Segmentation is the best way to prevent the spread of breaches inside data centers and cloud environments. Traditional network segmentation, well understood by security and infrastructure teams, was designed to subdivide the network into smaller network segments through VLANs, subnets, and zones. Although these constructs can provide some isolation, their primary function is to boost network performance and requires control of the infrastructure, which is often a challenge in the public cloud.
In contrast, Illumio’s adaptive micro-segmentation technology enforces security policies – what should and should not be allowed to communicate among various points on the network – by filtering traffic. If networking supports how things can communicate, security dictates if they should.
Illumio’s adaptive micro-segmentation technology lets you choose the level of segmentation that is right for your environment. It offers the widest range of segmentation options available without all the manual work normally associated with traditional segmentation.
Eliminate the Usual Headaches of Segmentation
With Illumio, you set up segmentation policies once and then them:
With the Illumio Policy Compute Engine (PCE) managing segmentation enforcement, your rule management overhead is eliminated for internal data center and cloud security.
Beyond Network Visibility: The First Step In Your Micro-Segmentation Strategy
Many vendors in the security industry offer greater "visibility" to your network. Illumio uniquely provides real-time application dependency and vulnerability maps across all your data center and cloud environments showing traffic flows, and which applications are connecting to vulnerable ports. This real-time visibility provides a foundation for creating the ideal micro-segmentation strategy.
How Is Adaptive Micro-Segmentation Different?
Imagine that a firewall already exists in front of every server, virtual machine, container, or network port in your data center and you could manage all of them simply and automatically at scale. That is what adaptive micro-segmentation provides.
Illumio’s PCE – think about it as a central "brain" – activates and manages enforcement capabilities in assets that already exist in your data center and the cloud without adding additional hardware or software chokepoints that impact performance and increase complexity. Illumio delivers the right segmentation capabilities, from coarse-grain to granular, without adding any new hardware or any dependency on the network or hypervisor. Once your segmentation strategy is in place (it let you model and test it), the PCE ensures that your security policies always stay in place – regardless of any changes in your computing environments.
Deep Dive into the Illumio Architecture
As you plan and continue to manage your segmentation strategy, not only can you see what is communicating (and what shouldn’t be), it also gives you the ability to simply click on the map to enforce or remove a policy. No knowledge of underlying network topology needed.
Using Illumio, enterprises such as Morgan Stanley, Salesforce, BNP Paribas, Plantronics, NetSuite, Oak Hill Advisors, and Creative Artists Agency have achieved protection from the spread of breaches inside their data centers and cloud environments.
The Illumio Adaptive Security Platform® (ASP) helps you prevent the spread of breaches and achieve regulatory compliance through real-time application dependency mapping and adaptive micro-segmentation that works in any data center and cloud environment (Azure, AWS, Google Compute). Below are the primary ways customers use Illumio.
PJ Kirner, Chief Technology Officer and Founder of Illumio:
We just kept coming back to the idea that it shouldn’t be so hard to prevent the spread of breaches inside data centers and as technologists, we had the opportunity to solve it – so we did.
The Leader Behind The Success
Andrew Rubin, CEO, and Founder: As a chief executive officer and founder, Andrew is responsible for the overall strategy, vision, and funding of Illumio. With expertise in the areas of network security and compliance management, Andrew is a frequent participant in panels, articles, and podcasts for leading industry events and publications. Goldman Sachs has named Andrew as one of the "100 Most Intriguing Entrepreneurs" in 2015, 2016, and 2017 as part of the Builders & Innovators program.
Prior to Illumio, Andrew was president of Cymtec and led Business Development for VoiceNet, where he was responsible for sales strategy, business development activities, and customer relationship management. Andrew graduated from Washington University in St. Louis with a BSBA in Finance.