Startup Illumio is expanding its Adaptive Security Platform (ASP), announcing today that its software now talks directly to some switches and clouds in order to make policy enforcement more uniform.
Specifically, ASP is using APIs to make changes to access control lists (ACLs) on Cisco switches and Dynamic Filters (the equivalent of ACLs) on Arista switches. The company is also announcing support for security groups in Amazon Web Services (AWS) and Microsoft Azure.
It’s not unusual for a security system to talk to network hardware, but for Illumio, it represents a broader reach. ASP’s approach to network security involves keeping watch over individual workloads — an attempt to make the attack surface as small as possible. It’s a form of microsegmentation, and it bears some similarity to the network microsegmentation that VMware pitches with NSX. (Illumio points out that its approach is purpose-built for security, whereas NSX was built with network virtualization in mind.)
Today’s announcement means Illumio can make sure other parts of the network, including parts that might be in a public cloud, are in concert with the policies ASP is trying to implement.
“Once people have bought into this logical segmentation model, they are asking: Allow our infrastructure to participate in all this,” says PJ Kirner, Illumio’s CTO.