The journey of macro and micro segmentation of the Zero Trust framework can be a massive undertaking. Many organizations struggle with where to begin and which technologies to invest in. Illumio monitored by the Fortis ActiveDefense XDR SOC is a great first step and will help you create a Zero Trust network across your endpoints and workloads. 

Illumio works by installing an agent on the endpoints in your network and a policy engine that can reside on your network or in the cloud. The agent does not view or interact with your data but communicates with the operating system’s (OS) native firewall and communication logs. This information is then sent to the policy engine, which creates a map of your network and how communications flow through it. 

Once the policy engine maps your network and communications, you can then create policies in a readable language with labels. Instead of identifying endpoints via IP address, which can change, they can be identified by the four different label types: Role, Application, Environment, and Location. These labels can then be used to create rules for individual endpoints or by groups. For example, Production Databases are allowed to Communicate with Production Application Servers only.

These policies are then pushed to the agents. There the agents tell the OS to use its native built-in firewall to execute the policies. Should you try and do this with an IP address scheme, the policies would be out of date whenever an IP address changes. Misconfigured IP addresses on firewalls are one of the most common attack vectors that allow bad actors to breach a network.

Adding Illumio monitored by Fortis ActiveDefense XDR SOC also increases the efficiency of our analysts. Illumio seamlessly integrates with Splunk, our SIEM. This gives our analysts a more holistic view of your environment with advanced correlation and analytics. Using Illumio’s labels, our analysts can determine exactly what device they are looking at instead of just an IP address. It also gives us detailed communication logs to and from that device at specified time frames. This improves our alerting for things like rogue devices on your network, or setting policies such as separating the IP range that your security cameras or HVAC controls are on from the rest of your production environment.

A data sheet with additional information on the Illumio Core solution can be viewed here. Please reach out to your Fortis by Sentinel Account Manager or fill out this contact form to begin the discussion on how Zero Trust Segmentation can advance the protection of your organization!