Ten reasons to choose Illumio for Zero Trust Segmentation

More and more organisations are interested in micro-segmentation.

---

More and more organisations are interested in micro-segmentation. If fact, a new Gartner Market Guide for Microsegmentation suggests micro-segmentation is becoming increasingly important in enterprise IT security. The report suggests that by 2026, 60% of companies working towards a Zero Trust architecture will use micro-segmentation, up from just 5% today.

One approach that is increasingly popular is Zero Trust Segmentation (ZTS). Zero Trust Segmentation denies access to applications and devices unless they are specifically required for operations. By blocking unnecessary network traffic, Zero Trust Segmentation shuts down the paths that ransomware and other cyber attacks depend on for moving across a network.

Illumio offers a Zero Trust Segmentation solution that can be helpful to organisations of all sizes that are looking to get started on their Zero Trust journey. Here are 10 ways Illumio Zero Trust Segmentation provides a superior experience.

1. Scalability

Illumio has demonstrated exceptional scalability with deployments managing hundreds of thousands of workloads and beyond. These workloads can be in the cloud, on-premises and in hybrid environments. Illumio supports some of the largest micro-segmentation installations in production anywhere, providing the most comprehensive protection available anywhere against ransomware.

2. Single pane of visibility

You can't remediate what you can't see. The more platforms supported translates into a more comprehensive single pane of visibility. Illumio's wide range of platforms and single pane of visibility greatly improves your security posture and ability to prevent and respond rapidly to cyber attacks.

Illumio is able to offer a single pane of visibility enabling Zero Trust Segmentation because it supports cloud, virtual machines, hybrid and on-premises environments. This includes a wide range of platforms and environments, including Windows, Linux, AIX, Solaris, Kubernetes, OpenShift, VMware, AWS, Azure, Google Cloud Platform (GCP), IBM and Oracle.

With Illumio, organisations can define and enforce Zero Trust Segmentation policies that take effect everywhere: on-premises, on third-party cloud platforms, at remote locations such as home offices, and in IOT environments. For example, Illumio's integration with Cylera helps extend visibility into IOT environments like medical devices.

Unlike other platforms, Illumio provides a comprehensive solution that protects most environments against ransomware and other forms of cyber attack.

3. Simplicity instead of complexity

Part of the work of configuring any micro-segmentation product is setting up the tags and user groups that will be used to define specific segmentation policies. For example, security architects might want to tag all the assets associated with a specific type of data centre environment. Or they might want to define a user group comprising all the users in a specific department.

With many micro-segmentation products, setting up groups and tags is time-consuming, error-prone work. It requires a lot of trial and error to get right.

With Illumio, setting up groups and tags is quick and easy. One way that Illumio streamlines this work is by integrating with next-generation firewalls such as Palo Alto Networks. Illumio ZTS is also integrated with IT service management tools such as ServiceNow's Configuration Management Database (CMDB) to import workload tags to provide more context to workloads.

When segmentation products make grouping and tagging difficult, customers often cut corners, grouping users and devices too broadly simply to get the work of assigning groups done. By simplifying this work, Illumio makes it easier for IT and security teams to set up the precise segmentation policies that best meet their needs.

4. No time-consuming, error-prone rules ordering

Some micro-segmentation platforms offer too many types of rules for enforcing micro-segmentation policies: allow, block, override and reject. Because they support multiple rules, the ordering of rules matters a great deal when implementing segmentation policies.

For example, security analysts might decide to allow most traffic from an endpoint to enter a data centre, but they might decide to reject some of the traffic from certain applications or at certain times. In cases like this, it’s critical that security analysts get the order of rules right; otherwise, the wrong traffic will be blocked.

Rule ordering might seem straightforward with just one or two examples. But when the scope of work expands to hundreds of workloads, it becomes much more time consuming and problematic.

Illumio provides a simple and straightforward model for segmentation rules. By default, all traffic is blocked. Only explicitly authorised traffic is allowed to pass through. There’s never any confusion about which rules are in effect. And you no longer need to worry about packets being dropped either.

Because Illumio makes it easy to model segmentation policies, security teams can easily determine which traffic should be authorised. They explicitly allow that traffic, and Illumio blocks the rest in accordance with Zero Trust best practices.

The result? As close to airtight protection a company can get for stopping the spread of cyber attacks on its networks.

5. Zero Trust Segmentation without the cost and complexity of deep packet inspection

Some segmentation companies have invested in deep packet inspection technology for their micro-segmentation product line. Deep packet inspection inspects the contents of network traffic, expanding the scope of work involved in analysing traffic for policy enforcement.

Illumio found that you don’t need deep packet inspection to define and enforce segmentation policies. Operating at layer 4 in the network stack turns out to be sufficient for determining whether or not traffic is authorised.

By dispensing with deep packet inspection, Illumio is able to provide Zero Trust Segmentation without adding unnecessary cost and complexity to deployments or jeopardising the network performance with intrusive inspections that result in delays.

6. Containing ransomware

Illumio provides enforcement boundaries to contain attackers from moving laterally across the organisation. This enables security architects to immediately isolate any workload or endpoint compromised in an attack. The enforcement boundaries can be activated instantly through scripts or by manual control, isolating workloads and endpoints already infected from spreading across the organisation.

7. Visualisation included at no extra cost

All Illumio products include application dependency mapping for no extra cost. Using its powerful graphical features, business leaders, application owners and security teams can monitor real-time application usage and traffic patterns and determine which traffic should be allowed for business-critical operations. Once they understand which traffic patterns are legitimate, these teams can work together to quickly define policies that allows business-critical traffic to pass through while blocking everything else.

8. Build, model and test

It’s much easier to build, model and test segmentation policies with Illumio. Illumio’s real-time application dependency mapping provides the guidance business and security teams need for defining policies that protect the traffic legitimately needed for business. Business and security teams can model those policies, seeing alerts about the traffic that Illumio would block were the policies actually being enforced. This kind of modelling makes the work of fine-tuning policies quick and straightforward.

Because Illumio supports natural language definitions for policies, organisations can divide the work of designing rules from those individuals who are implementing them. This provides checks and balances for compliance purposes, preventing one application group from overwriting rules of another group of rule designers. This also can prevent the havoc around implementing the wrong set of rules that can stop mission-critical traffic from communicating. A team that can oversee these rules can put these policies in place that prevents disruption to the business, giving your business leaders and application teams peace of mind.

9. Integrations

Illumio supports a wide range of integrations, including integrations with VMware vSphere, Ansible, ArcSight, AWS, Docker, Chef, Google Cloud Platform (GCP), Okta, RedHat, Microsoft Azure, Puppet, ServiceNow, and Splunk. These integrations make it easier to import data for workload tagging and visibility and to coordinate Illumio enforcement actions with SIEM and SOAR playbooks and other automated workflows.

10. Expertise

Illumio’s Zero Trust Segmentation platform is unique in that the platform was purpose-built from the ground up for hybrid, modern enterprise IT architectures. Unlike others who pivoted into micro-segmentation, Illumio was born in this space with a goal to make Zero Trust Segmentation easy, accessible and highly-scalable for enterprise organisations of all sizes. 

Forrester Research has also recognised Illumio as a leader in two of its Forrester Wave reports – one for micro-segmentation and one for Zero Trust.

Discover more about Illumio Zero Trust Segmentation:

See how Illumio helped a global law firm stop the spread of ransomware.

Learn why Illumio is a Leader in two Forrester Wave reports.

Read this guide on how Illumio makes Zero Trust Segmentation fast, simple and scalable.