Illumio Takes New Cloud, Data Center Security Approach - InformationWeek
IoT
IoT
Cloud // Software as a Service
News
10/22/2014
09:55 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Illumio Takes New Cloud, Data Center Security Approach

Security startup Illumio has launched a granular scheme based on individual workloads, not firewalls or network monitoring.

7 Cool Wearables For Pets
7 Cool Wearables For Pets
(Click image for larger view and slideshow.)

Firewalls and perimeter security will never cut it against a rapidly changing foe, says startup Illumio. It's launching its heart-of-the-data-center approach to security for bare-metal and virtual servers. It will also work with either type of server, whether they're on-premises or in the cloud.

Illumio's Adaptive Security Platform is built around the idea that each application or workload must have its own defenses. Firewalls at the perimeter require too much manual intervention when the nature of the threat changes. The Adaptive Security Platform monitors workloads, builds a graph of their relationships, then applies policies to its operations. If malware or an intruder prompts it to do something outside its normal scope of activity, then policies trigger a halt to the activity.

"We do more than monitor the workloads," said P. J. Kirner, CTO and co-founder of Illumio, in an interview. Its system learns what other applications each workload is meant to talk to and what services it depends on by watching the Internet Protocol (IP) tables of a Linux system and the filtering platform of a Windows system. A "virtual enforcement node" is embedded in each workload's operating system to watch the filtering or IP table use and report on the activity.

The reporting goes to a policy-compute engine on a central server. Illumio will offer the policy engine through two Illumio Secure Cloud data centers. The policy engine may also be installed on an on-premises server.

[Want to learn more about the hypervisor-based security approach? See Why Goldilocks Zone Of Data Center Security Makes Sense.]

Based on what it learns, the policy engine formulates policies for each application, based on the work it's supposed to do and the other parties it's supposed to talk to. Attempted violations of the policies trigger blocking actions, said Kirner.

The policy engine can recognize when an application has been changed and new functionality or connections added to it, and automatically adjust its policies accordingly. It sets up policies and adjusts to changed conditions in minutes, not days as some manual adjustments sometimes require.

Such an approach allows the Adaptive Security Platform to block the spread of malware once it is past the perimeter safeguards. It takes minutes for the policy engine to decide what a workload's policies should be and apply them. "It adapts to changes in applications and stops the lateral spread of attacks, without any changes to applications themselves," Kirner noted.

Illumio says its security approach 'enable[s] the DevOps model.'
Illumio says its security approach "enable[s] the DevOps model."

Martin Casado, former CEO of Nicira and now VMware's CTO for networking, has proposed that the hypervisor is in an ideal location to monitor applications for secure practices. But Kirnen said the adaptive platform's independence from any piece of the infrastructure was one of its strengths. The virtual enforcement node can be made a provisioning step in the Chef or Puppet configuration engines and automatically embedded in a workload before deployment. That node can continue reporting to the Illumio cloud's policy-compute engine, even if the workload is moved out to a public cloud, such as Amazon Web Services.

Illumio has 25 customers, including Morgan Stanley, Plantronics, Creative Artists Agency, UBS, and NTT I3, the research and development arm of the NTT Group.

"Demystifying security in the migration to cloud is a huge obstacle for enterprises," said Mayan Mathen, senior VP and CTO of NTT I3, in the announcement. With the Illumio platform, "development and operations teams can clearly plan, implement, and visualize the security linkages inside a product, not in ad hoc retrospect," Mayan said.

Corey Voo, UBS's CTO of infrastructure and applied innovation, was quoted in the announcement as saying he was interested in "the micro-segmentation and operational agility it brings" to IT security.

Alan Cohen, Illumio chief commercial officer, said the Sunnyvale, Calif., firm was founded by veterans of McAfee, Nicira, Cisco, Riverbed, and VMware. It's received $42.5 million in funding from several venture capital firms, including General Catalyst, whose managing partner, Steven Herrod, former VMware CTO, has taken an interest in the firm's approach.

In addition to General Catalyst, Illumio is backed by Andreessen Horowitz, Formation 8, Data Collective, and angel investors Marc Benioff, Salesforce.com's CEO, and Jerry Yang, co-founder of Yahoo.

Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data. In the Partners' Role In Perimeter Security report, we'll discuss concrete strategies such as setting standards that third-party providers must meet to keep your business, conducting in-depth risk assessments -- and ensuring that your network has controls in place to protect data in case these defenses fail. (Free registration required.)

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
10/22/2014 | 5:22:21 PM
I should check with Illumio
At the moment, I don't think it works with containers, but am not sure. Illumio watches the interior workings of a communications table of each workload's operating system, after drawing a graph of the application's allowed activity. Many containers share the same operating system kernel, which it seems to me would be a whole different level of complexity for the Illumio platform. Nothing was said about working with containers but we ran out of time during the interview.
Laurianne
50%
50%
Laurianne,
User Rank: Author
10/22/2014 | 10:32:00 AM
Containers
How does this approach fit in with Docker containers, Charlie?
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll