Security startup Illumio’s profile has steadily increased since it emerged from stealth mode in October last year with a seasoned executive team, $42.5 million of venture capital funding and an innovative Adaptive Security Platform (ASP) under its belt.
The company’s CEO and co-founder Andrew Rubin recently caught up with ZDNet while visiting London to bang the ASP drum and announce some new developments ahead of the RSA Conference in San Francisco next week.
Why is Illumio attracting attention and investment (one of today’s announcements is a cool $100m in series C funding)? According to the company, traditional perimeter- and network-centric security products are no longer sufficient in a world where applications and workloads increasingly need to work dynamically across on-premise data centres and public cloud services. Firewalls, intrusion protection systems and advanced threat protection appliances are widely deployed to secure interactions at the perimeter – but, says Illumio, these tools offer little protection within enterprise data centres and in the public cloud, where much of today’s traffic flow and data resides.
“We’ve had a model for delivering IT security for the last 20 or 25 years, and it seems like the infrastructure and applications have been completely rethought, rearchitected, and in most cases are operating completely differently today than they were even five or ten years ago – and yet, for some reason, the security story hasn’t changed at all,” says Rubin.
He describes Illumio’s niche in the new security landscape with a version of the 80/20 rule: “80 percent of the money, the time and the effort that goes into security is now only looking at 20 percent of the traffic that we need to protect – the other 80 percent of the traffic is inside the firewall or in the public cloud, where there is no perimeter.”
Illumio’s Adaptive Security Platform addresses the problem by taking a granular approach to security.
There are two elements to the ASP: an agent (the Virtual Enforcement Node, or VEN) that attaches to Linux or Windows workloads running on physical and virtual machines, be they in on-premise data centres or in the cloud; and a centralised (on-premise or cloud-based) server, the Policy Compute Engine (PCE), which receives telemetry from the VENs to build a map of the dependencies between classified workloads in multi-tiered applications (see below). This map can then be used to build application-specific security policies based on explicitly allowed interactions between the constituent workloads.