ILLUMIO ADAPTIVE SECURITY PLATFORM TM



Similar documents
ILLUMIO ADAPTIVE SECURITY PLATFORM TM

SECURING DATA IN TRANSIT

2015 DevOps SECURITY GUIDE For continuous application delivery

How To Make A Virtual Machine Aware Of A Network On A Physical Server

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Securing Virtual Applications and Servers

Cisco Intercloud Fabric for Business

Proactively Secure Your Cloud Computing Platform

Secure Cloud-Ready Data Centers Juniper Networks

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

How To Build A Software Defined Data Center

Netzwerkvirtualisierung? Aber mit Sicherheit!

Network Virtualization Solutions - A Practical Solution

ALCATEL-LUCENT OMNIVISTA 2500 NETWORK MANAGEMENT SYSTEM

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

Shareable Private Space on a Public Cloud

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

SUSE Cloud 2.0. Pete Chadwick. Douglas Jarvis. Senior Product Manager Product Marketing Manager

OVERVIEW. The complete IaaS platform for service providers

Simplifying Private Cloud Deployments through Network Automation

Security and Billing for Azure Pack. Presented by 5nine Software and Cloud Cruiser

The Impact of Virtualization on Cloud Networking Arista Networks Whitepaper

SYMANTEC DATA CENTER SECURITY: SERVER ADVANCED 6.5

VMware vcloud Networking and Security Overview

OnApp Cloud. The complete platform for cloud service providers. 114 Cores. 286 Cores / 400 Cores

Business Values of Network and Security Virtualization

Trend Micro. Advanced Security Built for the Cloud

Data Center Micro-Segmentation

A BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD

Boas Betzler. Planet. Globally Distributed IaaS Platform Examples AWS and SoftLayer. November 9, IBM Corporation

Global Headquarters: 5 Speen Street Framingham, MA USA P F

McAfee Public Cloud Server Security Suite

Overview. The OnApp Cloud Platform. Dashboard APPLIANCES. Used Total Used Total. Virtual Servers. Blueprint Servers. Load Balancers.

cloud functionality: advantages and Disadvantages

Vyatta Network OS for Network Virtualization

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Impact of Virtualization on Cloud Networking Arista Networks Whitepaper

SDN Security for VMware Data Center Environments

SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX

The Virtualization Practice

VMware vcloud Networking and Security

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

How To Install Eucalyptus (Cont'D) On A Cloud) On An Ubuntu Or Linux (Contd) Or A Windows 7 (Cont') (Cont'T) (Bsd) (Dll) (Amd)

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

F5 PARTNERSHIP SOLUTION GUIDE. F5 and VMware. Virtualization solutions to tighten security, optimize performance and availability, and unify access

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Itex VMware NSX Network Virtualization Presentation

Data Center Virtualization and Cloud QA Expertise

Protecting your Data in a New Generation Virtual and Physical Environment

Virtualization & Cloud Computing (2W-VnCC)

Microsegmentation Using NSX Distributed Firewall: Getting Started

HAWAII TECH TALK SDN. Paul Deakin Field Systems Engineer

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Securing the Virtualized Data Center With Next-Generation Firewalls

Learn the Essentials of Virtualization Security

Cloud Computing for SCADA

RightScale mycloud with Eucalyptus

Simplified Private Cloud Management

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

SYMANTEC DATA CENTER SECURITY: MONITORING EDITION 6.5

Network Access Control in Virtual Environments. Technical Note

Cloud and Data Center Security

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

HP PCM Plus v4 Network Management Software Series

Learn the essentials of virtualization security

CA Cloud Overview Benefits of the Hyper-V Cloud

2) Xen Hypervisor 3) UEC

Covering my IaaS: Security and Extending the Datacenter. Brian Bourne Tadd Axon

Data Center Networking Managing a Virtualized Environment

CoIP (Cloud over IP): The Future of Hybrid Networking

Cloud-ready network architecture

Cloud Models and Platforms

How an Open Source Cloud Will Help Keep Your Cloud Strategy Options Open

Hyper-V Network Virtualization Gateways - Fundamental Building Blocks of the Private Cloud

Mobile Cloud Computing T Open Source IaaS

How To Protect Your Cloud From Attack

Virtualization, SDN and NFV

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

HP ProCurve Identity Driven Manager 3.0

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

locuz.com A comprehensive orchestration tool for setting up private and hybrid clouds

IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security

Understand IBM Cloud Manager V4.2 for IBM z Systems

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

CloudPassage Halo Technical Overview

Designing Virtual Network Security Architectures Dave Shackleford

CA Virtual Assurance for Infrastructure Managers

SUSE Manager. A Comprehensive Linux Server Management the Linux Way. Name. Title

vcloud Automation Center Support Matrix vcloud Automation Center 5.2

Transcription:

