Illumio serves as our primary endpoint security solution, utilizing the VEN as an agent installed across each workstation, laptop, and server managed through the PCE, the Policy Compute Engine. We manage all endpoint devices, both managed and unmanaged, through the Illumio agent, which communicates with the PCE to monitor all behaviors involving high-level security between north-to-south and east-to-west traffic.

A specific example of how I use Illumio with endpoints to protect my laptop from outside threats involves internal threat protection as well. Suppose two computers are already in the same network domain. If one computer gets compromised by any means, the communication between the other computer would normally continue unprotected. However, when I use Illumio as a security device and install the secure agent on each workstation, if one workstation becomes compromised, I can protect the second one. This means I can protect communication between devices in the same network segment. I can restrict and manage the communication between these devices effectively.

In addition to our primary use case, we protect our devices and environment from ransomware attacks, and I have witnessed several scenarios where Illumio protects devices from such threats. Illumio PCE includes a map where I can see all communication similar to micro-segmentation, including details about the production environment, its location, and the web application. Everything can be micro-segmented, allowing me to segment the network and protect it comprehensively.

The best feature of Illumio is micro-segmentation. Within the same segment of a network or device, I can create micro-segmentation based on location, environment, and roles. I can customize what exactly each particular endpoint device is and accordingly write rules to manage communication through inbound and outbound rules, allowing or denying communication as required.

While working with micro-segmentation and setting rules based on roles or locations, managing and updating policies in Illumio does not take considerable time because I have intra-scope and extra-scope rules. If I make a rule and need to modify it, I simply adjust the scope accordingly. When a new workstation comes into the network, I only need to apply the labels to that workstation, and it merges into a policy automatically without needing to modify the policy unless absolutely necessary.

Deploying the VEN is straightforward, as I can deploy it on Windows, Linux, and macOS operating systems. In my organization, we have deployed it on approximately 300,000 devices, and it is easily manageable through Illumio. We have a cloud, SaaS-based environment of the PCE where I manage all those devices, making deployment very straightforward.

Illumio has positively impacted my organization by protecting devices not only from external threats but also from internal ones. If any single PC becomes compromised by an external or internal attack, I can isolate those PCs or devices. If any server becomes compromised, I can isolate it as well, which is a wonderful feature of Illumio.

Illumio can be improved in several areas based on our feedback. Sometimes, the PCE experiences slowness, especially when deploying around 300,000 endpoint devices. When these devices communicate within the network, loading the map or connections can cause latency, which needs improvement for a more user-friendly and faster experience.

Regarding improvements to the interface, I believe we can add more features to the graphical user interface, such as proper logs. While the logs currently indicate what was blocked or allowed, clicking on a specific log should provide more information, such as which extra-scope rule is causing a denial, offering better analysis for troubleshooting.

I have been using Illumio for the last two and a half years.

In my experience, Illumio is completely stable.

Regarding scalability, from the PCE, I can push policies or use scripting to facilitate scalability. By employing Linux scripting or other methods, I can push the policy to all devices at once, making it easy to scale.

Customer support from Illumio is exceptional. Whenever I raise a case with their support team, regardless of the priority level—P1, P2, P3, or P4—they generally reply within an hour and are available for a call whenever needed, providing a complete solution.

Before using Illumio, we had not utilized a different endpoint security solution. We relied on Windows firewall and our own firewall, which was a legacy system that could not provide the micro-segmentation we required, prompting us to switch to Illumio for better security.

Since implementing Illumio, my organization has seen a reduction in work effort, and it helps to secure the network efficiently. For example, we have several endpoint devices located in different locations. I can create extra-scope or intra-scope rules to simplify communication while managing their Windows firewall and other firewalls through Illumio.

I have seen a good return on investment with Illumio, and it definitely saves our time. Additionally, if we were to buy any other product besides Illumio, we would need to invest more. Illumio serves as a single endpoint technology where I can implement various features, including a zero-trust network, north-to-south and east-to-west configurations, and micro-segmentation, all coming from one platform, which ultimately saves us time and money.

While choosing Illumio, we did not evaluate other options since we received an offer for a trial, and it turned out to be a wonderful experience without trying other vendors or technologies so far.

For others looking into using Illumio, I would advise purchasing and testing this product, as it will provide immense satisfaction regarding security and user-friendliness.

