Illumio: #1 A Lighter, Easier-to-Manage Solution for Large Environments
What do you like best about the product?
llumio is seen as a “lighter” and easier-to-manage solution in large environments
What do you dislike about the product?
Illumio still faces challenges to overcome, such as its approach to AI implementation at the K8s level—among other areas of opportunity related to the use of AI itself—but I believe it is on the right track for now.
What problems is the product solving and how is that benefiting you?
Personally, I find that microsegmentation using Illumio is much more user-friendly in terms of installation, configuration, and overall operation compared to other solutions
Easy Deployment, Strong Security Impact, and Great Support
What do you like best about the product?
We implemented Illumio in response to an internal audit. It was easy to deploy, configuration was straightforward, and it makes a measurable impact in our security posture org-wide. The UI is easy to navigate, performance has been very high, and the price is reasonable. Illumio's customer success team has been great to work with and provided prompt support.
What do you dislike about the product?
As with all micro-segmentation tools, it is very easy to make a high-impact bad configuration change. We have to be extremely careful, especially when we have junior engineers operating within the tool.
What problems is the product solving and how is that benefiting you?
An internal audit revealed a weakness in our previous micro-segmentation setup. Illumio addressed this weakness quickly, easily, and comprehensively.
Easy to Deploy, Fast Traffic-Flow Visibility with Illumio
What do you like best about the product?
Illumio is easy to deploy and within a few hours, you have total visibility of traffic flows on your network. There are no performance issues on the endpoints and pricing is inline with expectations
What do you dislike about the product?
There are no downsides of Illumio, the product is easy to use, wide operating support and quick to onboard
What problems is the product solving and how is that benefiting you?
For companies with legacy or flat networks, Illumio can easily solve the lateral movement problem without reengineering the network. Also stops blast radius in the event of a breach
Easy to Use with Powerful Microsegmentation
What do you like best about the product?
It’s easy to use, and the microsegmentation capabilities are powerful.
What do you dislike about the product?
Sales person of Illumio is pointless. Never visit customer, never even say hi.
What problems is the product solving and how is that benefiting you?
Further protecting servers from known and unknown threat, with refine firewalling on each of them.
Easy to Understand and Quickly Proves Value with Great Customer Visibility
What do you like best about the product?
It is easy to understand, and it prove its value early even when you are not doing any restrictions, it is bringing the visibility for the customer.
What do you dislike about the product?
It doesnt have a Dark Mode UI. And sometimes we may need too much time to see some changes applied.
What problems is the product solving and how is that benefiting you?
Bringing visibility and security for the customers.
Illuminates Traffic for Enhanced Network Control
What do you like best about the product?
I appreciate Illumio's 'illumination' feature that allows me to map the current traffic to understand communication patterns before applying policies to restrict. The different mappings and dependencies help me understand and have the full picture, which is quite valuable for network segmentation.
What do you dislike about the product?
The adoption journey of Illumio is not that easy. After 1 year, we are still learning to enable some features. I would like my security analysts, network engineers, and sys admins to be able to leverage it. More guided technical workshops, available for customers, to fully adopt the product would be helpful.
What problems is the product solving and how is that benefiting you?
I use Illumio for network segmentation to monitor and control traffic, block lateral movement, and understand communication patterns. The illumination feature maps traffic and dependencies, providing a full picture before applying policies.
Strong Identity-Based Micro-Segmentation That Reduces Lateral-Movement Risk
What do you like best about the product?
It is a great tool --- it delivers strong, identity‑based micro‑segmentation. And it helps to reduce lateral‑movement risk and eventually helping security teams enforce policies with confidence.
What do you dislike about the product?
complex at first, and Large‑scale deployments may require careful tuning
What problems is the product solving and how is that benefiting you?
It fits its name and tasks that - detect attacks, and stop breaches instantly at cloud scale. Also it gives us real‑time visibility and results is a stronger, audit‑defensible security posture. Great tool
Micro-segmentation has transformed endpoint protection and now isolates internal threats effectively
What is our primary use case?
Illumio serves as our primary endpoint security solution, utilizing the VEN as an agent installed across each workstation, laptop, and server managed through the PCE, the Policy Compute Engine. We manage all endpoint devices, both managed and unmanaged, through the Illumio agent, which communicates with the PCE to monitor all behaviors involving high-level security between north-to-south and east-to-west traffic.
