What is the problem with data center and cloud security?
Data centers have become dynamic and distributed with the adoption of server virtualization and
cloud computing. The perimeter and network-centric security models of the past are broken—they
lack context and visibility to computing resources behind the firewall, rely on manual policy
modifications when application or infrastructure changes occur, and do not work across private
data centers and cloud environments.
Illumio is a private company backed by elite investors including venture firms Andreessen
Horowitz, General Catalyst, Formation 8, and Data Collective as well as individual investors
including Salesforce.com CEO Marc Benioff and Yahoo! Co-Founder Jerry Yang. Illumio has raised
more than $42 million to date.
What does Illumio do?
Illumio fixes the broken network-centric security model. We have created the first-ever security
approach that mirrors the operating model of today’s dynamic data centers.
The Illumio Adaptive Security Platform (ASP) provides comprehensive, interactive visibility into
application traffic—anywhere—while applying fine-grained policies that are computed dynamically.
Illumio achieves this by providing security that is completely independent of the underlying
What is Illumio’s product?
Illumio Adaptive Security Platform (ASP) secures dynamic data centers, providing a compelling
solution that dramatically enhances security and compliance, while increasing business velocity
and operations.
Illumio ASP is a software system that secures any computing platform (bare-metal servers and
virtual machines) in any environment (enterprise data center, Amazon Web Services, Google
Compute Engine, Microsoft Azure, OpenStack, etc.) without any dependency on the underlying
Illumio ASP understands the context of an application’s workloads and their inter-relationships,
and uses this to compute and enforce accurate security. Illumio ASP adapts to computing
environment changes, the movement of workloads across data centers or clouds, and IP address
changes. It adapts to application or infrastructure changes and prevents the lateral spread of
How is Illumio Adaptive Security Platform (ASP) different?
Illumio ASP enforces security policies for workloads running on any virtual machine or physical
server without any dependencies on the underlying network (VLANs, subnets, zones, etc.) or
environment (data centers and private, public, or hybrid clouds). Illumio does not simply automate
or repurpose existing security capabilities; it applies security in a unique and innovative new way.
Illumio ASP enables IT to write policies in natural language. These policies are then translated into
granular security rules, without any need for IP addresses, subnets, VLANs, or zones. The security
policies can be applied at the beginning of the application life cycle by integrating with
configuration management and orchestration tools such as Chef, Puppet, Ansible, and Elastic
Box—or they can be applied to an existing environment.
What is a workload?
A workload equates to a discrete operating system instance. A workload can run on a physical
device or VM, or as a cloud instance.
What does Illumio mean by “context”?
A workload’s context includes its system properties (OS, IP address, ports, running processes,
etc.), its relationships and dependencies to other workloads within the application and beyond, and
its ecosystem (location, application details, life cycle environment, etc.). The context of workloads
change as the application that they are part of moves, changes, and scales up or down.
Why does security need to be “adaptive”?
Without adaptive security, businesses are slowed down due to the overwhelming number of
firewall rules, manual changes required to policies, and the possibility of errors leading to serious
breaches. Adaptive security automatically accounts for the moves, additions, and changes to
applications and infrastructure that are typical of dynamic data centers.
Illumio ASP is a software system built around the specific and accurate context of the workload
and application. Illumio listens to and understands the services and active network connections
that are running on a workload.
Illumio ASP constantly computes workload relationships, and adapts to any changes in context.
Administrators specify the desired interactions between workloads in natural language terms.
Then, Illumio ASP computes and enforces the precise security for each workload in the application
by combining workload context with the defined policies. As workload context changes (scale up,
scale down, IP address updates, etc.), Illumio ASP computes and distributes the incremental policy
changes to the impacted workloads.
What are the core components of Illumio ASP?
There are two main components to Illumio ASP:
The Virtual Enforcement Node (VEN) is a software agent that is installed on each
workload. It collects information about the workload (OS, IP addresses, open ports,
running processes, open connections, etc.) and reports it back to a Policy Compute Engine
(PCE). The PCE uses this information to compute security rules, which are sent back to
the VEN. The VEN then configures the native OS packet filtering capabilities (iptables on
Linux or Window Filtering Platform) to enforce the security policy.
The Policy Compute Engine (PCE) is a centralized controller than manages all of the state
and policies of the computing environment it visualizes and protects. It examines the
relationships among workloads, computes the rules required to protect each workload,
and distributes those rules out to the VENs on the workloads.
Illumio’s initial set of services center on data center and cloud security:
Illumination monitors traffic flows, learns the application topology, and displays all
communications within and between applications in an intuitive graphical map.
Enforcement enables administrators to write security policies in natural-language terms
and enforces dynamically computed, fine-grained security that locks down the
communications between workloads to explicitly permitted paths.
SecureConnect provides on-demand encryption of data in transit between workloads
within or across applications.
Read our data sheet »
Does Illumio work with my existing security solutions (firewall, IPS/IDS)?
Yes. Illumio ASP works alongside existing firewall or network security solutions. No changes to the
network technology or topology are required to integrate Illumio ASP into a data center or cloud
Is there any dependency on specific hardware or software infrastructure?
No. Illumio ASP does not require any changes to standard operating system or virtual machine
Read our data sheet »
Does Illumio ASP change server or virtual machine configuration?
No. Illumio ASP does not require any changes to standard operating system or virtual machine
How is the Virtual Enforcement Node (VEN) installed?
The VEN resides in the guest OS. Both Linux and Windows workloads are supported.
How do I deploy Illumio ASP? How long does it take?
The Illumio ASP is available in two ways:
With Illumio Secure Cloud, Illumio hosts and manages the infrastructure used to provide
Illumio ASP.
With Customer Data Center, Illumio ASP is deployed as a virtual appliance in the
customer's data center.
Workloads in the customer data center, or in any cloud environment, are secured by installing the
VEN software agent on the workload and establishing a connection to the PCE.
Most customers are up and running in hours.
What are the key benefits?
Adapts security automatically to application changes
Computes accurate security policies
Secures applications running anywhere
Visualizes what’s behind your firewall
Encrypts data in transit instantly
Drives efficient IT operations
How are customers using the Illumio ASP?
Customers are using Illumio ASP to improve their security posture and drive operational efficiency.
Illumio ASP can solve important security and operational use cases like:
Environmental separation
Enables administrators to separate IT operating environments.
Visibility behind the firewall
Enables administrators to visualize communications within and between applications in
data centers and clouds.
Delivers application segmentation at a granular level, without relying on network
Auto scaling applications securely
Addresses security needs automatically when applications are scaled up or down to
account for computing capacity.
Secure public cloud migration
Enables migration of the application to public cloud while maintaining control over
Firewall rule reduction
Avoids the explosion of firewall rules caused by static network-centric security solutions.
Automating security with DevOps
Enables the automation of security through integration with orchestration tools like Chef,
Puppet, and Ansible.
Securing data in transit
Provides on-demand encryption of data in transit with one-click IPsec connectivity
between workloads—anywhere.
Enforcing data residency
Isolates workloads to meet data residency requirements.
Who uses Illumio ASP?
Illumio ASP is built for organizations of all sizes, and is being used by leaders and innovators
across industries. It scales from the smallest to the largest data center, and supports applications
in any environment.
Our customers span a wide range of verticals and include Morgan Stanley, Creative Artist Agency,
Plantronics, Yahoo!, and NTT I3.
Read our customers' stories »
How is Illumio ASP sold?
Illumio is offered as an annual subscription.
How do I get a demo of and purchase Illumio ASP?
Check out the Experience Illumio section.