Illumio Adaptive User Security Tool Hides Apps From Unauthorized Users

With its Adaptive User Segmentation feature, the security startup evolves its platform as it enters its second year in the market.


Security startup Illumio emerged from stealth in October 2014 with the promise of policy-driven security, which has attracted both investors and customers as the company has grown. This week, Illumio is expanding its technology platform with a new adaptive user security capability that helps lock down application visibility and connectivity to unauthorized users.

Illumio's first full fiscal year of operation ended on Jan. 31 and, according to Allan Cohen, the company's chief commercial officer, it has grown rapidly. Illumio now has 155 employees, up from 70 a year ago, as well as approximately 48 production customers paying for its software platform. Among those customers are big names like Morgan Stanley, as well as NetSuite.

"We are a distributed systems company that programs security onto enforcement points," Cohen said.

Some customers use Illumio for environmental separation. For example, Morgan Stanley doesn't want its development environment to be able to talk to its production environment. Being able to separate and protect assets including back-end Hadoop big data stores is another way that Illumio is used.

While Illumio's technology has been successful in locking down environments, it was missing control over users. That's where the new Adaptive User Segmentation capability comes into play.

At the core of many organizations is a Microsoft Active Directory user authentication and access system. The Active Directory group policy entitlement can give users access to a given number of applications, Cohen said. However, users can still see the other applications that they don't have entitlements to log into. As such, users can potentially attempt to log into an application they can see but aren't authorized to access. The new Illumio Adaptive User Segmentation feature will hide applications that users are not entitled to access.

PJ Kirner, CTO and co-founder of Illumio, explained that what the Adaptive User Segmentation capability does is try to control connectivity to applications.

"This allows us to provide another layer of security around connectivity to the application," Kirner told eWEEK. "Our strategy is about protecting an enterprise's applications and data, wherever it resides."

The trend toward micro-segmentation to improve security is one that is also being embraced by software-defined networking (SDN) vendors, though Cohen emphasized that what Illumio is doing is quite different from network segmentation.

"SDN and Illumio are apples and oranges today," he said. "We really do application segmentation, not network segmentation."

That said, Illumio can complement network security approaches. Illumio works today with physical networking vendors and can program firewall policies in devices from application delivery controller vendor F5, according to Cohen.

"Some customers have seen us as an alternative to SDN," he said.

The Illumio platform's Virtual Enforcement Node is the piece of software that goes into the workloads, while the Policy Compute Engine is what Kirner referred to as the "brain" that takes the context from the nodes to make decisions.

Moving forward, the plan for Illumio is to continue to evolve the platform to enable the Policy Compute Engine to get smarter based on even more information.

"You'll see us bring in more data and doing more things with that data," Kirner said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.