A specific example of how I use Illumio with endpoints to protect my laptop from outside threats involves internal threat protection as well. Suppose two computers are already in the same network domain. If one computer gets compromised by any means, the communication between the other computer would normally continue unprotected. However, when I use Illumio as a security device and install the secure agent on each workstation, if one workstation becomes compromised, I can protect the second one. This means I can protect communication between devices in the same network segment. I can restrict and manage the communication between these devices effectively.
In addition to our primary use case, we protect our devices and environment from ransomware attacks, and I have witnessed several scenarios where Illumio protects devices from such threats. Illumio PCE includes a map where I can see all communication similar to micro-segmentation, including details about the production environment, its location, and the web application. Everything can be micro-segmented, allowing me to segment the network and protect it comprehensively.
What is most valuable?
The best feature of Illumio is micro-segmentation. Within the same segment of a network or device, I can create micro-segmentation based on location, environment, and roles. I can customize what exactly each particular endpoint device is and accordingly write rules to manage communication through inbound and outbound rules, allowing or denying communication as required.
While working with micro-segmentation and setting rules based on roles or locations, managing and updating policies in Illumio does not take considerable time because I have intra-scope and extra-scope rules. If I make a rule and need to modify it, I simply adjust the scope accordingly. When a new workstation comes into the network, I only need to apply the labels to that workstation, and it merges into a policy automatically without needing to modify the policy unless absolutely necessary.
Deploying the VEN is straightforward, as I can deploy it on Windows, Linux, and macOS operating systems. In my organization, we have deployed it on approximately 300,000 devices, and it is easily manageable through Illumio. We have a cloud, SaaS-based environment of the PCE where I manage all those devices, making deployment very straightforward.
Illumio has positively impacted my organization by protecting devices not only from external threats but also from internal ones. If any single PC becomes compromised by an external or internal attack, I can isolate those PCs or devices. If any server becomes compromised, I can isolate it as well, which is a wonderful feature of Illumio.
What needs improvement?
Illumio can be improved in several areas based on our feedback. Sometimes, the PCE experiences slowness, especially when deploying around 300,000 endpoint devices. When these devices communicate within the network, loading the map or connections can cause latency, which needs improvement for a more user-friendly and faster experience.
Regarding improvements to the interface, I believe we can add more features to the graphical user interface, such as proper logs. While the logs currently indicate what was blocked or allowed, clicking on a specific log should provide more information, such as which extra-scope rule is causing a denial, offering better analysis for troubleshooting.
For how long have I used the solution?
I have been using Illumio for the last two and a half years.
What do I think about the stability of the solution?
In my experience, Illumio is completely stable.
What do I think about the scalability of the solution?
Regarding scalability, from the PCE, I can push policies or use scripting to facilitate scalability. By employing Linux scripting or other methods, I can push the policy to all devices at once, making it easy to scale.
How are customer service and support?
Customer support from Illumio is exceptional. Whenever I raise a case with their support team, regardless of the priority level—P1, P2, P3, or P4—they generally reply within an hour and are available for a call whenever needed, providing a complete solution.
Which solution did I use previously and why did I switch?
Before using Illumio, we had not utilized a different endpoint security solution. We relied on Windows firewall and our own firewall, which was a legacy system that could not provide the micro-segmentation we required, prompting us to switch to Illumio for better security.
How was the initial setup?
Since implementing Illumio, my organization has seen a reduction in work effort, and it helps to secure the network efficiently. For example, we have several endpoint devices located in different locations. I can create extra-scope or intra-scope rules to simplify communication while managing their Windows firewall and other firewalls through Illumio.
What was our ROI?
I have seen a good return on investment with Illumio, and it definitely saves our time. Additionally, if we were to buy any other product besides Illumio, we would need to invest more. Illumio serves as a single endpoint technology where I can implement various features, including a zero-trust network, north-to-south and east-to-west configurations, and micro-segmentation, all coming from one platform, which ultimately saves us time and money.
Which other solutions did I evaluate?
While choosing Illumio, we did not evaluate other options since we received an offer for a trial, and it turned out to be a wonderful experience without trying other vendors or technologies so far.
What other advice do I have?
For others looking into using Illumio, I would advise purchasing and testing this product, as it will provide immense satisfaction regarding security and user-friendliness.
Granular visibility has transformed how we secure east‑west traffic and contain lateral threats
What is our primary use case?
I was engaged in a deployment of Illumio, where in my previous project, I actually worked for 3,500 endpoints, so I needed to deploy the VENs on individual workplaces and then onboard them to PCE, then make them on segmentation, and finally, make their entire network in segmentation. I handled the entire deployments.
