PRODUCT BRIEF

Illumio Core for Endpoints

Zero Trust segmentation across
your endpoint devices, data center
and cloud platforms
 PRODUCT BRIEF

Illumio Core for Endpoints

Simplify and speed your path to
Zero Trust segmentation Key Benefits
As the threat of cybercrime escalates, preventing the Gain visibility across your endpoint
lateral movement of malware, viruses and cybercriminals devices, data center and cloud platforms.
is essential to securing your IT infrastructure.
Segment in minutes and accelerate
With Zero Trust segmentation in place (also known your Zero Trust initiatives with
as micro-segmentation), organizations can effectively simplified policy generation and
limit the movement of cyberattacks across a network, automated enforcement.
helping protect high-value assets and meet
regulatory requirements. Stop ransomware and contain
cyberattacks by enforcing security
Illumio Core for Endpoints provides Zero Trust consistently and at scale from endpoints
segmentation that works across any cloud, data center to any data center and cloud through
or endpoint. Critically, it helps you progressively and Zero Trust segmentation.
safely enforce segmentation without being constrained
by rule ordering. This lowers costs by simplifying policy Ensure uniform least-privilege access
implementation and reducing disruption. between endpoints and applications,
whether users are connecting on a
Illumio Core for Endpoints provides key advantages in campus network or through a VPN.
developing your Zero Trust segmentation capabilities:
Model and test policies before
going into enforcement to avoid
Gain Intelligent Visibility breaking applications and disrupting
business operations.
Use a real-time application dependency map
(Illumination) to visualize communications between your Lower costs by making it easy to
endpoints and your data center or cloud workloads. collaborate across network, security,
Insights into connectivity serve as the basis for building risk and DevOps teams to accelerate
segmentation policies. (Figure 1) policy deployment.

Figure 1

2
 PRODUCT BRIEF

Illumio Explorer helps security, application, operations,

compliance and audit teams search and analyze historical
records of all observed traffic between endpoints
and workloads for planning, auditing, reporting and
troubleshooting. (Figure 2)

Simplify Policy Creation

Use discovered traffic to author policy based on real-time

network visibility. Easily prevent mass infections of even
zero-day attacks with rules blocking lateral movement
between endpoints over common ransomware
propagation protocols like SMB and RDP. (Figure 3)

You can quickly deploy identity-based group policies to Figure 2

limit user application access by Active Directory group

and device identity. For example, you can lock down
access to critical infrastructure through designated
user groups and port protocols so that only IT staff
can access jump boxes through SSH.

Build Enforcement Progressively

While creating a full list of allow rules is the ultimate

objective for Zero Trust segmentation, Illumio
Enforcement Boundaries allow you to progressively build
simple policies by selectively enforcing restrictions on
specific workloads — free of rule-ordering complexity. Figure 3
This approach reduces the risk of errors and drastically
cuts time to first enforcement.

Ensure Protection Across Hybrid Networks

Illumio Core for Endpoints supports a wide range of

operating platforms in physical, virtual, cloud, container
and endpoint environments, providing consistent
enforcement for the smallest to largest organizations.

Host-based segmentation keeps the enforcement close

to the workload and adapts to any changes. Integration
with third-party network vendors moves the enforcement
closer to the data. Illumio Core for Endpoints also
supports fully automated incident response, integrating
with SIEM and SOAR platforms for alerting and
automatic quarantine.

3
 PRODUCT BRIEF

How It Works
Illumio Core for Endpoints is made up of two primary components:

1. Illumio Virtual Enforcement Node (VEN): The VEN acts as a fail-safe transceiver collecting the data and metadata
from workloads and endpoints and passing it back to the Illumio Policy Compute Engine (PCE). It receives rules from
the PCE and then pushes them to the native firewall.

2. Illumio Policy Compute Engine (PCE): The PCE uses the data from the VEN to build the application dependency
map. It then automatically converts natural language policies to rules for each workload or endpoint.

Active
Directory
Groups
Workloads

Public Cloud or Saas

Data Center Sales
Marketing
Engineering
Finance
Context &
Telemetry
Core Console

1 1

Security
Instructions

Endpoint Estate

4
 PRODUCT BRIEF

Product Information

Server workloads: Red Hat Enterprise Linux, CentOS, Amazon Linux,

AIX, Solaris, Debian, Oracle Linux, SUSE Linux Enterprise Server, Ubuntu,
VEN Operating System support IBM Z, Linux, Windows Server

Endpoint workloads: Windows OS, wired or wireless interfaces

Container orchestration platforms Kubernetes, OpenShift, IBM Cloud Kubernetes Service

Supported cloud environments Amazon Web Services, Azure, Google Cloud Platform, IBM Cloud

PCE deployment options On-premises, SaaS, private and public cloud

Flow consumption IPFIX, NetFlow, S-flow, J-flow, AWS flow logs, Azure flow logs, Text, YAML

Workload addressing IP lists (IPv4/IPv6), FQDN

Technology integrations Palo Alto Networks, App for ServiceNow, App for Splunk, App for QRadar

Vulnerability mapping partners Tenable, Rapid7, Qualys

Switch integration Cisco Nexus 9000 series (TOR), Arista 7000 series (TOR)

Load balancer integration F5, AVI

Visibility mode Blocked, Potentially Blocked, Allowed

Enforcement modes Visibility-Only, Selective Enforcement, Full Enforcement

Workload ID, FQDN, IP lists, virtual services, label groups, Active Directory
Policy parameters
groups and device ID (endpoints)

Illumio provides an uptime Service Level Agreement (SLA) of 99.8% for Illumio Core for Endpoints.
For information about the SLA, see your Illumio Purchase Order and the Illumio Master Subscription Agreement
(https://www.illumio.com/eula).

5
Illumio, the pioneer and market leader of Zero Trust Segmentation, stops breaches from becoming cyber disasters.
Illumio Core and Illumio Edge automate policy enforcement to stop cyberattacks and ransomware from spreading
across applications, containers, clouds, data centers, and endpoints. By combining intelligent visibility to detect threats
with security enforcement achieved in minutes, Illumio enables the world’s leading organizations to strengthen their
cyber resiliency and reduce risk.

See what customers have to say about Illumio.

The GARTNER PEER INSIGHTS Logo is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights
reserved. Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent
the views of Gartner or its affiliates.

Illumio, Inc. 920 De Guigne Drive, Sunnyvale, CA 94085, Tel (669) 800-5000, www.illumio.com. Copyright © 2021 Illumio, Inc. All rights reserved. This
document is protected by U.S. and international copyright and intellectual property laws. Illumio’s products and services are protected by one or more U.S.
and international patents listed at https://www.illumio.com/patents. Illumio® is a trademark or registered trademark of Illumio, Inc. or its affiliates in the U.S.
and other countries. To review a list of Illumio’s trademarks, go to https://www.illumio.com/trademarks. Third-party trademarks mentioned in this document
are the property of their respective owners.

Follow us on: 6