ILLUMIO ADAPTIVE SECURITY PLATFORM TM HIGHLIGHTS Security with Intelligence Illumio ASP is powered by the breakthrough PCE. The PCE contextualizes all traffic flows, services, and processes on application workloads to provide visibility, segmentation, and instant traffic encryption. It continuously incorporates changes e.g., auto scaling, workload moves, and IP changes and modifies security policies accordingly. It is like having an additional member of your security team delivering the optimal security for the interior of your data center and cloud 24/7/365. Adaptive Segmentation With Illumio ASP, your segmentation and enforcement is attached to your workloads, allowing you to secure individual applications and processes without changing subnets, firewalls rules, zones, and VLANs or changing any of your infrastructure. Traffic and Policy Visibility Down to the Process Illumination shows all application hosts and their traffic, including the processes being accessed. This visibility lets you create well-informed security policies. From the Illumination map, you can drill down to a workload s processes, ports, and protocols. Works on Anything Illumio ASP gives you the freedom to work on any combination of computing bare metal, virtual machines, and containers. Organizations can now evolve their computing securely. Works Everywhere Illumio decouples security from the network and the hypervisor, allowing your security to work across any combination of data centers and public clouds with no infrastructure requirements. Quarantine Bad Actors in Seconds, Not Months See unauthorized workload communications (policy violations) in real time. Quarantine with one click or through automation. On-Demand, Policy-Based Encryption Implement IPsec connections for applications across environments with a single click. Rich Automation-Compatible APIs Illumio s REST API integrates seamlessly with orchestration tools. All management can be done via API or using Illumio ASP s intuitive management. Enterprise Scale and Reliability Illumio s software is built for distributed scale out with a self-healing, redundant architecture. Enforcement remains consistent, even during system outage. The combination of change, heterogeneity, and scale within data centers and clouds has dramatically increased the complexity of security. It has grown beyond people s ability to manage manually. The Illumio Adaptive Security Platform (ASP) solves this problem by automating security. With its patented Policy Compute Engine (PCE), Illumio ASP delivers the optimal security for every application and workload running in your data center and public or private cloud. It continuously optimizes security by incorporating changes, derived from automation, directly from each host. By creating the most granular segmentation approach for applications, Illumio ASP massively reduces the attack surface compared to traditional network-centric approaches. It s like having an additional member of your security team that never sleeps. The Illumio ASP PCE collects: Processes on application workloads Customers are using Illumio ASP to: Workload information Application context Ringfence Applications: Isolate and protect applications without changes to subnets, zones, and VLANs. Achieve Environmental Separation: Eliminate the need for any complex or fragile network configuration changes. Securely Migrate Applications: Migrate applications within data centers and to or from other data centers and public clouds with security intact. Secure Hybrid Infrastructure: Secure any combination of bare-metal servers, VMs, and containers running in any combination of data centers and private or public clouds. Lock Down User Connectivity: Prevent unauthorized access to applications based on user identity. Discover your data center and cloud computing Illumio ASP s Illumination service provides connection information and workload context to the PCE, where it discovers interactions between workloads and applications. It s like an MRI machine for your data center and public cloud. DS201603 1

Define the most granular adaptive security through a descriptive policy With Illumio ASP, you can write natural-language policies, and then the PCE marries those policies with the context from each workload. The security policies are manifested into firewall rules that protect each workload running within your data center and public or private cloud. If there is any change (auto scale, scale down, new interfaces, etc.), it updates the policies and enforcement only on impacted hosts. Defend your most trusted assets The key benefit of Illumio ASP is that it dramatically reduces your attack surface by locking down all but the few, necessary communications among workloads. This massively eliminates exposure to bad actors. Compartmentalizing your applications and workloads mitigates the ability of internal threats to move sideways. In addition, if a workload tries to establish a connection that breaks a policy, you are alerted and you can even see what the bad actor was trying to access. ILLUMIO ASP ARCHITECTURE There are two components to Illumio ASP: the centralized Policy Compute Engine and the Virtual Enforcement Node (VEN) that is attached to each operating system instance (workload). WORKLOADS Context & Telemetry Data Center Security Policy Virtual Enforcement Node (VEN) Antenna installed or baked in to image Linux & Windows Policy Compute Engine (PCE) Central Brain Consumed via cloud or on premises VIRTUAL ENFORCEMENT NODE (VEN) Think of the VEN as an antenna. At the direction of the PCE, the VEN activates the stateful firewall available in the compute layer: iptables for Linux or the Windows Firewall Platform. The VEN is not in line, is not a host-based firewall, is not a kernel modification, and does not send packet data to the PCE. This enables your security to work anywhere (private data center, private cloud, or public cloud) on anything (bare-metal server, virtual machine, or container) with no dependency on the infrastructure. POLICY COMPUTE ENGINE (PCE) Think of the PCE as a member of your security staff. At the PCE console, administrators write simple, descriptive security policies. The PCE then processes the context and telemetry from VENs in real time to create actionable security instructions. In addition, the PCE: Visualizes traffic between hosts Determines the optimal security for each application Detects any policy violations Incorporates any changes from hosts into the security instructions 2

