you already have

Avoid the cost and complexity of re-architecting your networking backbone and introducing more networking/software-defined networking and data center firewalls resources.

• Program the existing host-based stateful firewalls in every workload (with no kernel modifications), programming ACLs into bare-metal, virtual machines, load balancers, existing switches, and public cloud security groups
• Enforce data-in-motion encryption by programming IPsec connectivity between Linux or Windows workloads without requiring changes or an upgrade to the network infrastructure
• Secure enterprise Microsoft applications with out-of-the-box segmentation templates