FAQs ! ! COMPANY What is the problem with data center and cloud security? Data centers have become dynamic and distributed with the adoption of server virtualization and cloud computing. The perimeter and network-centric security models of the past are broken—they lack context and visibility to computing resources behind the firewall, rely on manual policy modifications when application or infrastructure changes occur, and do not work across private data centers and cloud environments. Illumio is a private company backed by elite investors including venture firms Andreessen Horowitz, General Catalyst, Formation 8, and Data Collective as well as individual investors including Salesforce.com CEO Marc Benioff and Yahoo! Co-Founder Jerry Yang. Illumio has raised more than $42 million to date. What does Illumio do? Illumio fixes the broken network-centric security model. We have created the first-ever security approach that mirrors the operating model of today’s dynamic data centers. The Illumio Adaptive Security Platform (ASP) provides comprehensive, interactive visibility into application traffic—anywhere—while applying fine-grained policies that are computed dynamically. Illumio achieves this by providing security that is completely independent of the underlying infrastructure. ARCHITECTURE & PRODUCTS What is Illumio’s product? Illumio Adaptive Security Platform (ASP) secures dynamic data centers, providing a compelling solution that dramatically enhances security and compliance, while increasing business velocity and operations. Illumio ASP is a software system that secures any computing platform (bare-metal servers and virtual machines) in any environment (enterprise data center, Amazon Web Services, Google Compute Engine, Microsoft Azure, OpenStack, etc.) without any dependency on the underlying network. Illumio ASP understands the context of an application’s workloads and their inter-relationships, and uses this to compute and enforce accurate security. Illumio ASP adapts to computing environment changes, the movement of workloads across data centers or clouds, and IP address changes. It adapts to application or infrastructure changes and prevents the lateral spread of attacks. How is Illumio Adaptive Security Platform (ASP) different? Illumio ASP enforces security policies for workloads running on any virtual machine or physical server without any dependencies on the underlying network (VLANs, subnets, zones, etc.) or www.illumio.com ! ! ! environment (data centers and private, public, or hybrid clouds). Illumio does not simply automate or repurpose existing security capabilities; it applies security in a unique and innovative new way. Illumio ASP enables IT to write policies in natural language. These policies are then translated into granular security rules, without any need for IP addresses, subnets, VLANs, or zones. The security policies can be applied at the beginning of the application life cycle by integrating with configuration management and orchestration tools such as Chef, Puppet, Ansible, and Elastic Box—or they can be applied to an existing environment. What is a workload? A workload equates to a discrete operating system instance. A workload can run on a physical device or VM, or as a cloud instance. What does Illumio mean by “context”? A workload’s context includes its system properties (OS, IP address, ports, running processes, etc.), its relationships and dependencies to other workloads within the application and beyond, and its ecosystem (location, application details, life cycle environment, etc.). The context of workloads change as the application that they are part of moves, changes, and scales up or down. Why does security need to be “adaptive”? Without adaptive security, businesses are slowed down due to the overwhelming number of firewall rules, manual changes required to policies, and the possibility of errors leading to serious breaches. Adaptive security automatically accounts for the moves, additions, and changes to applications and infrastructure that are typical of dynamic data centers. Illumio ASP is a software system built around the specific and accurate context of the workload and application. Illumio listens to and understands the services and active network connections that are running on a workload. Illumio ASP constantly computes workload relationships, and adapts to any changes in context. Administrators specify the desired interactions between workloads in natural language terms. Then, Illumio ASP computes and enforces the precise security for each workload in the application by combining workload context with the defined policies. As workload context changes (scale up, scale down, IP address updates, etc.), Illumio ASP computes and distributes the incremental policy changes to the impacted workloads. What are the core components of Illumio ASP? There are two main components to Illumio ASP: ! The Virtual Enforcement Node (VEN) is a software agent