Segmentation is the best way to prevent the spread of breaches inside data centers and cloud environments. Traditional network segmentation, well understood by security and infrastructure teams, was designed to subdivide the network into smaller network segments through VLANs, subnets, and zones. Although these constructs can provide some isolation, their primary function is to boost network performance and requires control of the infrastructure, which is often a challenge in the public cloud.
In contrast, Illumio’s adaptive micro-segmentation technology enforces security policies – what should and should not be allowed to communicate among various points on the network – by filtering traffic. If networking supports how things can communicate, security dictates if they should.
Illumio’s adaptive micro-segmentation technology lets you choose the level of segmentation that is right for your environment. We offer the widest range of segmentation options available without all the manual work normally associated with traditional segmentation.
With Illumio, you set up segmentation policies once and then they:
With the Illumio Policy Compute Engine (PCE) managing segmentation enforcement, your rule management overhead is eliminated for internal data center and cloud security.
Many vendors in the security industry offer greater "visibility" to your network. Illumio uniquely provides real-time application dependency and vulnerability maps across all your data center and cloud environments showing traffic flows, and which applications are connecting to vulnerable ports. This real-time visibility provides a foundation for creating the ideal micro-segmentation strategy.
Imagine that a firewall already exists in front of every server, virtual machine, container, or network port in your data center and you could manage all of them simply and automatically at scale. That is what adaptive micro-segmentation provides.
Illumio’s PCE – think about it as a central "brain" – activates and manages enforcement capabilities in assets that already exist in your data center and cloud without adding additional hardware or software chokepoints that impact performance and increase complexity. Illumio delivers the right segmentation capabilities, from coarse-grain to granular, without adding any new hardware or any dependency on the network or hypervisor. Once your segmentation strategy is in place (we let you model and test it), the PCE ensures that your security policies always stay in place – regardless of any changes in your computing environments. The PCE is highly resilient and scalable to accommodate hundreds of thousands of workloads, with the ability to federate policies across multiple PCEs in a single administrative domain.
As you plan and continue to manage your segmentation strategy, not only can you see what is communicating (and what shouldn’t be), we also give you the ability to simply click on the map to enforce or remove a policy. No knowledge of underlying network topology needed.
Using Illumio, enterprises such as Morgan Stanley, Salesforce, BNP Paribas, Plantronics, NetSuite, Oak Hill Advisors, and Creative Artists Agency have achieved protection from the spread of breaches inside their data centers and cloud environments.
Illumio ASP extends adaptive security to more enforcement points, using what you already have—including F5 BIG-IP Local Traffic Manager (LTM). The integration with F5 BIG-IP LTM enables dynamic programming of ACLs on the F5 BIG-IP based on application changes (e.g., scale out). You get greater value from your IT investments and achieve application segmentation across your F5 BIG-IP LTMs.