Illumio has developed adaptive micro-segmentation technology that stops the spread of cyber threats inside any data center and cloud.
“We just kept coming back to the idea that it shouldn’t be so hard to proactively stop threats inside data centers and as technologists we had the opportunity to solve it – so we did.”
– PJ Kirner

Chief Technology Officer and Founder of Illumio

Founders Andres Rubin and PJ Kirner

Illumio founders, PJ Kirner and Andrew Rubin 

WHY RE-INVENT SEGMENTATION?

Segmentation is the best way to prevent the spread of threats inside data centers and cloud environments. Traditional network segmentation, well understood by security and infrastructure teams, was designed to subdivide the network into smaller network segments through VLANS, subnets, and zones. Although these constructs can provide some isolation, their primary function is to boost network performance and requires control of the infrastructure, which is often a challenge in the public cloud.

In contrast, Illumio’s adaptive micro-segmentation technology enforces security policies – what should and should not be allowed to communicate among various points on the network – by filtering traffic. If networking supports how things can communicate, security dictates if they should.

WHAT DOES ADAPTIVE micro-SEGMENTATION GIVE YOU?

SEGMENTATION YOUR WAY

Illumio’s adaptive micro-segmentation technology lets you choose the level of segmentation that is right for your environment. We offer the widest range of segmentation options available without all the manual work normally associated with traditional segmentation.

 Range of Adaptive Segmentation

 

ELIMINATE THE USUAL HEADACHES OF SEGMENTATION

With Illumio, you set up segmentation policies once and then they:

  • Work seamlessly between your data center and the public cloud.
  • Automatically stay in place as your applications move between environments and locations, or auto-scale up/down.

With the Illumio Policy Compute Engine (PCE) managing segmentation enforcement, your rule management overhead is eliminated for internal data center and cloud security.

  • Morgan Stanley reduced their firewall rules by 90 percent with Illumio.
  • Another Illumio customer reduced 15,000 firewall rules to 40 security policies.

BEYOND NETWORK VISIBILITY: THE FIRST STEP IN YOUR SEGMENTATION STRATEGY

Many vendors in the security industry offer greater "visibility" to your network. Illumio uniquely provides a live application dependency map across your environments showing workloads, applications, and traffic flows so you can see how applications communicate and identify violations quickly. It provides a foundation for creating the right segmentation strategy. 

HOW IS ADAPTIVE MICRO-SEGMENTATION DIFFERENT?

Imagine that a firewall already exists in front of every server, virtual machine, container, or network port in your data center and you could manage all of them simply and automatically at scale. That is what adaptive micro-segmentation provides. 

Illumio’s PCE – think about it as a central "brain" – activates and manages enforcement capabilities in assets that already exist in your data center and cloud without adding additional hardware or software chokepoints that impact performance and increase complexity. Illumio delivers the right segmentation capabilities, from coarse-grain to granular, without adding any new hardware or any dependency on the network or hypervisor. Once your segmentation strategy is in place (we let you model and test it), the PCE ensures that your security policies always stay in place – regardless of any changes in your computing environments.

Deep dive into the Illumio architecture. 

Workloads Graphic

As you plan and continue to manage your segmentation strategy, not only can you see what is communicating (and what shouldn’t be), we also give you the ability to simply click on the map to enforce or remove a policy. No knowledge of underlying network topology needed.

Using Illumio, enterprises such as Morgan Stanley, Workday, JPMorgan Chase & Co., Plantronics, Salesforce, King Entertainment, NetSuite, Oak Hill Advisors, and Creative Artists Agency have achieved protection from lateral threats inside their data centers and cloud environments.

platform-image-right

EXTENDING ADAPTIVE SECURITY TO F5 BIG-IP

Illumio ASP extends adaptive security to more enforcement points, using what you already have—including F5 BIG-IP Local Traffic Manager (LTM). The integration with F5 BIG-IP LTM enables dynamic programming of ACLs on the F5 BIG-IP based on application changes (e.g., scale out). You get greater value from your IT investments and achieve application segmentation across your F5 BIG-IP LTMs.

platform_feature_graphic_v1.jpg