ILLUMIO ASP SERVICES Illumio ASP includes three key services: Illumination, Enforcement, and SecureConnect. These services enable enterprises to instantiate security policies that work on any combination of infrastructure and bare-metal server, VM, or container. Illumination Enforcement SecureConnect Visualize and understand applications and workload relationships Enforce security with natural-language policies Encrypt data in transit using IPsec connectivity Illumination Illumio ASP monitors traffic flows and provides comprehensive visualization of application topology. Illumination displays all workload communications within and between applications in an interactive, graphical map. This enables administrators to design well-informed security policies and see policy violations in real time. Security policies are built visually and tested before they are enforced to ensure they do not break applications. Enforcement Illumio ASP offers the industry s most granular range of segmentation capabilities based on role (e.g., web server), application (e.g., HRM), environment (e.g., development), location (e.g., Germany), and user identity (e.g., contractor). This industry first is ideal for intra- and inter-application traffic, and for environmental separation within or across data centers, public clouds, and hybrid environments. Illumio users create natural-language policies to describe the relationship among application workloads. These policies also can be extended to include the users that are authorized to connect to the applications. No knowledge of IP addresses, VLANs, subnets, zones, or security groups is required to create a policy. For instance, an Illumio policy might read ERP web servers can 3

use ERP postgres databases. The Illumio PCE uses those policies to implement both inbound and outbound rules for each impacted workload or process. Illumio ASP also extends enforcement to additional data center assets, including the F5 BIG-IP Local Traffic Manager (LTM), NGINX, and other open-source load balancers. SecureConnect Illumio ASP provides on-demand IPsec connectivity between workloads running anywhere, with no need to change the network or add hardware. With SecureConnect, administrators can configure and enforce encryption of data in transit with one click. IPsec connections no longer need to be set up manually they can be enabled between any combination of Linux and Windows workloads running anywhere. 4

SYSTEM REQUIREMENTS VEN Linux workloads CentOS 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 5.11 CentOS 6.2, 6.3, 6.4, 6.5, 6.6, 6.7 CentOS 7.0, 7.1, 7.2 Red Hat 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 5.11 Red Hat 6.2, 6.3, 6.4, 6.5, 6.6, 6.7 Red Hat 7.0, 7.1 SUSE SLES 11 SP3 SUSE SLES12 Amazon 2012.09, 2013.03, 2013.09, 2014.03, 2014.09, 2015.03, 2015.09 Ubuntu 12.04 (Precise Pangolin), 14.04 (Trusty Tahr) Debian 7.0 (Wheezy), 8.0 (Jessie) Windows workloads Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows 7 Environments Any hypervisor (e.g., VMware, Hyper-V, KVM, Xen) in any cloud Bare-metal servers Private data centers Any public cloud (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform, Rackspace Cloud) PCE Delivery methods Illumio Secure Cloud Virtual Appliance (VMware ESXi 5.0, 5.1, or 5.5) Software (RHEL or CenOS 6.x) Browsers for web console The PCE web console is supported on the most current versions of Chrome and Firefox, and on Internet Explorer 10 or later. ILLUMIO ASP BENEFITS BENEFIT Reduces the threat attack surface by 99% Stops the spread of attacks Delivers security that works anywhere Visualizes real-time traffic inside data centers and clouds Enables compliance Reduces security errors and eliminates up to 90% of firewall rules DESCRIPTION Security is bound to, and moves with, every application workload (VM or physical server) and process. Security adapts as applications change, scale, or migrate. Applications can be nano-segmented down to individual processes on workloads. Security is based on precise inbound and outbound rules for interactions between workloads and processes and the users who are authorized to access them. All other connection attempts are blocked. Security is decoupled from the network or hypervisor and works across any data center, private, and public cloud. Real-time communications between workloads within and across applications are displayed in an interactive graphical map. Policy violations are identified and displays alerts are displayed. PCI, HIPAA, and other compliance requirements are easier to meet with one-click IPsec that encrypts data in transit between workloads running anywhere. Nano-segmentation without network dependencies simplifies the separation of environments. Natural-language security policies eliminate error-prone rules written with IP addresses, ports, VLANs, and zones. API-based integration with orchestration tools like Chef and Puppet helps achieve DevOps speed securely. ABOUT ILLUMIO Illumio delivers adaptive security for every computing environment, protecting the 80 percent of data center and cloud traffic missed by the perimeter. The company s Adaptive Security Platform visualizes application traffic and delivers continuous, scalable, and dynamic policy and enforcement to every bare-metal server, VM, container, and VDI within data centers and public clouds. Using Illumio, enterprises such as Morgan Stanley, Plantronics, NTT, King Entertainment, NetSuite, and Creative Artists Agency have achieved secure application and cloud migration, environmental segmentation, compliance, and high-value application protection from breaches and threats with no changes to applications or infrastructure. For more information, visit www. or follow @Illumio. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information