Illumio

Illumio Core stops the spread of cyberattacks and ransomware by enforcing workload security at scale across apps, clouds, containers, data centers, and endpoints. Drastically cut your time to achieve Zero Trust Segmentation with simplified policy creation and automated enforcement.

Illumio Core

Illumio is a micro-segmentation product to segment your applications by using the host-based firewall. Illumio uses a allowlist model, which means all traffic is blocked by default. Without a rule, traffic is not allowed to reach the hosts in your environment.

The Illumio Core consists of two key components — the Policy Compute Engine (PCE) and the Virtual Enforcement Node (VEN).

The PCE is the server side of the Illumio platform. It is the segmentation policy controller and the central manager for the VEN.

The VEN is the agent that is installed on your workloads.

For systems where the agent cannot be installed, you can create unmanaged workloads in the PCE to represent traffic and to use in policy.

Illumio Edge

Endpoint segmentation is as important as data center segmentation because malware can spread when endpoints communicate with each other. Illumio Edge provides strong endpoint security by delivering visibility and segmentation to the endpoint. Illumio Edge delivers endpoint protection that eliminates malicious lateral connections by effectively blocking the east-west traffic. It proactively prevents the spread of breaches even before they are detected.

Illumio Edge has the following key features:

Blocks inbound traffic by default.
Allows outbound traffic by default.
Inbound rules allow traffic from subnets or core services to specific ports.
Works remotely on wireless networks.
Provides the ability to model policy in test and enforced modes.
Enables firewall coexistence mode by default.
Allows you to create separate policies for each endpoint’s domain-connected network versus their external or home networks.

The following diagram details how Illumio Edge provides endpoint control.