Challenges in the sense of multiple applications present on a customer's premises require you to engage with the application owners first to understand their necessary communication paths. Once you deploy the VEN and obtain a visualized map over the PCE, you gain an understanding of how the communication is going, but you need to verify with the application owner whether the communication traffic between the applications and servers is legitimate or authorized or not, based on which you create the policies. I found that bit critical, engaging with the application owners and obtaining their confirmations. Apart from that, everything else goes smoother from my end. Every other scope and deliverables, whatever is possible by Illumio, turn out to be an almost smoother process.
My main experience includes completing two projects. On both projects while installing the VENs, on one of the sites, we found that we needed to label manually as the CMDB was not integrated, necessitating us to understand the application's behavior, location, roles, and other metadata for all the workloads before preparing the labeling. In the other project, the CMDB was already present on the infrastructure, so it was easier to get authorized. Another use case involved using automation for Windows and Linux with Jenkins during the deployment of the VENs, spreading pairing profiles to all workloads, leading to smooth onboarding. It took some time to finalize the execution of the policies in draft mode before switching to enforcement mode, but it was more realistic and challenging to achieve the exact outcomes we expected.
What is most valuable?
The best feature Illumio offers, in my opinion, is the visibility map, which provides a useful end-to-end traffic connection. It gives details at a granular level about what applications are communicating inside your network, making it easier to create policies. Once you know the communication paths and identify the legitimate users, you can effectively prepare those policies.
The granular visibility provided by the visibility map changes the way we manage network security or policy creation by allowing us to directly refer to nano-segmentation. We can see which specific ports are being accessed, enabling us to segregate or segment the policy rules based on those security ports. This allows for more granular control over communication, tightening security. We have two modes of enforcement in Illumio; before applying enforcement rules, we utilize visibility to get details of the traffic, draft our policies, and ensure the targeted audience is met before enforcement. Initially, we allow traffic and then block everything else except the allowed policies on Illumio, which helps tighten the security of the east-west traffic within our network.
I observed another important feature in Illumio—it is not just replacing the perimeter firewall. A perimeter firewall provides a different level of security, whereas Illumio controls the local firewall. Illumio coexists with other non-Illumio processes that control the local firewall, and in that scenario, it can detect and alert users about local firewall tampering, allowing for better control over workloads.
Illumio positively impacts our organization through granular level segmentation of communication traffic. Initially, security controls depend on the network and applications, but with Illumio, we manage how one host communicates to another and the necessary paths that need to remain open, which reduces unauthorized communications. If any devices are compromised, Illumio instantly notifies us and isolates dangerous hosts, decreasing the spread of ransomware or other threats.
What needs improvement?
Illumio supports both on-prem and cloud environments, but I think the GUI interface could be more user-friendly. The integration with other tools such as SIEM and SOAR could also be improved for easier use in the future.
I did not give it a 10 mainly due to the issue with user-friendly GUI experience and the integrations with third-party tools. The technical certifications and learning paths could also be enhanced with more videos or advisories for better understanding.
For how long have I used the solution?
I have been using Illumio for 1.5 years.
What do I think about the stability of the solution?
Illumio is stable.
What do I think about the scalability of the solution?
Illumio's scalability is good.
How are customer service and support?
The customer support is very prominent. Whenever we reach out for assistance, they respond well.
Which solution did I use previously and why did I switch?
We did not have any previous solution such as Illumio; this is the first one we considered for protecting east-west traffic.
How was the initial setup?
I found the pricing, setup cost, and licensing to be minimal and realistic.
What about the implementation team?
We are a partner of Illumio. In our initial days, we trained with Illumio through multiple certifications, which helps us understand customer requirements and how we deploy Illumio in different projects.
What was our ROI?
Illumio definitely demonstrates its value in money-saving capabilities, enhancing our lateral environment inside the organization and providing effectiveness overall once integrated.
What's my experience with pricing, setup cost, and licensing?
One of the sites purchased Illumio through AWS, and at another site, it has been procured directly from Illumio as they provide their own region, cloud, and bucket.
Which other solutions did I evaluate?
Before choosing Illumio, we evaluated other options such as Cisco Secure Workload and Akamai Guardicore before deciding to go with Illumio.
What other advice do I have?
For others looking into using Illumio, my advice is to activate the agent on the local workloads and set it to visibility mode for at least two weeks to gather insights on all communication before finalizing security policies. The more time you spend in visibility mode, the better understanding you will have of internal traffic, making it easier to create effective policies.
