Federal Solutions header image

FEDERAL GOVERNMENT & PUBLIC SECTOR

Federal and public sector IT leaders are adopting Zero Trust or least-privilege security strategies and deploying micro-segmentation as a foundational component in order to keep up with FISMA, NIST, DHS, and OMB mandates to identify their high value assets (HVA), map their dependencies, and take steps to reduce the attack surface via segmentation.

challenge

Government mandates and guidelines such as DHS Binding Operational Directive 16-01 and OMB Memorandum M-17-09 require government IT leaders to identify their HVAs so that they can better understand their risk and vulnerability, and then take steps to reduce their attack surface. To effectively secure HVAs, agencies need to be aware of and have a plan for addressing the following challenges:

  • Applications likely run on a combination of legacy infrastructure and new forms of compute and possibly even reside in GovCloud.
  • Overheads that stem from managing and scaling VLANs, subnets, and firewall rules.

Solution

To effectively secure HVAs, government IT leaders are shifting their mindset from detection and prevention to containment and remediation – also known as cyber resiliency. The focus is on limiting the ability of bad actors to take advantage of compromised hosts as entry points to traversing the internal network and reaching HVAs. Adopting a Zero Trust security architecture and using micro-segmentation as a foundational component is quickly becoming good hygiene.

The Illumio Adaptive Security Platform® (ASP) offers federal and public sector agencies the following benefits:

 

Effectively execute Zero Trust security strategy

Illumio ASP delivers micro-segmentation as a foundation of Zero Trust security:

Learn more:

Use native enforcement points to mitigate cost and management overheads

Illumio ASP enables federal and public sector agencies to use existing infrastructure investments to meet compliance regimens instead of re-architecting environments and introducing more networking infrastructure. By programming the Layer 3/Layer 4 stateful firewalls native to each host OS, you can eliminate cost and management overhead.

Illumio ASP optimizes policies and programs rules for the following enforcement points:

  • Layer 3/Layer 4 firewalls in the host OS – Windows Filtering Platform (WFP) for Windows, iptables for Linux, and IPFILTER for AIX/Solaris.
  • Programs ACLs for:
    • Load balancers (F5) and switches (Arista)
    • Containerized hosts
    • Cloud security groups (AWS Security Groups and Azure Security Groups)
  • SecureConnect programs IPSec connectivity between Linux or Windows workloads to enable secure, encrypted communications without requiring any changes or upgrades to your existing network infrastructure across private data centers or public clouds (AWS, Azure, Google Cloud, Rackspace).

Learn more:

How to Build a Micro-Segmentation Strategy

How to Build a

MICRO-SEGMENTATION STRATEGY 

Use this guide to create a rock-solid micro-segmentation strategy in only five steps.

Get the guide »