ILLUMIO ADAPTIVE SECURITY PLATFORM TM



Similar documents
ILLUMIO ADAPTIVE SECURITY PLATFORM TM

SECURING DATA IN TRANSIT

2015 DevOps SECURITY GUIDE For continuous application delivery

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

How To Make A Virtual Machine Aware Of A Network On A Physical Server

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Securing Virtual Applications and Servers

The Impact of Virtualization on Cloud Networking Arista Networks Whitepaper

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Network Virtualization Solutions - A Practical Solution

Proactively Secure Your Cloud Computing Platform

Netzwerkvirtualisierung? Aber mit Sicherheit!

Itex VMware NSX Network Virtualization Presentation

Secure Cloud-Ready Data Centers Juniper Networks

Business Values of Network and Security Virtualization

Data Center Micro-Segmentation

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

Shareable Private Space on a Public Cloud

OVERVIEW. The complete IaaS platform for service providers

Cisco Intercloud Fabric for Business

2) Xen Hypervisor 3) UEC

How To Build A Software Defined Data Center

A BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD

HP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Microsegmentation Using NSX Distributed Firewall: Getting Started

Trend Micro. Advanced Security Built for the Cloud

Boas Betzler. Planet. Globally Distributed IaaS Platform Examples AWS and SoftLayer. November 9, IBM Corporation

SUSE Cloud 2.0. Pete Chadwick. Douglas Jarvis. Senior Product Manager Product Marketing Manager

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

OnApp Cloud. The complete platform for cloud service providers. 114 Cores. 286 Cores / 400 Cores

Software Defined Data Centers Network Virtualization & Security. Jeremy van Doorn Director of Systems Engineering EMEA, Network & Security

SYMANTEC DATA CENTER SECURITY: SERVER ADVANCED 6.5

cloud functionality: advantages and Disadvantages

Simplified Private Cloud Management

The Virtualization Practice

IT Security at the Speed of Business: Security Provisioning with Symantec Data Center Security

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Simplifying Private Cloud Deployments through Network Automation

Impact of Virtualization on Cloud Networking Arista Networks Whitepaper

Overview. The OnApp Cloud Platform. Dashboard APPLIANCES. Used Total Used Total. Virtual Servers. Blueprint Servers. Load Balancers.

ALCATEL-LUCENT OMNIVISTA 2500 NETWORK MANAGEMENT SYSTEM

Cloud-ready network architecture

Vyatta Network OS for Network Virtualization

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

CloudPassage Halo Technical Overview

McAfee Public Cloud Server Security Suite

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

RightScale mycloud with Eucalyptus

VMware vcloud Networking and Security Overview

Sistemi Operativi e Reti. Cloud Computing

All the benefits of Public Cloud on Private, Dedicated Infrastructure. Benefits. Enterprise-Level Security. High Performance. Compliant and Audited

How the Software-Defined Data Center Is Transforming End User Computing

Data Center Virtualization and Cloud QA Expertise

HRG Assessment: Stratus everrun Enterprise

Cloud Models and Platforms

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Cloud Computing for SCADA

locuz.com A comprehensive orchestration tool for setting up private and hybrid clouds

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

How To Protect Your Cloud From Attack

Introduction to OpenStack

Limiting the Spread of Threats: A Data Center for Every User

SDN Security for VMware Data Center Environments

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

7 Ways OpenStack Enables Automation & Agility for KVM Environments

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Tufin Orchestration Suite

SERVER 101 COMPUTE MEMORY DISK NETWORK

HP Intelligent Management Center Enterprise Software Platform

Protecting your Data in a New Generation Virtual and Physical Environment

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Windows Server 2003 Migration Guide: Nutanix Webscale Converged Infrastructure Eases Migration

CoIP (Cloud over IP): The Future of Hybrid Networking

HP Intelligent Management Center Standard Software Platform

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Network Access Control in Virtual Environments. Technical Note

Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

Logging and Alerting for the Cloud

Software-Defined Networks Powered by VellOS

Citrix XenServer Industry-leading open source platform for cost-effective cloud, server and desktop virtualization. citrix.com

Security and Billing for Azure Pack. Presented by 5nine Software and Cloud Cruiser

Network Virtualization

VMware vcloud Networking and Security

Covering my IaaS: Security and Extending the Datacenter. Brian Bourne Tadd Axon

CISCO WIRELESS CONTROL SYSTEM (WCS)

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Cloud and Data Center Security

Transcription:

ILLUMIO ADAPTIVE SECURITY PLATFORM TM HIGHLIGHTS Security with Intelligence Illumio ASP is powered by the breakthrough PCE. The PCE contextualizes all traffic flows, services, and processes on application workloads to provide visibility, segmentation, and instant traffic encryption. It continuously incorporates changes e.g., auto scale, workload moves, and IP changes and modifies security policies accordingly. It is like having an additional member of your security team delivering the optimal security for the interior of your data center and cloud 24/7/365. Adaptive Segmentation With Illumio ASP, your segmentation and enforcement is attached to your workloads, allowing you to secure individual applications and processes without changing subnets, firewalls rules, zones, and VLANs or changing any of your infrastructure. Traffic and Policy Visibility Down to the Process Illumination shows all application hosts and their traffic, including the processes being accessed. This visibility lets you create well-informed security policies. Works on Anything Illumio ASP gives you the freedom to work on any combination of computing bare metal, virtual machines, and containers. Organizations can now evolve their computing securely. Works Everywhere Illumio decouples security from the network and the hypervisor, allowing your security to work across any combination of data centers and public clouds with no infrastructure requirements. Quarantine Bad Actors in Seconds, Not Months See unauthorized workload communications (policy violations) in real time. Quarantine with one click or through automation. On-Demand, Policy-Based Encryption Implement IPsec connections for applications across environments with a single click. Rich Automation Compatible APIs Illumio s REST API integrates seamlessly with orchestration tools. All management can be done via API or using Illumio ASP s intuitive management. Enterprise Scale and Reliability Illumio s software is built for distributed scale out with a self-healing, redundant architecture. Enforcement remains consistent, even during system outage. The combination of change, heterogeneity, and scale within data centers and clouds has dramatically increased security complexity: it has grown beyond people s ability to manage manually. The Illumio Adaptive Security Platform (ASP) solves this problem by securing workloads with no dependency on the underlying infrastructure. With its patented Policy Compute Engine (PCE), Illumio ASP delivers the optimal security for every application and workload running in your data center and public or private cloud. By creating the most granular segmentation approach for applications, Illumio ASP massively reduces the attack surface compared to traditional network-centric approaches. It s like having an additional member of your security team that never sleeps. The Policy Compute Engine within Illumio ASP collects: Processes on application workloads Customers are using Illumio ASP to: Workload information Application context Ringfence Applications: Isolate and protect applications without changes to subnets, zones, and VLANs. Achieve Environmental Separation: Eliminate the need for any complex or fragile network configuration changes. Securely Migrate Applications: Migrate applications within data centers to/from other data centers and public clouds with security intact. Secure Hybrid Infrastructure: Secure any combination of bare-metal servers, VMs, and containers running in any combination of data centers and private or public clouds. Discover your data center and cloud computing Illumio ASP s Illumination service provides connection information and workload context to the PCE, where it discovers interactions between workloads and applications. It s like an MRI machine for your data center and public cloud. Define the most granular adaptive security through a descriptive policy With Illumio ASP, you can write natural-language policies, and then the PCE marries those policies with the context from each workload. The security DS20151211 1

policies are manifested into firewall rules that protect each workload running within your data center and public or private cloud. If there is any change (auto scale, scale down, new interfaces, etc.), it updates the policies and enforcement only on impacted hosts. Defend your most trusted assets Illumio ASP dramatically reduces your attack surface by locking down all but the few, necessary communications among workloads. This massively reduces exposure to bad actors. Compartmentalizing your applications and workloads mitigates the ability of internal threats to move sideways. In addition, if a workload tries to establish a connection that breaks a policy, you are alerted and you can even see what the bad actor was trying to access. ILLUMIO ASP ARCHITECTURE There are two components to Illumio ASP: the centralized Policy Compute Engine and the Virtual Enforcement Node (VEN) that is attached to each operating system instance (workload). WORKLOADS Context & Telemetry Data Center Security Policy Virtual Enforcement Node (VEN) Antenna installed or baked in to image Linux & Windows Policy Compute Engine (PCE) Central Brain Consumed via cloud or on premises VIRTUAL ENFORCEMENT NODE (VEN) Think of the VEN as an antenna. At the direction of the PCE, it activates the stateful firewall available in the compute layer: iptables for Linux or the Windows Firewall Platform. The VEN is not in line, is not a host-based firewall, is not a kernel modification, and does not send packet data to the PCE. This enables your security to work anywhere (private data center, private cloud, or public cloud) on anything (bare-metal server, virtual machine, or container) with no dependency on the infrastructure. POLICY COMPUTE ENGINE (PCE) Think of the PCE as a member of your security staff. At the PCE console, administrators write simple descriptive security policies. The PCE then processes the context and telemetry from VENs in real time to create actionable security instructions. In addition, the PCE: Visualizes traffic between hosts Determines the optimal security for each application Detects any policy violations Incorporates any changes from hosts into the security instructions 2

