DATA SHEET ILLUMIO ADAPTIVE SECURITY PLATFORM HIGHLIGHTS No network dependencies Enterprises can secure workloads running anywhere–private anywhere – privatedata data centers, public, or hybrid clouds. Computed security policies Fine-grained, accurate security is continuously computed and enforced in real time. Context awareness Security adapts to changes through awareness of workload context. Visibility behind the firewall Provides an interactive graphical map of all application traffic before and after security is enforced. The concept of the data center has shifted significantly. Enterprises now run their applications on virtual machines (VMs) and physical servers across private data centers and public or hybrid cloud environments. Perimeter- or network-based solutions were designed to “guard the fortress” at the boundary, keeping trusted entities inside and untrusted entities outside. These choke-point solutions have since been adopted to secure east-west traffic within a data center, but they lack visibility into what’s actually happening inside the perimeter. The industry also lacks a practical solution for public cloud environments, when an enterprise does not own the network. The Illumio Adaptive Security Platform (ASP) delivers accurate security along with unprecedented visibility and control over workloads running in any data center or cloud environment. It can secure enterprise applications running on any VM or physical server in any data center or cloud, independent of the network or hypervisor. When workloads that comprise an application scale up or down, migrate, or change, Illumio ASP automatically computes and enforces security. HOW ILLUMIO ASP WORKS On-demand IPsec Enables one-click IPsec connections between applications or between workloads within an application. Illumio ASP begins with security attached to the most fine-grained enforcement point—the individual application workload. The distributed architecture of Illumio ASP consists of Virtual Enforcement Nodes (VENs) installed on any VM or physical server residing in any data center or cloud environment. Natural-language policies Security policies are written in natural language, based on a workload’s context, rather than using IP addresses, ports, zones, and subnets. Each VEN examines the workload with which it is paired—determining operating system information, the processes listening on ports, protocols, and IP address information—and sends that context to a centralized Policy Compute Engine (PCE). The PCE then determines the graph of dependencies between workloads and computes accurate security policies for each workload. The PCE and VENs work together to continuously monitor and adapt security to changes without the need to steer traffic to a choke point. Instead, the enforcement is done using iptables in Linux workloads and Windows Filtering Platform, which are available in the operating system. This architecture allows Illumio ASP to apply precise security policies that follow each workload and enforce security based on explicitly allowed interactions between those workloads. No rip and replace Works alongside existing network and perimeter security solutions. illumio.com 1 DATA SHEET Illumio Adaptive Security Platform Workload context DATA CENTER/ PRIVATE CLOUD REST API Policy Compute Engine (PCE) Virtual Enforcement Node (VEN) Policy provisioning KEY SERVICES WITHIN ILLUMIO ASP Illumio ASP includes the Illumination, Enforcement, and SecureConnect services, enabling workflow-driven policy decisions to apply security to enterprise applications running anywhere. Illumination Enforcement SecureConnect Understand applications and workload relationships Enforce security anywhere with natural-language policies Encrypt data in transit with IPsec connectivity Illumination Illumio ASP monitors traffic flows, learns the application topology, and displays all communications within and between applications in an intuitive graphical map. With Illumination, administrators can write well-informed, workflow-driven security policies. Security policies written with Illumination can be tested before they are implemented to ensure security rules do not break the applications. illumio.com 2 DATA SHEET Illumio Adaptive Security Platform Enforcement Illumio ASP uses flexible, multidimensional labeling to classify workloads based on role (e.g., web, database), application, environment (e.g. production, QA, PCI, staging), and location. With Enforcement, security administrators can use those labels to write natural-language security policies to describe desired communications between workloads. The PCE uses these policies and the workload context from VENs to compute Enforcement rules. SecureConnect Illumio ASP provides on-demand IPsec connectivity between workloads running anywhere, with no need to change the network or add hardware. With SecureConnect, administrators can configure and enforce encryption of data in transit with one click. IPsec connections no longer need to be set up manually—they can be enabled between any combination of Linux and Windows workloads running anywhere. illumio.com 3 DATA SHEET Illumio Adaptive Security Platform System requirements Illumio ASP benefits VEN Linux workloads n n n n n CentOS 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 6.3, 6.4, 6.5 n n DESCRIPTION Adapt security to application changes Security adapts in real time with continuous computation using the context of workloads along with security policies written in natural language. Administrators don’t need to rewrite policies when applications change, scale, or migrate. Improve security with accurate policies Security is attached to the most accurate enforcement point—the individual workload. Precise security policies follow the workload and enforce security based on explicitly permitted interactions. This reduces errors, improves security, and prevents the lateral spread of attacks. Secure applications— anywhere Secures enterprise applications without any dependency on the underlying network or hypervisor. Protects workloads running on any VM or physical server and deployed across any cloud or data center environment. See behind your firewall All communications within and across applications are visualized in an intuitive graphical map. Displaying application behavior makes it possible to assess potential security gaps and make well-informed policy decisions. Set up IPsec connections instantly IPsec connectivity is available on demand between workloads running anywhere, without requiring changes to the network or adding hardware. Encrypted communications can be established with one click between specific workloads—or groups of workloads—across applications. This eliminates the need to manually set up IPsec connections. Drive efficient IT operations IT and DevOps can automate security through standardized APIs. Improves operational efficiency and reduces errors through integration with IT orchestration tools like Chef and Puppet. Amazon 2012.09, 2013.03, 2013.09, 2014.03, 2014.09 Red Hat 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 6.3, 6.4, 6.5 Ubuntu 12.04 (Precise Pangolin), 14.04 (Trusty Tahr) Debian 7.0 (Wheezy) Windows workloads n BENEFIT Windows Server 2008 R2 Datacenter Edition Windows Server 2012 Datacenter Edition Windows Server 2012 R2 Datacenter Edition Environments n Any hypervisor (e.g., VMware, Hyper-V, KVM, Xen) in any cloud n Bare-metal servers n Private data centers n Any public cloud (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform, Rackspace Cloud) PCE n Illumio Secure Cloud n Customer Data Center Browsers for web console USE CASES Illumio has identified several common security or IT operations use cases, including: n Google Chrome 34 or above n n Mozilla Firefox 28 or above n n Microsoft Internet Explorer 10 or above n n n Auto scaling applications securely Micro-segmentation Enforcing data residency Visibility behind the firewall Firewall rule reduction n n n n Environmental separation Secure public cloud migration Securing data in transit Automating security with DevOps ABOUT ILLUMIO Illumio eliminates the gap between the dynamic data center and the static, perimeter-centric security model. Illumio’s Adaptive Security Platform (ASP) delivers visibility and control over workloads running in any data center or cloud environment. It computes security policies and ensures they are provisioned accurately by understanding and continuously adapting to changes in infrastructure and applications. Innovative organizations are using Illumio ASP to operate at speed, while ensuring that security keeps pace. For more information, visit www.illumio.com or follow us on Twitter @Illumio. 4
© Copyright 2024