that is installed on each workload. It collects information about the workload (OS, IP addresses, open ports, running processes, open connections, etc.) and reports it back to a Policy Compute Engine (PCE). The PCE uses this information to compute security rules, which are sent back to the VEN. The VEN then configures the native OS packet filtering capabilities (iptables on Linux or Window Filtering Platform) to enforce the security policy. ! The Policy Compute Engine (PCE) is a centralized controller than manages all of the state and policies of the computing environment it visualizes and protects. It examines the www.illumio.com ! ! relationships among workloads, computes the rules required to protect each workload, and distributes those rules out to the VENs on the workloads. Illumio’s initial set of services center on data center and cloud security: ! Illumination monitors traffic flows, learns the application topology, and displays all communications within and between applications in an intuitive graphical map. ! Enforcement enables administrators to write security policies in natural-language terms and enforces dynamically computed, fine-grained security that locks down the communications between workloads to explicitly permitted paths. ! SecureConnect provides on-demand encryption of data in transit between workloads within or across applications. Read our data sheet » Does Illumio work with my existing security solutions (firewall, IPS/IDS)? Yes. Illumio ASP works alongside existing firewall or network security solutions. No changes to the network technology or topology are required to integrate Illumio ASP into a data center or cloud environment. Is there any dependency on specific hardware or software infrastructure? No. Illumio ASP does not require any changes to standard operating system or virtual machine configurations. Read our data sheet » Does Illumio ASP change server or virtual machine configuration? No. Illumio ASP does not require any changes to standard operating system or virtual machine configurations. How is the Virtual Enforcement Node (VEN) installed? The VEN resides in the guest OS. Both Linux and Windows workloads are supported. www.illumio.com ! ! How do I deploy Illumio ASP? How long does it take? The Illumio ASP is available in two ways: 1. 2. With Illumio Secure Cloud, Illumio hosts and manages the infrastructure used to provide Illumio ASP. With Customer Data Center, Illumio ASP is deployed as a virtual appliance in the customer's data center. Workloads in the customer data center, or in any cloud environment, are secured by installing the VEN software agent on the workload and establishing a connection to the PCE. Most customers are up and running in hours. BENEFITS What are the key benefits? Illumio: ! Adapts security automatically to application changes ! Computes accurate security policies ! Secures applications running anywhere ! Visualizes what’s behind your firewall ! Encrypts data in transit instantly ! Drives efficient IT operations How are customers using the Illumio ASP? Customers are using Illumio ASP to improve their security posture and drive operational efficiency. Illumio ASP can solve important security and operational use cases like: ! Environmental separation Enables administrators to separate IT operating environments. ! Visibility behind the firewall Enables administrators to visualize communications within and between applications in data centers and clouds. ! Micro-segmentation Delivers application segmentation at a granular level, without relying on network constructs. ! Auto scaling applications securely Addresses security needs automatically when applications are scaled up or down to account for computing capacity. www.illumio.com ! ! ! Secure public cloud migration Enables migration of the application to public cloud while maintaining control over security. ! Firewall rule reduction Avoids the explosion of firewall rules caused by static network-centric security solutions. ! Automating security with DevOps Enables the automation of security through integration with orchestration tools like Chef, Puppet, and Ansible. ! Securing data in transit Provides on-demand encryption of data in transit with one-click IPsec connectivity between workloads—anywhere. ! Enforcing data residency Isolates workloads to meet data residency requirements. CUSTOMERS Who uses Illumio ASP? Illumio ASP is built for organizations of all sizes, and is being used by leaders and innovators across industries. It scales from the smallest to the largest data center, and supports applications in any environment. Our customers span a wide range of verticals and include Morgan Stanley, Creative Artist Agency, Plantronics, Yahoo!, and NTT I3. Read our customers' stories » BUYING ILLUMIO ASP How is Illumio ASP sold? Illumio is offered as an annual subscription. How do I get a demo of and purchase Illumio ASP? Check out the Experience Illumio section. www.illumio.com