The technical training part on Illumio includes multiple certifications, and I recognize it as one of their finest initiatives. I gave this review a rating of 9 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Micro-segmentation has strengthened server traffic control and improves breach containment
What is our primary use case?
The main use case for Illumio involves working on any new applications enrolled into the architecture, where I focus on understanding the traffic and documenting rules. I often face issues with agent and PC console communication, so in those cases, I suspend the agent, check the services, and make sure to activate and deactivate. I perform all types of troubleshooting to ensure the agent communicates properly with the PC console and fetches the policies actively.
For new applications onboarded into the infrastructure, I first work on understanding the application, the users, and whether it is in production, development, testing, or UAT, which involves grasping the basic structure. Then I work closely with application teams to identify what communication needs to be allowed and what is not required. After the agent is installed on those servers, we move them from idle to visibility to monitor traffic for a week. This involves exporting a report and closely collaborating with application teams to define which traffic requires rules and segregating the non-required traffic by source and destination. This documentation leads to a precise mapping of traffic, allowing me to create rules for the servers. The agents are eventually moved to visibility to selective enforcement for some and full enforcement for others, while also providing teams with guidance on future communications and necessary actions, all of which are clearly documented.
What is most valuable?
Illumio is a very good tool that is flexible, with policies written using labels such as environment, application, role, and location rather than IP addresses, making policy management scalable and easy to maintain in dynamic environments. However, the initial setup requires careful planning, and improperly configured policies can block communications between applications. Troubleshooting may require a deep understanding of traffic logs and flow data, alongside previously written policies. Additionally, agent dependency is a consideration since any agent-related issues can affect policy application, making proper monitoring of agent health crucial. Overall, Illumio is a powerful tool for micro-segmentation and zero trust security that provides strong visibility, flexible policy management, and effective threat containment, enhancing an organization's internal security posture. It is not just a security tool but a strategic solution for modern infrastructure security that can significantly reduce the risk of lateral movement and improve overall network security with proper implementation.
The best features Illumio offers include real-time control of traffic between servers and allowing required communication based on specified ports while blocking unwanted ports. It provides breach containment, preventing communication on unapproved ports, and offers full visibility of traffic flows that helps in troubleshooting and audits, with traffic mapping generated by a central controller that analyzes and creates policies based on labels instead of IPs. Policy management is highly scalable, and the lightweight agent can be easily installed on each server, enabling policy simulation to check impact before enforcement using a draft view.
These features are incredibly valuable, including predefined templates that save time and reduce manual errors, resulting in massive scalability that is suitable for larger enterprises, which represent the best features of Illumio for micro-segmentation and real-time visibility.
What needs improvement?
Illumio requires me to create policies for each type of traffic, and for new users, the policy design can be a bit complex. More guided onboarding or automatic policy suggestions would help teams adapt to Illumio faster without needing extensive expertise. While I do not find issues with the interface, first-time users might struggle with navigation. Current limitations also include the integration with tools such as SIM not being seamless, and support for Splunk and Sentinel could be improved. More AI automation in policy creation, such as auto policy recommendations and anomaly detections, would reduce manual processes and human errors. Additionally, old operating systems may not be fully supported, and broader compatibility for the agent or an agent-less option would be beneficial.
Enhanced reporting and analytics would be useful, as current reporting is basic, so improvements such as more customizable reports, compliance reports, and executive dashboards are needed due to their use for management and audits. Reducing dependency on the agent is crucial since enforcement depends on agent health, so improvements such as a backup enforcement mechanism and better agent monitoring or auto-recovery would increase reliability.
For how long have I used the solution?
I have been using Illumio for the past five years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
Illumio's scalability is very good; it is quite easy to scale.
How are customer service and support?
Customer support is really good.
Which solution did I use previously and why did I switch?
I have not used any other solutions before Illumio. Prior options were not evaluated before choosing Illumio.
What other advice do I have?
I give Illumio a rating of nine out of ten.
I gave it a nine out of ten due to some small changes I previously mentioned regarding improvements needed for Illumio, such as the dependency on agent health and requests for a simplified dashboard along with AI-based auto policy recommendations. The policy creation process is mostly manual, so AI-based recommendations would be useful. It is an excellent tool for cybersecurity, especially for micro-segmentation, preventing attacks from spreading from one compromised server to others in the infrastructure. With some additional improvements, particularly for first-time users and their understanding, it could reach a perfect score of ten.
Illumio is a great product for managing server-to-server communication properly. It is scalable and user-friendly, but first-time users may experience challenges understanding policy creation, so better guidance is necessary to enhance their learning process. My overall review rating for this product is nine out of ten.
