The result? Faster time to protecting high-value applications through micro-segmentation that adapts to auto-scaling, motion, disaster recovery, and other compute changes.
Illumio ASP delivers micro-segmentation that is enabled by combining vulnerability data with real-time traffic visibility. This powerful combination enables organizations to understand how their applications work, see where they are most vulnerable, and use that visibility to create and enforce micro-segmentation policies.
Rather than purchasing more infrastructure (firewalls, hypervisors upgrades, or switches), organizations use Illumio ASP to turn every workload into a point of traffic visibility, a point of micro-segmentation enforcement, and a sensor that detects any connectivity policy violations.
With a patented, software-only architecture, Illumio ASP is the new foundation for data center and cloud security, offering a range of micro-segmentation options:
See all your application dependencies and vulnerabilities through Illumination®, a real-time traffic map.
Take control of lateral (East-West) traffic within your data center – ensuring that an attacker cannot move freely within your data center or cloud.
Stop breaches in their tracks by turning every host in your data center and public cloud into a sensor that detects unauthorized traffic and an enforcement point for micro-segmentation policy.
Secure connectivity within and between clouds and private data centers with policy-based IPsec encryption.
Eliminate service delivery delays and deploy applications with security that operates at the speed of DevOps.
Write natural language policies that Illumio ASP turns into IP-based enforcement rules.
Real-time maps that display application traffic combined with existing vulnerability data.
Activation and management of existing enforcement points delivers enforcement by activating the existing stateful firewalls in every host (with no kernel modifications), programming ACLs into load balancers, existing switches, and cloud provider security groups.
Automated policy recommendations based on historical traffic flows that ensure micro-segmentation policies do not break applications.
Automated adaptive enforcement that ensures optimal security remains intact as your applications scale or move and as new versions are deployed or old versions are decommissioned.
Policy-based encryption of data in motion with AES-256 IPsec encryption between any mix of Linux/Windows workloads using transport mode and termination on VPN devices using tunnel mode.
Support for any underlying infrastructure – new or existing environments with bare-metal, virtualization, or containers on premises, in the cloud, or across hybrid deployments.
Policy modeling and enforcement on a workload, application, or environmental basis rather than on a hypervisor, VLAN, or security group basis.