Illumio Breach Containment Platform
Zero-trust visibility has transformed OT security and now manages critical network risks safely
What is our primary use case?
My main use case for Illumio Segmentation is security and visibility, as I am able to get a lot of visibility in networking, even in sites I don't know about, and it is a strong security solution.
For example, I am using Illumio Segmentation for visibility. If you have the Illumio agent in a network, even on devices that are not manageable, they will be able to understand the traffic around them, bringing information about the networking and remote networking to your operation. On the security side, Illumio Segmentation is a zero-trust operation, so it does not allow a connection that is not explicitly allowed. By default, it blocks everything. Nowadays, the best case I have is with OT environments in manufacturing that block every network that is not allowed to work inside the OT devices.
What is most valuable?
Zero-trust is the default operation with Illumio Segmentation. When you start to deploy it, you already begin to listen for the traffic that should not be allowed, because Illumio Segmentation by default is zero-trust but not enforcement. As you start Illumio Segmentation, you begin to see what happens in the networking and what kind of traffic you should not allow to work. It is easy to deploy and understand what happened, and very easy to go and block everything if you want. Additionally, because of the visibility correlation, if you define one asset to not be able to receive some kind of traffic, it is ready to make a correlation with the source of the traffic to look for other assets that receive the same kind of traffic, helping to understand what happened in your network. The zero-trust and visibility operations are incredible features, and I think it is the best way to use that.
Illumio Segmentation is deployed in my organization in a hybrid cloud environment, and I have another customer who operates totally in the cloud. The product fits very well in both cases, as it is very strong in that aspect. I can say it is the best solution on the cloud because it is the only one that really has features from Oracle, making it adaptable in all environments.
Illumio Segmentation has had a positive impact on my organization, as it has created a very impressive impact because it is a worldwide operation. Even though they deployed it only in Brazil, they are already looking to expand to other countries because of the results. They are achieving amazing results, specifically because on the OT side, the features of Illumio Segmentation are very easy to deploy and have no impact on operation.
I have seen specific results since deploying Illumio Segmentation, such as better visibility and less risk, because nowadays they know what kind of traffic happens in the OT environment and have already blocked it. They are not sure what could happen because they blocked that. Now, they are able to understand what happens in networking without risks. I am talking about an operation where a failure can lead to a disaster, such as an explosion or electrical power crash. Last year in this company, there was a very high incidence involving damage to people, but nowadays they feel more confident that they can manage the risks in the operation.
In my opinion, the best features Illumio Segmentation offers are that it is not an inline solution; it is an application, allowing you to start and stop Illumio Segmentation, rebuilding everything without stopping the services on the operation or the environment. It is a transparent operation, and the zero-trust and monitoring features are incredible, making it a very easy solution that does not consume a strong fingerprint, resulting in less CPU and less memory.
What needs improvement?
I would appreciate if Illumio Segmentation's interface were better. It is good enough to manage the operation and get the visibility, but when looking for data regarding licenses and expansion management, not operational points, it could be improved.
I do not have anything more to add about the needed improvements at this point because I know they have made some changes in the last three to six months, and I have not had time to closely look at the details regarding those changes. I can speak about this in the next three months at least, once I have more details about the results.
For how long have I used the solution?
I have been using Illumio Segmentation for around three years.
What other advice do I have?
I want to add that Illumio Segmentation works at an application level, so the manager of the network is able to stop Illumio Segmentation. Of course, that is not a security risk because Illumio Segmentation sends alerts in this case. The main point is that the operation is working, and if you have any single point of failure, you are able to turn that off. Illumio Segmentation does not impact the operation unlike other vendors that have inline solutions; it is a service solution. Therefore, it is easy to manage the environments, specifically OT environments that have many restrictions, making it very useful for...
Regarding Illumio Segmentation's AI capabilities, I think we need to go inside another product from Illumio called Insight; it is not the segmentation. On the segmentation side, I can only say it is not a real AI solution, but they have some kind of intelligence to understand the networking, the traffic, and the visibility. However, for true AI capabilities, the solution leads to the Insight product, which identifies risks in networking correlated with global attacks; it is a feature from Illumio, but it requires an additional purchase.
I advise others looking into using Illumio Segmentation to plan before starting, since you need to understand the size of your deployment, especially if you are going into the cloud. Integration with the cloud is very easy, but if you do full integration, you are going to pay for all assets in the cloud. Be careful about what you intend to accomplish before you start so you do not get a surprise on the price. It is not an expensive product, but if you have too many assets and you do not account for the number of assets, you might be surprised, especially if you bundle it with endpoint solutions. I have given this review a rating of ten out of ten.
