Zero Trust


What is Zero Trust?

“Zero Trust” is all in the name. Zero Trust eliminates automatic access for any source – internal or external – and assumes that internal network traffic cannot be trusted without prior authorization. As operating models evolve with more employees working remotely, the need for a holistic Zero Trust approach is even more urgent.

To guide organizations in their journey, Forrester Research developed the Zero Trust eXtended (ZTX) framework, comprised of seven components of an enterprise ecosystem where Zero Trust principles should be applied.

ZeroTrust_Diagram

Forrester recently concluded that Zero Trust can reduce an organization’s risk exposure by 37% or more. But it also found that organizations deploying Zero Trust can reduce security costs by 31% and realize millions of dollars in savings in their overall IT security budgets.”

Your Zero Trust Strategy and Micro-Segmentation

Focusing primarily on perimeter security and firewalls is no longer enough. Many organizations are now adopting the Zero Trust security mindset of “never trust, always verify” to segment internal networks and prevent the spread of breaches. As users move steadily off the campus network to a distributed work-from-home model, this principle must be extended to endpoints to reduce the attack surface.

Number 1

Trust nothing inside or outside your perimeter, on or off your network.

Number 2

Verify everything – every user and every device – that tries to connect to your systems and applications.

Number 3

Anticipate breach and focus on preventing ransomware and bad actors from moving laterally inside environments.

This approach shifts the conversation to containment and remediation, with a focus on preventing lateral movement between endpoints, between users and data center applications, and inside your data center and cloud environments. 

As a result, micro-segmentation – a security control to stop attacker lateral movement – has become a foundational component for Zero Trust.
 

“Worms such as WannaCry and NotPetya rely on lateral movement to escalate a containable nuisance to a cataclysmic attack. Microsegmentation and focused granular internal controls mitigate this problem and must be deployed as part of a Zero Trust strategy.” – Forrester Research

 

 

Beyond the Hype: Conversations on Mobilizing Zero Trust – featuring Chase Cunningham,
Forrester principal analyst serving security & risk professionals

 

Forrester logo transparent

Illumio is a Leader in
The Forrester Wave:
Zero Trust eXtended Ecosystem Platform Providers, Q4 2019

Receives highest score in current offering

How Illumio Aligns with the ZTX Framework




Data

Network

Workloads

People

Devices

Visibility and Analytics

Automation and Orchestration

Manageability and Usability

APIs

Data Security

The Zero Trust eXtended (ZTX) framework helps you understand how a solution enables data isolation, encryption, and control.

Illumio’s capabilities include:

  • Secure data and application with microperimeters
  • Security follows the data – anywhere
  • Protection for data in transit

Network Security

The Zero Trust eXtended (ZTX) framework helps you understand how a solution enables the principles of network isolation, segmentation, and security.

Illumio’s capabilities include:

  • Default-deny segmentation
  • Informed, granular policy design and testing
  • Infrastructure-agnostic enforcement
  • Violation alerts

Workload Security

The Zero Trust eXtended (ZTX) framework helps you understand how a solution secures the applications and workloads you use to operate your business.  

Illumio’s capabilities include:

  • Granular policy control at massive scale
  • Process-level enforcement
  • Security follows the workload – anywhere
  • Simplified deployment

People

The Zero Trust eXtended (ZTX) framework helps you understand how a solution ensures that people only have access to what they’re entitled to in and across your network and business infrastructure.

Illumio’s capabilities include:

  • User-based segmentation
  • Remote access control
  • Lateral movement prevention

Devices

The Zero Trust eXtended (ZTX) framework helps you understand how a solution secures the devices connected to your network. Illumio’s capabilities include:

  • Device-level segmentation
  • Unknown device detection
  • Device quarantine
  • Authenticate machine identity with PKI certificate

With Illumio Edge:  

  • Whitelist peer-to-peer application connections across endpoints laptops 
  • Complement endpoint detection and response (EDR) and endpoint protection platform (EPP) solutions with default containment, even prior to detection 
  • Support dynamic and network-location aware endpoint segmentation 

Visibility and Analytics

The Zero Trust eXtended (ZTX) framework helps you understand how a solution can eliminate the blind spots inside and across high-value systems and infrastructure. 

Illumio’s capabilities include:

  • Live visibility across environments
  • Painless discovery and classification
  • Thorough auditing

Automation and Orchestration

The Zero Trust eXtended (ZTX) framework helps you understand how a solution enables you to automate and orchestrate IT operations and security processes across heterogenous environments.

