Illumio Takes New Cloud, Data Center Security Approach - InformationWeek
Cloud // Software as a Service
09:55 AM
Connect Directly
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Illumio Takes New Cloud, Data Center Security Approach

Security startup Illumio has launched a granular scheme based on individual workloads, not firewalls or network monitoring.

7 Cool Wearables For Pets
7 Cool Wearables For Pets
(Click image for larger view and slideshow.)

Firewalls and perimeter security will never cut it against a rapidly changing foe, says startup Illumio. It's launching its heart-of-the-data-center approach to security for bare-metal and virtual servers. It will also work with either type of server, whether they're on-premises or in the cloud.

Illumio's Adaptive Security Platform is built around the idea that each application or workload must have its own defenses. Firewalls at the perimeter require too much manual intervention when the nature of the threat changes. The Adaptive Security Platform monitors workloads, builds a graph of their relationships, then applies policies to its operations. If malware or an intruder prompts it to do something outside its normal scope of activity, then policies trigger a halt to the activity.

"We do more than monitor the workloads," said P. J. Kirner, CTO and co-founder of Illumio, in an interview. Its system learns what other applications each workload is meant to talk to and what services it depends on by watching the Internet Protocol (IP) tables of a Linux system and the filtering platform of a Windows system. A "virtual enforcement node" is embedded in each workload's operating system to watch the filtering or IP table use and report on the activity.

The reporting goes to a policy-compute engine on a central server. Illumio will offer the policy engine through two Illumio Secure Cloud data centers. The policy engine may also be installed on an on-premises server.

[Want to learn more about the hypervisor-based security approach? See Why Goldilocks Zone Of Data Center Security Makes Sense.]

Based on what it learns, the policy engine formulates policies for each application, based on the work it's supposed to do and the other parties it's supposed to talk to. Attempted violations of the policies trigger blocking actions, said Kirner.

The policy engine can recognize when an application has been changed and new functionality or connections added to it, and automatically adjust its policies accordingly. It sets up policies and adjusts to changed conditions in minutes, not days as some manual adjustments sometimes require.

Such an approach allows the Adaptive Security Platform to block the spread of malware once it is past the perimeter safeguards. It takes minutes for the policy engine to decide what a workload's policies should be and apply them. "It adapts to changes in applications and stops the lateral spread of attacks, without any changes to applications themselves," Kirner noted.

Illumio says its security approach 'enable[s] the DevOps model.'
Illumio says its security approach "enable[s] the DevOps model."

Martin Casado, former CEO of Nicira and now VMware's CTO for networking, has proposed that the hypervisor is in an ideal location to monitor applications for secure practices. But Kirnen said the adaptive platform's independence from any piece of the infrastructure was one of its strengths. The virtual enforcement node can be made a provisioning step in the Chef or Puppet configuration engines and automatically embedded in a workload before deployment. That node can continue reporting to the Illumio cloud's policy-compute engine, even if the workload is moved out to a public cloud, such as Amazon Web Services.

Illumio has 25 customers, including Morgan Stanley, Plantronics, Creative Artists Agency, UBS, and NTT I3, the research and development arm of the NTT Group.

"Demystifying security in the migration to cloud is a huge obstacle for enterprises," said Mayan Mathen, senior VP and CTO of NTT I3, in the announcement. With the Illumio platform, "development and operations teams can clearly plan, implement, and visualize the security linkages inside a product, not in ad hoc retrospect," Mayan said.

Corey Voo, UBS's CTO of infrastructure and applied innovation, was quoted in the announcement as saying he was interested in "the micro-segmentation and operational agility it brings" to IT security.

Alan Cohen, Illumio chief commercial officer, said the Sunnyvale, Calif., firm was founded by veterans of McAfee, Nicira, Cisco, Riverbed, and VMware. It's received $42.5 million in funding from several venture capital firms, including General Catalyst, whose managing partner, Steven Herrod, former VMware CTO, has taken an interest in the firm's approach.

In addition to General Catalyst, Illumio is backed by Andreessen Horowitz, Formation 8, Data Collective, and angel investors Marc Benioff,'s CEO, and Jerry Yang, co-founder of Yahoo.

Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data. In the Partners' Role In Perimeter Security report, we'll discuss concrete strategies such as setting standards that third-party providers must meet to keep your business, conducting in-depth risk assessments -- and ensuring that your network has controls in place to protect data in case these defenses fail. (Free registration required.)

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
Charlie Babcock,
User Rank: Author
10/22/2014 | 5:22:21 PM
I should check with Illumio
At the moment, I don't think it works with containers, but am not sure. Illumio watches the interior workings of a communications table of each workload's operating system, after drawing a graph of the application's allowed activity. Many containers share the same operating system kernel, which it seems to me would be a whole different level of complexity for the Illumio platform. Nothing was said about working with containers but we ran out of time during the interview.
User Rank: Author
10/22/2014 | 10:32:00 AM
How does this approach fit in with Docker containers, Charlie?
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll