As Illumio partners, we at Assure are well acquainted with the benefits of segmentation at the workload level as part of a zero trust architecture. With the announcement of Illumio Edge, we now have the possibility of pushing those benefits down to the endpoint. We are seeing other vendors in the Zero Trust/Segmentation market segment going down this route too, and it’s been something that our clients have consistently expressed an interest in, so it’s great to see these features coming down the line.
The principle is the same as at the workload level – you want to write simple, easily understood security policies and have them applied to endpoints based on integration with the endpoint’s built-in host-based firewall, via Illumio’s Virtual Enforcement Node (VEN) or an endpoint detection and response (EDR) solution. Illumio Edge currently works with Crowdstrike Falcon, but we understand other integrations are coming. Even without EDR integration, Edge can be really helpful in managing the host-based firewall rules across a large estate – a task that often leads to chronic hair loss for administrators!
By implementing security policies with a default deny posture on both workloads and endpoints, it is possible to vastly reduce your network’s attack surface and more easily contain threats. Let us imagine a common attack scenario: attackers often use phishing or spearphishing to gain a foothold on an endpoint, before using the access on that machine to gather credentials, conduct reconnaissance or pivot onto other machines or workloads to proliferate through the environment. With Illumio Edge, a number of these activities are made much more difficult. Firstly, it is simple to contain an infected machine by modifying policies to shut down the machine’s connectivity with the rest of the network. In the fairly likely event of the initial attack going unnoticed, Edge limits what the attacker can see and may interfere with their Command and Control (C2) connectivity, disrupting the attack further. If the attacker manages to move onto a server workload, their ability to move laterally is restricted by the policy enforced by Illumio’s Adaptive Security Platform (ASP). All of this makes an attacker’s life much more difficult and means that they will have less time to execute their attack successfully.
We’re excited to see this development of the Illumio product portfolio, and how we can integrate it with our other solutions to assist clients to implement Zero Trust architectures and strategies.