Illumio Breach Containment Platform

The main use case for Illumio  is providing micro-segmentation where we don't want to segment the network based on IP addresses but rather segment them based on roles, applications, and environments. Everything that we do from the segmentation point of view is based on the label. Based on the label, we prepare the policies, and then we do the segmentation, which gives us a more granular approach and limits the attack surface from happening. Now the attack surface is limited, and this will happen if any attack occurs; we stop the lateral movement of the attack because we have segmented the environment.

I am managing a project where the client needs Illumio , and we are helping with their environment on the segmentation approach. They have many applications in their environment, and we support them by understanding the environment and applications they have. When we have the full inventory of their applications, we ask them to do the labeling in Illumio based on information such as how many applications they have, what labels we have to give them, and under what categorization those labels should be. For example, which application should be part of this location, this role, this environment, and this application. Based on that, we have created an approach to help our client onboard the applications, wherein we have many activities happening. For example, we review their traffic, conduct ring-fencing, and understand what traffic goes through. After a few days, we understand the required traffic, based on that we draft the policy, have the policy review session, and then finally  enforce the application. All of this occurs alongside the process from the client end; they follow all the processes, and we handle the technical part before finally  enforcing the application.

Illumio is deployed in the cloud environment in Azure .

The best feature that Illumio offers is that we can easily understand how to label the applications, how to install Illumio agent on the client machines, how to install the agent on the servers, and how to do the ring-fencing. The log analysis is very simple, and we can map the traffic very easily, such as the traffic view and map view. We have many views to do that, and then we have a topology environment where we can expand the topology and understand how we want to prepare our policy based on the requirement. These are some of the very good use cases that Illumio provides, which none of the other vendors can offer in such an easy and usable way.

The most important feature is the traffic review analysis, where we use the draft view and the reported view that helps us understand how the application interacts with other applications in the environment, and based on that, we are able to define the policies.

It has increased the business for the organization. We are creating business by supporting the client. The client is getting more security and is more confident in their network because they now have the micro-segmentation feature in their environment. This is new technology and that's how it helps the organization as a whole. The clients we support are benefited, and at the same time, we are making money out of it. This is definitely a good approach.

After implementing Illumio, there has been significant progress. Most of the app owners now understand what applications are communicating, how these applications interact with others, and we are more aware of which application is talking to what other servers and applications, and their roles. For instance, whether an application is talking to the DB server or an app server. We have a more granular understanding of the traffic view. Additionally, after implementing Illumio, there is greater segmentation, and fewer incidents are occurring. There have been times when an attack was halted from expanding laterally.

Illumio can be improved if we have more interactive sessions with the tech team. The support of Illumio can be better since it's a new tool, and people can explore it more. There could also be more examples of how the automations can be done using Illumio.

I have been using Illumio for the last two years.

The solution is very stable.

It is very good. We can expand it wherever we want. We can use it in container environments, install it on servers, and integrate machines in the environment. Scaling it to a large level is not an issue for us.

Customer support is good.

We were about to experience Guardicore, but Guardicore was costly. Illumio is top in the market, and from a cost perspective, it is cheaper than Guardicore, so we chose that.

Time has definitely been saved.

My experience was really good because I think it's not very expensive if we compare it with Guardicore. I believe that's a good product.

I would advise others considering using Illumio to have a basic understanding of networking and some usage of protocols. They should be able to understand what TCP/IP is so they can look into the connections and understand what's happening. Some basic knowledge of networking is required before using Illumio, as well as the concept of micro-segmentation. We should have a proper purpose for using this tool.

I believe the additional thoughts for Illumio are that it's the best in the market. It will remain the best in the market if they continue working on addressing bugs and if customer support is helpful, friendly, and available all the time; I think nobody is going to lose Illumio at all.

We are the partner.

On a scale of 1-10, I rate Illumio a 10. It's best in Gartner. It's the top product in the market for micro-segmentation. The GUI is very simple, and I think there could be nothing better than this.

We are using Illumio  for network micro-segmentation to ensure that all applications comply with Dora compliance. This is an essential part of our infrastructure to ensure security and proper network segmentation.

The strongest aspect of Illumio  is the visual traffic interface, which allows us to see all traffic that communicates with our servers and allied companies. We can write rules that can be embedded into the IP table, making it easy to handle.

Illumio enables us to see network flows, traffic sources, and destinations. The policy generation and enforcement capabilities are valuable, allowing for selective enforcement. Illumio helps in audit purposes by saving data and showing blocked traffic, ensuring no outside traffic is allowed.

There should be an option to upgrade from the console to the latest version instead of performing manual upgrades. This would be more helpful to streamline processes.

I have been using Illumio for more than four years.

Illumio is a stable solution with no glitches or bugs reported, making it a reliable product for us.

Currently, we are working with an on-premises setup however, we plan to scale to cloud with Illumio's new product offerings.

Customer support is excellent. Even if we raise an issue on non-working days like Saturdays or Sundays, we receive prompt responses.

The installation process is straightforward and does not require much time, however, finding server owners and explaining the process takes more time.

We have professional support from Illumio and guidance for troubleshooting or implementation needs.

I cannot provide detailed information on ROI as it is handled by upper management. However, Illumio is known to be the cheapest solution among the security solutions we evaluated.

I do not have specific knowledge about pricing details as it is handled by upper management. I know that Illumio is the cheapest solution in the security area.

For the overall product, I would rate Illumio eight out of ten points.

My advice is to consider Illumio as a strong option for visual traffic interface and network micro-segmentation needs.