Organizations are realizing that focusing primarily on perimeter security doesn’t prevent breaches. To address this, they are adopting a Zero Trust mindset of “trust never, verify always.” Assuming the perimeter has already been breached (“assume breach”), the focus is on how to prevent a bad actor from moving laterally inside their environments. This mindset shifts the conversation from detection and prevention to containment and remediation. Micro-segmentation is a foundational component for Zero Trust security.
The Illumio Adaptive Security Platform® (ASP) prevents the spread of breaches by delivering real-time application dependency mapping and micro-segmentation. Enterprises use Illumio as the foundational component of their Zero Trust strategy.
PRACTICAL STEPS TO ENABLE ZERO TRUST SECURITY
STEP 1: Identify high-value systems, connections, and dependencies
Gaining visibility is a critical first step of Zero Trust. Illumio ASP enables you to identify high-value systems and to visualize relations and connections in real time.
- Identify and map the connections and flows of sensitive data across networks, workloads, and applications
- Use the insights you gain from application dependency mapping to break down organizational silos and engage business and IT stakeholders and application owners in designing Zero Trust microperimeters
STEP 2: Architect and test Zero Trust security policies
Customers use Illumio ASP to architect, test, and enforce policies without breaking applications.
- Architect the optimal micro-segmentation strategy for Zero Trust security
- Visualize and test policies before enforcement without breaking applications
- Select and apply the right level of segmentation across heterogeneous compute environments
STEP 3: Enforce Zero Trust security, in real time, with micro-segmentation
Illumio ASP uses a whitelisting (default-deny) model to define the authorized connections and flows across workloads in a heterogeneous compute environment. Illumio ASP programs each workload’s native stateful firewalls to enforce Zero Trust policy. The Policy Compute Engine automatically recalculates the applicable firewall rules as a workload’s contextual environment changes.
- Program the optimal Layer 3/Layer 4 firewalls for each workload, access control lists (ACLs) for load balancers and switches, and security groups public cloud instances
- Ensure security policies always follow the workloads and adapt as the workload environment changes, including autoscaling, application migration, or the discovery of a new vulnerability
- Secure data in transit without requiring any changes or upgrade to the existing network infrastructure with SecureConnect
STEP 4: Use vulnerability mapping to prioritize patching and mitigate the risk of unpatched vulnerabilities
Illumio ASP can be employed to contain or disrupt lateral movement attack techniques by helping security teams prioritize their patching strategies. In instances in which patching is not an option, micro-segmentation can be employed as a compensating control.
- Overlay third-party vulnerability scan data with the application dependency map to visualize and identify an attacker’s potential pathways
- Identify highest-risk workloads and applications based on vulnerability and East-West exposure and prioritize patching accordingly
- Use micro-segmentation as a compensating control for open vulnerabilities when patching is not possible
STEP 5: Orchestrate IT operations and security processes to accelerate remediation and recovery
Illumio publishes and maintains a rich set of Representational State Transfer (REST) APIs so you can interface with Illumio ASP and orchestrate IT operations, security incident responses, and security operations workflows.
- Integration with orchestration tools bakes in security in the provisioning and remediation process
- Quickly identify orphaned and mislabeled workloads to clean up configuration management databases (CMDBs)
- Integration with security information and event management (SIEM) tools to orchestrate a security incident response