Easy to Deploy and Highly Configurable, but Upgrades Need to Be Smoother
Illumio: #1 A Lighter, Easier-to-Manage Solution for Large Environments
Easy Deployment, Strong Security Impact, and Great Support
Easy to Deploy, Fast Traffic-Flow Visibility with Illumio
Easy to Use with Powerful Microsegmentation
Easy to Understand and Quickly Proves Value with Great Customer Visibility
Illuminates Traffic for Enhanced Network Control
Strong Identity-Based Micro-Segmentation That Reduces Lateral-Movement Risk
Micro-segmentation has transformed endpoint protection and now isolates internal threats effectively
What is our primary use case?
Illumio serves as our primary endpoint security solution, utilizing the VEN as an agent installed across each workstation, laptop, and server managed through the PCE, the Policy Compute Engine. We manage all endpoint devices, both managed and unmanaged, through the Illumio agent, which communicates with the PCE to monitor all behaviors involving high-level security between north-to-south and east-to-west traffic.
A specific example of how I use Illumio with endpoints to protect my laptop from outside threats involves internal threat protection as well. Suppose two computers are already in the same network domain. If one computer gets compromised by any means, the communication between the other computer would normally continue unprotected. However, when I use Illumio as a security device and install the secure agent on each workstation, if one workstation becomes compromised, I can protect the second one. This means I can protect communication between devices in the same network segment. I can restrict and manage the communication between these devices effectively.
In addition to our primary use case, we protect our devices and environment from ransomware attacks, and I have witnessed several scenarios where Illumio protects devices from such threats. Illumio PCE includes a map where I can see all communication similar to micro-segmentation, including details about the production environment, its location, and the web application. Everything can be micro-segmented, allowing me to segment the network and protect it comprehensively.
What is most valuable?
The best feature of Illumio is micro-segmentation. Within the same segment of a network or device, I can create micro-segmentation based on location, environment, and roles. I can customize what exactly each particular endpoint device is and accordingly write rules to manage communication through inbound and outbound rules, allowing or denying communication as required.
While working with micro-segmentation and setting rules based on roles or locations, managing and updating policies in Illumio does not take considerable time because I have intra-scope and extra-scope rules. If I make a rule and need to modify it, I simply adjust the scope accordingly. When a new workstation comes into the network, I only need to apply the labels to that workstation, and it merges into a policy automatically without needing to modify the policy unless absolutely necessary.
Deploying the VEN is straightforward, as I can deploy it on Windows, Linux, and macOS operating systems. In my organization, we have deployed it on approximately 300,000 devices, and it is easily manageable through Illumio. We have a cloud, SaaS-based environment of the PCE where I manage all those devices, making deployment very straightforward.
Illumio has positively impacted my organization by protecting devices not only from external threats but also from internal ones. If any single PC becomes compromised by an external or internal attack, I can isolate those PCs or devices. If any server becomes compromised, I can isolate it as well, which is a wonderful feature of Illumio.
What needs improvement?
Illumio can be improved in several areas based on our feedback. Sometimes, the PCE experiences slowness, especially when deploying around 300,000 endpoint devices. When these devices communicate within the network, loading the map or connections can cause latency, which needs improvement for a more user-friendly and faster experience.
Regarding improvements to the interface, I believe we can add more features to the graphical user interface, such as proper logs. While the logs currently indicate what was blocked or allowed, clicking on a specific log should provide more information, such as which extra-scope rule is causing a denial, offering better analysis for troubleshooting.
For how long have I used the solution?
I have been using Illumio for the last two and a half years.
What do I think about the stability of the solution?
In my experience, Illumio is completely stable.
What do I think about the scalability of the solution?
Regarding scalability, from the PCE, I can push policies or use scripting to facilitate scalability. By employing Linux scripting or other methods, I can push the policy to all devices at once, making it easy to scale.
How are customer service and support?
Customer support from Illumio is exceptional. Whenever I raise a case with their support team, regardless of the priority level—P1, P2, P3, or P4—they generally reply within an hour and are available for a call whenever needed, providing a complete solution.
Which solution did I use previously and why did I switch?
Before using Illumio, we had not utilized a different endpoint security solution. We relied on Windows firewall and our own firewall, which was a legacy system that could not provide the micro-segmentation we required, prompting us to switch to Illumio for better security.
How was the initial setup?
Since implementing Illumio, my organization has seen a reduction in work effort, and it helps to secure the network efficiently. For example, we have several endpoint devices located in different locations. I can create extra-scope or intra-scope rules to simplify communication while managing their Windows firewall and other firewalls through Illumio.
What was our ROI?
I have seen a good return on investment with Illumio, and it definitely saves our time. Additionally, if we were to buy any other product besides Illumio, we would need to invest more. Illumio serves as a single endpoint technology where I can implement various features, including a zero-trust network, north-to-south and east-to-west configurations, and micro-segmentation, all coming from one platform, which ultimately saves us time and money.
Which other solutions did I evaluate?
While choosing Illumio, we did not evaluate other options since we received an offer for a trial, and it turned out to be a wonderful experience without trying other vendors or technologies so far.
What other advice do I have?
For others looking into using Illumio, I would advise purchasing and testing this product, as it will provide immense satisfaction regarding security and user-friendliness.