Illumio Brings Segmentation Security to Cisco, AWS, Azure

Illumio's platform sets the correct security policy and auto-manages enforcement across applications, workloads and processes as they are provisioned.

Everybody's scrambling to find new approaches to recurring security problems that continue to impact enterprises and individuals alike. Segmentation, the idea of separating sections of an IT system so that an intruder can't roam from level to level, is currently a hot idea here.

Illumio has its own stake in the ground on this, believing that this will become a new standard for securing data center and cloud applications. Segmentation is a way to move beyond reactive breach detection solutions to a proactive model that stops the lateral movement of bad actors.

The Sunnyvale, Calif.-based startup contends that its Adaptive Security Platform provides the first continuous delivery system for segmentation security, continually updating and upgrading itself. The ASP programs the correct security policy and auto-manages enforcement across applications, workloads and processes as they are provisioned, operated and moved in any data center or private and public cloud infrastructure.

Platform Has Been Expanded

Illumio's latest news is that the company has made its segmentation platform into a new foundation for data center and cloud security with support for Cisco and Dynamic Filters on Arista data center network switches, as well as AWS Security Groups and Azure Network Security Groups.

The company said that these new capabilities are coming this calendar year; the switch integrations will be demonstrated on the floor of the RSA conference Feb. 13-16 in San Francisco.

"As segmentation becomes the core strategy for data center and cloud security, organizations are now looking at how other elements of their compute environment can be used to enforce these policies," Illumio CTO and co-founder P.J. Kirner said.

"Our customers have asked us to efficiently coordinate policy across their data center and cloud environments, simplifying management of the security control plane. This expansion of our platform builds on our previously demonstrated capability of programming the F5 LTM and AFM and represents our next step towards Illumio's adaptive segmentation."

Key New Features

--Illumio can now program and control data center and cloud infrastructure, including Cisco, Microsoft Azure, AWS and Arista.

--Users no longer need firewall chokepoints, SDN deployments or upgrade infrastructure to achieve high-end, segmentation-based security.

--The expansion of Illumio's enforcement-point programming gives users a centralized and automated coordination of policy management among hosts; workloads (bare metal, virtual machines, containers); Cisco, F5 and Arista network switches; and public cloud AWS Security Groups and Azure Network Security Groups.

--Users can now write uniform security policies for hosts, the network and public cloud, improving security and reducing operational overhead. By extending Illumio ASP's enforcement point ecosystem from the workload (bare metal servers, virtual machines, containerized hosts) to the additional security controls in the network and cloud, Illumio claims that it is ending the need to manage multiple disconnected policy models.

Core Benefits

According to the company, this provides three core benefits:

--eliminates the security gaps generated by the disparate, uncoordinated security policies enforced separately at the workload, in the network and in cloud environments;

--reduces the operational overhead of manual segmentation provisioning by taking advantage of software-driven automation of security policies; and

--stops the addition of unnecessary firewall chokepoints or SDN deployments to achieve robust segmentation-based security.

What the Analyst Said About Segmentation

"One of the biggest challenges in security is battling complexity, and that's amplified by increasing heterogeneity that we see in customer data centers and cloud environments," Eric Hanselman, Chief Analyst at 451 Research, said. "Legacy infrastructure combined with virtualization and cloud means there is opportunity for coordinated points of policy enforcement.

"We see segmentation in depth addressing a real requirement for customers who are looking to both strengthen security and simplify operations by centralizing and harmonizing policy and enforcement across different environments."

Three-year-old Illumio counts among its customers Morgan Stanley, Plantronics, Salesforce, King Entertainment, NetSuite, Oak Hill Advisors and Creative Artists Agency.

For more information, go here.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor of Features & Analysis at eWEEK, responsible in large part for the publication's coverage areas. In his 12 years and more than 3,900 stories at eWEEK, he...