News

Illumio Boosts Container Functionality in Cybersecurity Platform

• By David Ramel
• 09/20/2019

Cybersecurity specialist Illumio boosted its flagship platform with new functionality addressing containerized workloads.

The new Adaptive Security Platform (ASP) release adds support for segmenting network communications for containers.

"Security segmentation in the public cloud is critical to the overall protection of the datacenter as cloud-based infrastructure has the same access and creates additional attack vectors," the Sunnyvale, Calif., firm said in a news release. "Illumio ASP addresses this crucial security concern with segmentation across Kubernetes and OpenShift container platforms, as well as consistent support of non-container environments. This is unlike container security point solutions, which create another segmentation silo to administer, or existing SDN or hypervisor-based segmentation solutions, which often rely on re-architecting infrastructure."

Illumio said the new offering can eliminate challenges posed by reliance on the network, such as:

• Centralized, infrastructure-agnostic visibility with an approach that applies to wherever an enterprise is running its applications -- from bare-metal servers and virtual machines to containers in an on-premise datacenter or across any public cloud environment. This provides a single security segmentation solution with visibility into all active applications.
• Granular control for all workloads by decoupling enforcement from the network infrastructure, which does not require a policy to have access to anything except a specific workload -- across both containerized and non-containerized applications.

In a blog post, the company said container orchestration platforms such as Kubernetes and OpenShift have become standards in software development, thanks to their ability to automate the deployment and management of containerized applications.

However, the container movement has also expanded the attack surface that can enable the bad guys to do more damage.

"Containers and their orchestration platforms are just as susceptible to threats as any other host on the network," the company said. "Be it misconfigured containers that are discoverable in a Shodan scan or simply vulnerable code that is exploitable, containers are another vector attackers can target to access an organization."