Illumio Introduces Adaptive User Segmentation to Battle Cyber Attack Surface
February 18, 2016
In the hit movie Indiana Jones and the Last Crusade, Professor Henry Jones (Sean Connery) in response to a question from his son Indiana (Harrison Ford (News - Alert)) about what he learned from his quest for the Holy Grail says he found it “illuminating.” Interestingly, when it comes to cyber security illumination, aka “visibility”, along with control, are the key weapons IT security professionals yearn for in reducing the attack surfaces that can be exploited by the bad guys. The reasons are obvious, i.e., with visibility and associated controls comes a significant reduction in risk. In short, the ability to be more responsive is spotting and stopping malicious activities.
In the current environment where the actions of bad actors can go undetected for months, having tools that can address known problem areas is critical. Indeed, it is for this reason that introduction, by the appropriately named cybersecurity specialists Illumio, commands attention.
What Illumio has done with the introduction of its Adaptive User Segmentation (AUS) capabilities is to dynamically integrate Microsoft’s (News - Alert) Active Directory entitlements for hundreds of millions of users. In the process it dramatically expands the reach of its Adaptive Security Platform.
Adaptive User Segmentation—what it is and what it does
AUS, as the latest enhancement of the Illumio Adaptive Security Platform (ASP), dynamically calculates and provisions connectivity rules based on user identity to prevent unauthorized communications with, and access to, any Illumio-protected applications. What this means is that the Illumio ASP now can govern how hundreds of millions of users connect to applications across data centers, clouds or hybrid-cloud compute environments.
As Illumio notes in making the announcement, this is the next logical step in its core mission to secure data anywhere it resides. In fact, the concentration on the Microsoft Active Directory, so prevalent is most enterprises, addresses a highly vulnerable attack surface in a rather ingenious manner.
What is different and unique here is that Illumio has fused governance of both workload-to-workload communications and user-to-workload communications. It should also be noted as alluded to above that this is a huge attack surface that is being addressed. Illumio, in fact, points to statcounter.com, which says that Windows 7—the target OS for VDI desktops/laptops connecting to the data center—accounts for just under 50 percent of all desktop operating systems in operation.
The challenge being handled by AUS is a big one. Realities are, as Illumio explains, enterprise end users can see and connect to most, if not all, applications within the data center or cloud environment, regardless of their Active Directory entitlements. Unfortunately, as they highlight, “relying on central systems of record like Active Directory to ensure users only have access to the appropriate assets is no longer sufficient…entitlements and authentication alone are unable to provide the protection required by high-value applications and data.”
What the Illumio ASP approach of writing and delivering a dynamic policy using a white list model what the new capabilities enable is assurance that only the correct users can connect to the appropriate workloads and applications in the data center, public cloud, private cloud or hybrid compute environment.
“Illumio’s mission since our founding has been to help our customers regain control over their applications and data,” said Andrew Rubin, co-founder and chief executive officer of Illumio. “With the introduction of Adaptive User Segmentation, Illumio once again is dramatically reducing computing attack surface through dynamic, policy-driven enforcement that allows users to only connect to the data center and cloud compute they are entitled to access.”
“Illumio’s new capabilities will resonate with security professionals assessing their security posture,” said Jon Oltsik, senior principal analyst, Enterprise Strategy Group (News - Alert). “Security leaders must deal with both sides of the user/data center equation and are well served to do it together rather than separately.”
Seeing is believing
I had the opportunity of walking through a demonstration of AUS with Alan Cohen (News - Alert), Chief Commercial Officer and PJ Kirner, Chief Technology Officer and Co-founder. I can attest to the fact that even me, who is not a certified IT professional and does not play one on the Internet, was impressed by the incredible visibility afforded by the solution as well as its ease of use.
Cohen added a few salient observations that should resonate with readers. First he noted that, “Everything in computing has become more dynamic and security has not, and most attacks occur inside data center, but 90 percent of spend is on the edge.” In short, the security spend is out of line with the threats.
Second, is that by embedding the capability in the compute layer it means that IT has a full view of all of the traffic flows regardless of where they are including in public clouds like AWS.
Third, in terms of visibility and the ability to respond, Cohen explained, “We have shrunk the attack surface and reduced view to only what is being hacked, and in hybrid infrastructures where there is no control to mitigate problems quickly we are enabling rapid response by bring it back into host itself where constant calculations are being done.”
Finally, what is a critical piece of the puzzle is what Cohen and Kirner say is addressing the major problem that the big threats are from the users. Illumio has added illumination by adding information on actual users interconnecting to other users. This is a major step in mitigating the kinds of exploitations that have become all to common fodder for headlines. “We have taken Active Directory and made it part of policy and enforcement models,” stated Cohen. It means that IT can now see and govern what users can log into, and it “effectively turns a laptop into a server inside the data center.”
This is another layer of security as it does not replace existing security tools, but adds to them by preventing unauthorized connections to data center apps that users should not have access to. As Cohen concluded, “We see this approach to security as the next generation of agile computing.” Or, in a word, “illuminating.”
Edited by Maurice Nagle
Article comments powered by