Illumio Takes New Cloud, Data Center Security Approach - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Software as a Service
09:55 AM
Connect Directly

Illumio Takes New Cloud, Data Center Security Approach

Security startup Illumio has launched a granular scheme based on individual workloads, not firewalls or network monitoring.

7 Cool Wearables For Pets
7 Cool Wearables For Pets
(Click image for larger view and slideshow.)

Firewalls and perimeter security will never cut it against a rapidly changing foe, says startup Illumio. It's launching its heart-of-the-data-center approach to security for bare-metal and virtual servers. It will also work with either type of server, whether they're on-premises or in the cloud.

Illumio's Adaptive Security Platform is built around the idea that each application or workload must have its own defenses. Firewalls at the perimeter require too much manual intervention when the nature of the threat changes. The Adaptive Security Platform monitors workloads, builds a graph of their relationships, then applies policies to its operations. If malware or an intruder prompts it to do something outside its normal scope of activity, then policies trigger a halt to the activity.

"We do more than monitor the workloads," said P. J. Kirner, CTO and co-founder of Illumio, in an interview. Its system learns what other applications each workload is meant to talk to and what services it depends on by watching the Internet Protocol (IP) tables of a Linux system and the filtering platform of a Windows system. A "virtual enforcement node" is embedded in each workload's operating system to watch the filtering or IP table use and report on the activity.

The reporting goes to a policy-compute engine on a central server. Illumio will offer the policy engine through two Illumio Secure Cloud data centers. The policy engine may also be installed on an on-premises server.

[Want to learn more about the hypervisor-based security approach? See Why Goldilocks Zone Of Data Center Security Makes Sense.]

Based on what it learns, the policy engine formulates policies for each application, based on the work it's supposed to do and the other parties it's supposed to talk to. Attempted violations of the policies trigger blocking actions, said Kirner.

The policy engine can recognize when an application has been changed and new functionality or connections added to it, and automatically adjust its policies accordingly. It sets up policies and adjusts to changed conditions in minutes, not days as some manual adjustments sometimes require.

Such an approach allows the Adaptive Security Platform to block the spread of malware once it is past the perimeter safeguards. It takes minutes for the policy engine to decide what a workload's policies should be and apply them. "It adapts to changes in applications and stops the lateral spread of attacks, without any changes to applications themselves," Kirner noted.

Illumio says its security approach 'enable[s] the DevOps model.'
Illumio says its security approach "enable[s] the DevOps model."

Martin Casado, former CEO of Nicira and now VMware's CTO for networking, has proposed that the hypervisor is in an ideal location to monitor applications for secure practices. But Kirnen said the adaptive platform's independence from any piece of the infrastructure was one of its strengths. The virtual enforcement node can be made a provisioning step in the Chef or Puppet configuration engines and automatically embedded in a workload before deployment. That node can continue reporting to the Illumio cloud's policy-compute engine, even if the workload is moved out to a public cloud, such as Amazon Web Services.

Illumio has 25 customers, including Morgan Stanley, Plantronics, Creative Artists Agency, UBS, and NTT I3, the research and development arm of the NTT Group.

"Demystifying security in the migration to cloud is a huge obstacle for enterprises," said Mayan Mathen, senior VP and CTO of NTT I3, in the announcement. With the Illumio platform, "development and operations teams can clearly plan, implement, and visualize the security linkages inside a product, not in ad hoc retrospect," Mayan said.

Corey Voo, UBS's CTO of infrastructure and applied innovation, was quoted in the announcement as saying he was interested in "the micro-segmentation and operational agility it brings" to IT security.

Alan Cohen, Illumio chief commercial officer, said the Sunnyvale, Calif., firm was founded by veterans of McAfee, Nicira, Cisco, Riverbed, and VMware. It's received $42.5 million in funding from several venture capital firms, including General Catalyst, whose managing partner, Steven Herrod, former VMware CTO, has taken an interest in the firm's approach.

In addition to General Catalyst, Illumio is backed by Andreessen Horowitz, Formation 8, Data Collective, and angel investors Marc Benioff,'s CEO, and Jerry Yang, co-founder of Yahoo.

Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data. In the Partners' Role In Perimeter Security report, we'll discuss concrete strategies such as setting standards that third-party providers must meet to keep your business, conducting in-depth risk assessments -- and ensuring that your network has controls in place to protect data in case these defenses fail. (Free registration required.)

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
Charlie Babcock,
User Rank: Author
10/22/2014 | 5:22:21 PM
I should check with Illumio
At the moment, I don't think it works with containers, but am not sure. Illumio watches the interior workings of a communications table of each workload's operating system, after drawing a graph of the application's allowed activity. Many containers share the same operating system kernel, which it seems to me would be a whole different level of complexity for the Illumio platform. Nothing was said about working with containers but we ran out of time during the interview.
User Rank: Author
10/22/2014 | 10:32:00 AM
How does this approach fit in with Docker containers, Charlie?
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Flash Poll