Illumio integrates with:

  • Orchestration tools – Chef, Puppet, and Ansible
  • Container platform orchestration – Red Hat OpenShift, Kubernetes, and Docker
  • CMDBs – ServiceNow CMDB and BMC Remedy
  • SIEM and security analytics – Splunk and IBM QRadar
  • Vulnerability management tools – Qualys, Tenable, and Rapid7
  • Public cloud tools – AWS Cloud Formation, AWS GuardDuty, Azure and AWS flow logs
  • Open source integrations including AWS or Azure flow logs

In addition, Illumio has demonstrated visibility and segmentation at scale – over 200,000 OS instances.

Manageability and Usability

The Zero Trust eXtended (ZTX) framework helps you understand the importance of ease of use and manageability for achieving Zero Trust.

Illumio’s capabilities include:

  • Fast time to Zero Trust – segment your environments in hours to days.
  • Leverage existing investments, including host firewalls, switches, and load balancers, to enforce segmentation across legacy and hybrid systems.
  • Enable application owners to create and update policies at scale using natural language.
  • Streamlined firewall change management process.
  • Enterprise-level RBAC to ensure segregation of duties across policy owners, provisioners, security ops, compliance, and auditors.
  • Integration with leading security tools to automate and orchestrate security workflows such as incident response, remediation, and vulnerability management.

APIs

The Zero Trust eXtended (ZTX) framework helps you understand how a solution leverages APIs to enable Zero Trust policy creation and enforcement across the enterprise.

Illumio's well-documented REST APIs support integration with a wide set of orchestration tools including:

  • OneOps
  • Chef
  • Puppet
  • Jenkins
  • Docker
  • OpenStack Heat/Murano

Illumio API documentation can be found here.

Data

Data Security

The Zero Trust eXtended (ZTX) framework helps you understand how a solution enables data isolation, encryption, and control.

Illumio’s capabilities include:

  • Secure data and application with microperimeters
  • Security follows the data – anywhere
  • Protection for data in transit

Network

Network Security

The Zero Trust eXtended (ZTX) framework helps you understand how a solution enables the principles of network isolation, segmentation, and security.

Illumio’s capabilities include:

  • Default-deny segmentation
  • Informed, granular policy design and testing
  • Infrastructure-agnostic enforcement
  • Violation alerts

Workloads

Workload Security

The Zero Trust eXtended (ZTX) framework helps you understand how a solution secures the applications and workloads you use to operate your business.  

Illumio’s capabilities include:

  • Granular policy control at massive scale
  • Process-level enforcement
  • Security follows the workload – anywhere
  • Simplified deployment

People

People

The Zero Trust eXtended (ZTX) framework helps you understand how a solution ensures that people only have access to what they’re entitled to in and across your network and business infrastructure.

Illumio’s capabilities include:

  • User-based segmentation
  • Remote access control
  • Lateral movement prevention

Devices

Devices

The Zero Trust eXtended (ZTX) framework helps you understand how a solution secures the devices connected to your network. Illumio’s capabilities include:

  • Device-level segmentation
  • Unknown device detection
  • Device quarantine
  • Authenticate machine identity with PKI certificate

With Illumio Edge:  

  • Whitelist peer-to-peer application connections across endpoints laptops 
  • Complement endpoint detection and response (EDR) and endpoint protection platform (EPP) solutions with default containment, even prior to detection 
  • Support dynamic and network-location aware endpoint segmentation 

Visibility and Analytics

Visibility and Analytics

The Zero Trust eXtended (ZTX) framework helps you understand how a solution can eliminate the blind spots inside and across high-value systems and infrastructure. 

Illumio’s capabilities include:

  • Live visibility across environments
  • Painless discovery and classification
  • Thorough auditing

Automation and Orchestration

Automation and Orchestration

The Zero Trust eXtended (ZTX) framework helps you understand how a solution enables you to automate and orchestrate IT operations and security processes across heterogenous environments.

Illumio integrates with:

  • Orchestration tools – Chef, Puppet, and Ansible
  • Container platform orchestration – Red Hat OpenShift, Kubernetes, and Docker
  • CMDBs – ServiceNow CMDB and BMC Remedy
  • SIEM and security analytics – Splunk and IBM QRadar
  • Vulnerability management tools – Qualys, Tenable, and Rapid7
  • Public cloud tools – AWS Cloud Formation, AWS GuardDuty, Azure and AWS flow logs
  • Open source integrations including AWS or Azure flow logs

In addition, Illumio has demonstrated visibility and segmentation at scale – over 200,000 OS instances.

Manageability and Usability

Manageability and Usability

The Zero Trust eXtended (ZTX) framework helps you understand the importance of ease of use and manageability for achieving Zero Trust.

Illumio’s capabilities include:

  • Fast time to Zero Trust – segment your environments in hours to days.
  • Leverage existing investments, including host firewalls, switches, and load balancers, to enforce segmentation across legacy and hybrid systems.
  • Enable application owners to create and update policies at scale using natural language.
  • Streamlined firewall change management process.
  • Enterprise-level RBAC to ensure segregation of duties across policy owners, provisioners, security ops, compliance, and auditors.
  • Integration with leading security tools to automate and orchestrate security workflows such as incident response, remediation, and vulnerability management.

APIs

APIs

The Zero Trust eXtended (ZTX) framework helps you understand how a solution leverages APIs to enable Zero Trust policy creation and enforcement across the enterprise.

Illumio's well-documented REST APIs support integration with a wide set of orchestration tools including:

  • OneOps
  • Chef
  • Puppet
  • Jenkins
  • Docker
  • OpenStack Heat/Murano

Illumio API documentation can be found here.

5 Practical Steps to Enable Zero Trust Security with Illumio ASP

  1. Use a real-time map to identify your high-value systems, connections, and dependencies

    Gaining deep visibility into users, devices, applications, and more is a critical first step of Zero Trust. Illumio ASP enables you to identify and visualize high-value systems and critical applications with an interactive, real-time map.

    • Map the connections and flows of sensitive data across networks, workloads, and applications. 
    • Use the insights you gain from application dependency mapping to break down organizational silos and engage business and IT stakeholders and application owners in designing Zero Trust microperimeters.
  2. Architect and test your Zero Trust security policies

    Zero Trust requires coordinating policies governing all of your internal defenses. Illumio ASP allows you to model and test those policies to ensure security and business continuity once it’s enforcement time.

    • Architect the optimal micro-segmentation strategy for Zero Trust security.
    • Visualize and test policies before enforcement without breaking applications.
    • Select and apply the right level of segmentation across heterogeneous compute environments.
  3. Enforce Zero Trust with segmentation that's decoupled from your network

    Effective segmentation is a core capability of Zero Trust. The key to segmenting down to a microperimeter level and maintaining policy consistently across your heterogenous environments? Decouple segmentation from your network and underlying infrastructure for a fast, safe, and effective approach to Zero Trust segmentation.

    • Use a whitelisting model to define the authorized connections between workloads and ensure policy implementation is always default-deny.
    • Ensure security policies always follow the workloads and adapt as the workload environment changes.
    • Secure data in transit without requiring any changes or upgrade to the existing network infrastructure.
  4. Use vulnerability mapping for a risk-based approach to patching

    Zero Trust is aimed at reducing your organization’s risk exposure. Illumio can help security teams prioritize patching strategies with a vulnerability map that enables you to measure – and mitigate – the risk and exposure of unpatched vulnerabilities.

    • Overlay third-party vulnerability scan data with the application dependency map to visualize and identify an attacker’s potential pathways.
    • Identify highest-risk workloads and applications based on vulnerability and East-West exposure and prioritize patching accordingly.
    • Use segmentation as a compensating control for open vulnerabilities when patching is not possible.
  5. Orchestrate IT operations and security processes to accelerate remediation and recovery

    Automation and orchestration are key components of Zero Trust. Illumio publishes and maintains a rich set of REST APIs so you can interface with Illumio ASP and orchestrate IT operations, security incident responses, and security operations workflows.

    • Integration with orchestration tools bakes in security in the provisioning and remediation process.
    • Quickly identify orphaned and mislabeled workloads to clean up configuration management databases (CMDBs).
    • Integration with security information and event management (SIEM) tools to orchestrate a security incident response.
October 16, 2019

“We did a security audit due to HIPAA. When we saw how much was involved in setting up traditional firewalls between our applications/servers...we discovered micro-segmentation. Illumio was by far the best choice."

Read More

Try Illumio Edge

Swag Request

Try Illumio ASP