The Leader in Micro-Segmentation: Illumio

Segmentation is the best way to prevent the spread of breaches inside data centers and cloud environments. Traditional network segmentation, well understood by security and infrastructure teams, was designed to subdivide the network into smaller network segments through VLANs, subnets, and zones. Although these constructs can provide some isolation, their primary function is to boost network performance and requires control of the infrastructure, which is often a challenge in the public cloud.

In contrast, Illumio’s adaptive micro-segmentation technology enforces security policies – what should and should not be allowed to communicate among various points on the network – by filtering traffic. If networking supports how things can communicate, security dictates if they should.

Illumio’s adaptive micro-segmentation technology lets you choose the level of segmentation that is right for your environment. It offers the widest range of segmentation options available without all the manual work normally associated with traditional segmentation.

Eliminate the Usual Headaches of Segmentation

With Illumio, you set up segmentation policies once and then them:

• Work seamlessly between your data center and the public cloud.
• Automatically stay in place as your applications move between environments and locations, or auto-scale up/down.

With the Illumio Policy Compute Engine (PCE) managing segmentation enforcement, your rule management overhead is eliminated for internal data center and cloud security.

• Morgan Stanley reduced their firewall rules by 90 percent with Illumio.
• Another Illumio customer reduced 15,000 firewall rules to 40 security policies.

Beyond Network Visibility: The First Step In Your Micro-Segmentation Strategy

Many vendors in the security industry offer greater "visibility" to your network. Illumio uniquely provides real-time application dependency and vulnerability maps across all your data center and cloud environments showing traffic flows, and which applications are connecting to vulnerable ports. This real-time visibility provides a foundation for creating the ideal micro-segmentation strategy. 

How Is Adaptive Micro-Segmentation Different?

Imagine that a firewall already exists in front of every server, virtual machine, container, or network port in your data center and you could manage all of them simply and automatically at scale. That is what adaptive micro-segmentation provides. 

Illumio’s PCE – think about it as a central "brain" – activates and manages enforcement capabilities in assets that already exist in your data center and the cloud without adding additional hardware or software chokepoints that impact performance and increase complexity. Illumio delivers the right segmentation capabilities, from coarse-grain to granular, without adding any new hardware or any dependency on the network or hypervisor. Once your segmentation strategy is in place (it let you model and test it), the PCE ensures that your security policies always stay in place – regardless of any changes in your computing environments.

Deep Dive into the Illumio Architecture

As you plan and continue to manage your segmentation strategy, not only can you see what is communicating (and what shouldn’t be), it also gives you the ability to simply click on the map to enforce or remove a policy. No knowledge of underlying network topology needed.

Using Illumio, enterprises such as Morgan Stanley, Salesforce, BNP Paribas, Plantronics, NetSuite, Oak Hill Advisors, and Creative Artists Agency have achieved protection from the spread of breaches inside their data centers and cloud environments.

Illumio Solutions

The Illumio Adaptive Security Platform^® (ASP) helps you prevent the spread of breaches and achieve regulatory compliance through real-time application dependency mapping and adaptive micro-segmentation that works in any data center and cloud environment (Azure, AWS, Google Compute). Below are the primary ways customers use Illumio.

• Application Micro-Segmentation: Secure your most valuable applications and data in minutes versus days or weeks – within or across any data center or public cloud.
• Environmental Segmentation: Address challenges of separating and securing environments without impact or dependencies on the network or underlying infrastructure.
• User Segmentation: Dynamically enforce user connectivity to applications so users can only see the applications they’re authorized to access.
• Nano-Segmentation: Create and enforce an adaptive segmentation policy tied to a specific process to secure dynamic applications without compromising functionality or protection.
• Map Application Dependencies: Visualize relationships across your application environment to better understand risk and improve adaptive segmentation policy creation.
• Secure A New Data Center: Bypass the restrictions, complexity, and expense of legacy segmentation solutions with adaptive segmentation that meets your requirements for security and agility.
• Securely Move To Public Cloud: Create an adaptive segmentation policy that moves with your applications to any data center or cloud infrastructure.
• Secure Microsoft Applications: Illumio Segmentation Templates allow your Domain Controller team to secure your Active Directory environment and find the balance between security and application functionality.
• Federal Solutions: Use adaptive segmentation and application dependency mapping to protect federal agencies.
• Swift Security Program Compliance: Use real-time visibility, adaptive segmentation, and simplified reporting to ensure compliance with the SWIFT Customer Security Program (CSP).
• PCI Compliance: Secure your PCI environment and comply with scoping and segmentation requirements using host-based adaptive micro-segmentation and real-time application dependency mapping.
• Hitrust CSF Compliance: Secure your ePHI environment and comply with the HITRUST Common Security Framework (CSF) using adaptive micro-segmentation and real-time application dependency mapping, including one-click encryption and reporting.

PJ Kirner, Chief Technology Officer and Founder of Illumio:

We just kept coming back to the idea that it shouldn’t be so hard to prevent the spread of breaches inside data centers and as technologists, we had the opportunity to solve it – so we did.

The Leader Behind The Success

Andrew Rubin, CEO, and Founder: As a chief executive officer and founder, Andrew is responsible for the overall strategy, vision, and funding of Illumio. With expertise in the areas of network security and compliance management, Andrew is a frequent participant in panels, articles, and podcasts for leading industry events and publications. Goldman Sachs has named Andrew as one of the "100 Most Intriguing Entrepreneurs" in 2015, 2016, and 2017 as part of the Builders & Innovators program.

Prior to Illumio, Andrew was president of Cymtec and led Business Development for VoiceNet, where he was responsible for sales strategy, business development activities, and customer relationship management. Andrew graduated from Washington University in St. Louis with a BSBA in Finance.