PCI compliance


Segmentation is central to PCI compliance, but meeting PCI segmentation requirements for dynamic environments can be very challenging with static visualization and manual network-based segmentation. This can be particularly challenging for organizations aiming to comply with PCI-DSS 3.2’s new segmentation requirements by the February 1, 2018 deadline.


Illumio offers an alternative with real-time application dependency mapping and adaptive micro-segmentation.


See What's Communicating

The Adaptive Security Platform® (ASP) shows you what systems and communications are part of your CDE in real time. This is an essential first step toward meeting PCI’s connectivity and data flow mapping requirements (PCI 1.1.2, 1.1.3). It also enables organizations to quickly and accurately scope their CDE as required by the PCI-DSS 3.2 revision, meeting PCI requirements and minimizing their audit exposure at the same time.

  • Application and process-aware visibility means you can easily group applications and understand where your PCI data travels – whether in the cloud or your data center.


PCI Environment Illumination

Identify and Solve Compliance Challenges with Explorer

Undiscovered compliance challenges, like an unknown communication into your PCI environment, can slow or stop your audit. Illumio Explorer lets you identify problems before the audit start, and speed the audit along once it gets going. This saves your team time and money.

  • Illumio Explorer lets you quickly find every system connected to your PCI environment and identify what port, process, and protocol it is using so you can identify the connection and validate it.


Control Access and Scope Your PCI Environment With Micro-Segmentation

One of the biggest changes in PCI-DSS 3.2 is the increased focus on scoping the PCI environment to reduce compliance burden. Scoping your environment using traditional network segmentation tools can be challenging – especially if you want to take advantage of modern cloud and container technologies. Illumio’s host-based micro-segmentation lets you secure your PCI environment wherever it lives.

  • Only host-based micro-segmentation will work in the cloud, in your data center, and on bare-metal servers, virtual machines, and containers.

Encrypt PCI Traffic with a Single Click

PCI requires that any PCI traffic that transits a “public, open network” be encrypted. Many organizations today have applications spread between multiple data centers and cloud deployments. Illumio SecureConnect encrypts your PCI traffic when it runs over public networks with a single click.

  • Save time and avoid mistakes by using Illumio SecureConnect. Instantly encrypt PCI traffic with industry-standard security without certificate management or lengthy, complex setups.


Show PCI Compliance

PCI requires that you validate your firewall rule sets, and review them at least every six months (PCI 1.1.6, 1.1.7). This can be slow and costly for organizations with many firewall rules. Illumio micro-segmentation simplifies your rule sets so you can save your team time and simplify your audits.

  • Review and validate firewall permissions in minutes instead of hours.
  • Using Explorer, generate one-click compliance reports that pull together all your segmentation details for your auditor – saving your team time and speeding up your audit.


  • Real-time visibility into all the systems and communications within your CDE.
  • Identify compliance challenges before your audit using Explorer.
  • Scope your CDE to reduce the burden of your audit requirements, even in dynamic, distributed PCI environments.
  • Generate compliance data in minutes that demonstrates the communications and segmentation of your CDE.
  • One-click IPsec encryption of communications within your CDE and with external systems to comply with PCI security controls using Illumio SecureConnect.
Scope Your PCI Environment Using Micro-Segmentation

How To


Breaking down the three steps for quick, accurate PCI scoping—and the most valuable capabilities you need for each step.

Get the white paper »