Illumio is partnering with Qualys to enable organizations to pair vulnerability data with network micro-segmentation, enabling enhanced enterprise security.
The new partnership, which was announced on April 12, pairs threat and vulnerability scan information from the Qualys Cloud Platform with Illumio’s Adaptive Security Platform, which provides the micro-segmentation capabilities. The partnership is helping to power a vulnerability maps feature in Illumio that aims to make it easier for organization to identify and mitigate risks.
“Micro-segmentation is the next evolution in what firewalls were invented to do but cannot, as they lack the dynamic capabilities which micro-segmentation technologies offer,” Sumedh Thakar, chief product officer at Qualys, told eWEEK. ” Particularly across dynamic and elastic infrastructure, micro-segmentation helps reduce attack surfaces in real time, allowing systems to only communicate with other systems which they are supposed to and block everything else.”
Illumio emerged from stealth mode in October 2014, with the promise of giving organizations the ability to both segment and understand their application network data traffic. A core feature of the platform since its launch is the “illumination” capability that provides visibility into what is running on a network. In August 2017, Illumio further expanded on its visualization and policy features, though the platform did not directly import vulnerability data.
Matt Glenn, vice president of product management at Illumio, said the new vulnerability map overlays Qualys application threat scan data with the connectivity graph for applications.
“If you look at illumination, we understand what is actively communicating within the data center,” Glenn told eWEEK.
In addition, Illumio’s micro-segmentation policies understand what can potentially communicate into a given data center port. In combination with the threat data from Qualys, Illumio’s goal is to help reduce risk by limiting the exposure of vulnerable applications with the use of micro-segmentation policies.
“One of the things that we compute is the exposure score, which is the sum total of workloads in the data that can potentially connect in and exploit a vulnerability,” Glenn said. “If an organization can’t patch the issue, they can use micro-segmentation as a compensating control.”
Policies
Creating micro-segmentation policies to block traffic to an application that might have a vulnerability can be a somewhat nuanced task. The Illumio ASP has a policy generator component to help build policies that will limit risks using micro-segmentation access rules.
“You can’t just decide to block ports and not understand the operational aspects of an application,” PJ Kirner, co-founder and CTO of Illumio, told eWEEK. “Having the maps helps our customers build confidence that they can actually use micro-segmentation and can use it in a safe, operational way.”
Going a step further, Kirner noted that Illumio is able to send metadata to Security Information and Event Management (SIEM) products like Splunk, ArcSight and qRadar, such that a Security Operation Center (SOC) can further investigate and monitor areas of risk and interest.
Looking forward, Kirner said Illumio will continue to build on its visibility capabilities to help organizations secure their application workloads.
“We provide organizations with a map or a graph of the data center, we augment it with flow data and have now added vulnerability maps,” he said. “You can imagine there is a whole set of other data that can overlay on top of that graph.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.