ILLUMIO ASP SERVICES Illumio ASP includes three key services: Illumination, Enforcement, and SecureConnect. These services enable enterprises to instantiate security policies that work on any combination of infrastructure and bare-metal server, VM, or container. Illumination Enforcement SecureConnect Visualize and understand applications and workload relationships Enforce security with natural-language policies Encrypt data in transit using IPsec connectivity Illumination Illumio ASP monitors traffic flows, and provides comprehensive visualization of application topology. Illumination displays all workload communications within and between applications in an interactive, graphical map. This enables administrators to design well-informed security policies and see policy violations in real time. Security policies are built visually and tested before they are enforced to ensure they do not break applications. Enforcement Illumio ASP offers the industry s most granular range of segmentation options from geography and environment down to a process on a host (e.g., micro-segmentation). The Illumio policy model enables enforcement using any combination of Illumio s multi-dimensional tagging (workload Role, Application, Environment, and Location). This industry first is ideal for intra- and inter-application traffic, and for environmental separation within or across data centers, public clouds, and hybrid environments. Illumio users create natural-language policies to describe the relationship among application workloads. No knowledge of IP addresses, VLANs, subnets, zones, or security groups is required to create a policy. For instance, an Illumio policy might read ERP web servers can use ERP postgres databases. The Illumio PCE uses those policies to implement both inbound and outbound rules for each impacted workload or process. 3

Illumio ASP extends application segmentation to additional devices, including F5, NGINX, and other open-source load balancers as well as the F5 Application Firewall Module. SecureConnect Illumio ASP provides on-demand IPsec connectivity between workloads running anywhere, with no need to change the network or add hardware. With SecureConnect, administrators can configure and enforce encryption of data in transit with one click. IPsec connections no longer need to be set up manually they can be enabled between any combination of Linux and Windows workloads running anywhere. 4

SYSTEM REQUIREMENTS VEN Linux workloads CentOS 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 6.3, 6.4, 6.5 Amazon 2012.09, 2013.03, 2013.09, 2014.03, 2014.09 Red Hat 5.5, 5.6, 5.7, 5.8, 5.9, 5.10, 6.3, 6.4, 6.5 Ubuntu 12.04 (Precise Pangolin), 14.04 (Trusty Tahr) Debian 7.0 (Wheezy) Windows workloads Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Environments Any hypervisor (e.g., VMware, Hyper-V, KVM, Xen) in any cloud Bare-metal servers Private data centers Any public cloud (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform, Rackspace Cloud) PCE Delivery Methods Illumio Secure Cloud Edition Data Center Software Edition Browsers for web console Google Chrome 34 or above Mozilla Firefox 28 or above Microsoft Internet Explorer 10 or above ILLUMIO ASP BENEFITS BENEFIT Reduces the threat attack surface by 99% Stops the spread of attacks Delivers security that works anywhere Visualizes real-time traffic inside data centers and clouds Enables compliance Reduces security errors and eliminates up to 90% of firewall rules DESCRIPTION Security is bound to, and moves with, every application workload (VM or physical server) and process. Security adapts as applications change, scale, or migrate. Applications can be nano-segmented down to individual processes on workloads. Security is based on precise inbound and outbound rules for interactions between workloads and processes. All other connection attempts are blocked. Security is decoupled from the network or hypervisor and works across any data center, private, and public cloud. Real-time communications between workloads within and across applications are displayed in an interactive graphical map. Policy violations are identified and displays alerts are displayed. PCI, HIPAA, and other compliance requirements are easier to meet with one-click IPsec that encrypts data in transit between workloads running anywhere. Nano-segmentation without network dependencies simplifies the separation of environments. Natural-language security policies eliminate error-prone rules written with IP addresses, ports, VLANs, and zones. API-based integration with orchestration tools like Chef and Puppet helps achieve DevOps speed securely. ABOUT ILLUMIO Illumio delivers adaptive security for every computing environment, protecting the 80 percent of data center and cloud traffic missed by the perimeter. The company s Adaptive Security Platform visualizes application traffic and delivers continuous, scalable, and dynamic policy and enforcement to every bare-metal server, VM, and container in data centers and public clouds. Using Illumio, enterprises such as Morgan Stanley, Plantronics, NTT, and Creative Artists Agency have achieved secure application and cloud migration, environmental segmentation, high-value application protection from breaches and threats, and compliance with no changes to applications or infrastructure. For more information, visit www. or follow us on Twitter @Illumio. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information