The company's “adaptive security platform” (ASP) helps businesses visualize the flows in a data center. Credit: Thinkstock The topic of segmentation has always had great appeal to IT and security professionals as it allows an open “everything talks to everything” environment to be shifted to one with secure “zones” where devices can’t see any other unless specifically permitted. Historically, businesses tried using virtual local area networks (VLAN) and access control lists (ACL) and those worked in static environments, but as businesses have become increasingly more dynamic, those methods proved too slow to scale.Then along came software-based solutions that did two things to make large-scale segmentation possible. First, by doing it in software, segmentation becomes dynamic so policies can follow devices. For example, with VLANs, if the company has a policy to put all medical devices in “Zone A” and the endpoints moves outside of where the zone is defined, the network would need to be reprogrammed. With software segmentation, the policy follows the device so it’s easier to implement segmentation in highly dynamic businesses.Also, segmentation can now be applied at a more granular level. Instead of only being able to do coarse-grained segmentation, software solutions make it possible to implement fine-grained segmentation and bind it to a hypervisor or even a specific process. Despite the advancements, there are still a couple of things that hold companies back from adopting micro-level segmentation: automation and visualization. The ability to segment a data center or other environment is based on knowing what to segment with some sort of constant feedback so as things change, the policies can be modified and applied. The more dynamic and distributed the world becomes, the harder this is. Consider what’s happened with servers. Physical servers were easy to identify, virtual ones were a little more difficult, but containers are nearly impossible to stay on top of as they can be created, a workload run and then disappear in a matter of minutes. This period of time is too short for manual configuration of segmentation but not too short for malware. This week Illumio announced version 2.0 of its solution, which brings greater visibility and automation to micro-segmentation. Illumio currently has an offering called the “adaptive security platform” (ASP) that helps businesses visualize the flows in a data center. Within ASP, the company has added two new capabilities:Explorer enables operations and security professional to query the network flows using natural language. As an example, one could ask “What traffic has crossed from the development environment to the production environment in the past week?” or “What flows are going in and out of my medical zone?” The information is shown on a portal in the Illumio solution or exported to a csv file for further analysis. The data from Explorer can be used to create, remove or refine policies. Policy Generator is a way of automating micro-segmentation policies for every workload and application running on any compute platform regardless of form factor. It works with virtual, container and physical servers. The feature analyzes application flows and creates segmentation policies in real time without requiring network data to be fed into the system. The topic of intent based networking has become increasingly popular since Cisco’s “Network Intuitive” launch. Security pros should think of what Illumio has as “intent based security” as the closed loop system automatically enforces policies based on intent and keeps it that way as the environment changes.Software-based segmentation makes it possible to move to a true zero trust security model with granular, fine-grained segments. However, old school, manual configuration and management models won’t work, as they are too slow. Application developers and cloud architects rely heavily on data, analytics and automation to build applications faster. Shouldn’t security teams use the same methodologies to protect their companies? Illumio’s updates makes it possible to run highly segmented data centers at digital speeds. Related content opinion Cybersecurity professional job-satisfaction realities for National Cybersecurity Awareness Month Half of all cybersecurity pros are considering a job change, and 30% might leave the profession entirely. CISOs and other C-level execs should reflect on this for National Cybersecurity Awareness Month. By Jon Oltsik Oct 03, 2023 4 mins CSO and CISO CSO and CISO C-Suite feature The value of threat intelligence — and challenges CISOs face in using it effectively Knowing the who, what, when, and how of bad actors and their methods is a boon to security, but experts say many teams are not always using such intel to their best advantage. By Mary K. Pratt Oct 03, 2023 10 mins CSO and CISO CSO and CISO CSO and CISO news CIISec secures government funding to expand CyberEPQ program The funding will support places for 400 students with a focus on attracting a diverse pool of UK cybersecurity talent. By Michael Hill Oct 03, 2023 3 mins IT Training Careers Security news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO Technology Industry IT Training Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe