Securing a Network: Illumio’s PCE

August 27, 2019

Table of Contents

    If you’ve been following our previous posts, then you might have picked up on a trending topic that is critical in today’s security landscape. Visibility. In case you missed the other posts or just need a recap to jog your memory – if you don’t know what’s on your network (either device, application or user), then you can’t fully protect against it. 

    With that in mind, we last covered how Illumio achieves adaptive segmentation and control of network traffic through visibility. This is done in four steps: context, risk mitigation, policy testing and compliance.

    Illumio then uses the visibility insights to create an application dependency map. The live map provides complete context by showcasing workloads, applications, and traffic flow across an environment. Users use actionable insights on how applications communicate and identify risks and vulnerabilities. 

    The Policy Compute Engine 

    The visibility and the application dependency map are just a part of Illumio’s core Policy Compute Engine (PCE). The PCE digests, builds and connects data using the visibility insights to create the application dependency map. The combination of the map and other PCE features (metadata-driven, natural language policy, multi-dimensional, distributed enforcement, adaptive policy and automation integration) allows for smart, adaptive segmentation ultimately successfully securing networks. 

    Further understanding visibility’s role in adaptive segmentation 

    The ever-changing security landscape and today’s data center are forcing the shift to dynamic approaches. Adaptive segmentation is a dynamic and flexible method which recognizes that multiple tools are being used and each has a specific job. The range of adaptive segmentation involves coarse-grained segmentation, micro-segmentation, sub-workload (or nano) segmentation and user segmentation. 

    To properly segment, it’s important to understand the applications on the network. Visibility leads to segmentation by providing network traffic and application workload information for further analysis and categorization based upon predetermined policies. Again, it’s hard to gatekeep something when you don’t know what it is or that it’s even there. 

    So, really what we’re saying is that visibility is an important step in the security process, and we should talk. Let’s get together – you, your team and our trusted advisors – and see what visibility your organization has today and if it could benefit from deeper visibility, adaptive segmentation and the Illumio platform. 

    Network-Control-with-Illumio-Copy-1