The main use case for Illumio involves working on any new applications enrolled into the architecture, where I focus on understanding the traffic and documenting rules. I often face issues with agent and PC console communication, so in those cases, I suspend the agent, check the services, and make sure to activate and deactivate. I perform all types of troubleshooting to ensure the agent communicates properly with the PC console and fetches the policies actively.

For new applications onboarded into the infrastructure, I first work on understanding the application, the users, and whether it is in production, development, testing, or UAT, which involves grasping the basic structure. Then I work closely with application teams to identify what communication needs to be allowed and what is not required. After the agent is installed on those servers, we move them from idle to visibility to monitor traffic for a week. This involves exporting a report and closely collaborating with application teams to define which traffic requires rules and segregating the non-required traffic by source and destination. This documentation leads to a precise mapping of traffic, allowing me to create rules for the servers. The agents are eventually moved to visibility to selective enforcement for some and full enforcement for others, while also providing teams with guidance on future communications and necessary actions, all of which are clearly documented.

Illumio is a very good tool that is flexible, with policies written using labels such as environment, application, role, and location rather than IP addresses, making policy management scalable and easy to maintain in dynamic environments. However, the initial setup requires careful planning, and improperly configured policies can block communications between applications. Troubleshooting may require a deep understanding of traffic logs and flow data, alongside previously written policies. Additionally, agent dependency is a consideration since any agent-related issues can affect policy application, making proper monitoring of agent health crucial. Overall, Illumio is a powerful tool for micro-segmentation and zero trust security that provides strong visibility, flexible policy management, and effective threat containment, enhancing an organization's internal security posture. It is not just a security tool but a strategic solution for modern infrastructure security that can significantly reduce the risk of lateral movement and improve overall network security with proper implementation.

The best features Illumio offers include real-time control of traffic between servers and allowing required communication based on specified ports while blocking unwanted ports. It provides breach containment, preventing communication on unapproved ports, and offers full visibility of traffic flows that helps in troubleshooting and audits, with traffic mapping generated by a central controller that analyzes and creates policies based on labels instead of IPs. Policy management is highly scalable, and the lightweight agent can be easily installed on each server, enabling policy simulation to check impact before enforcement using a draft view.

These features are incredibly valuable, including predefined templates that save time and reduce manual errors, resulting in massive scalability that is suitable for larger enterprises, which represent the best features of Illumio for micro-segmentation and real-time visibility.

Illumio requires me to create policies for each type of traffic, and for new users, the policy design can be a bit complex. More guided onboarding or automatic policy suggestions would help teams adapt to Illumio faster without needing extensive expertise. While I do not find issues with the interface, first-time users might struggle with navigation. Current limitations also include the integration with tools such as SIM not being seamless, and support for Splunk and Sentinel could be improved. More AI automation in policy creation, such as auto policy recommendations and anomaly detections, would reduce manual processes and human errors. Additionally, old operating systems may not be fully supported, and broader compatibility for the agent or an agent-less option would be beneficial.

Enhanced reporting and analytics would be useful, as current reporting is basic, so improvements such as more customizable reports, compliance reports, and executive dashboards are needed due to their use for management and audits. Reducing dependency on the agent is crucial since enforcement depends on agent health, so improvements such as a backup enforcement mechanism and better agent monitoring or auto-recovery would increase reliability.

I have been using Illumio for the past five years.

Illumio is stable.

Illumio's scalability is very good; it is quite easy to scale.

Customer support is really good.

I have not used any other solutions before Illumio. Prior options were not evaluated before choosing Illumio.

I give Illumio a rating of nine out of ten.

I gave it a nine out of ten due to some small changes I previously mentioned regarding improvements needed for Illumio, such as the dependency on agent health and requests for a simplified dashboard along with AI-based auto policy recommendations. The policy creation process is mostly manual, so AI-based recommendations would be useful. It is an excellent tool for cybersecurity, especially for micro-segmentation, preventing attacks from spreading from one compromised server to others in the infrastructure. With some additional improvements, particularly for first-time users and their understanding, it could reach a perfect score of ten.

Illumio is a great product for managing server-to-server communication properly. It is scalable and user-friendly, but first-time users may experience challenges understanding policy creation, so better guidance is necessary to enhance their learning process. My overall review rating for this product is nine out of ten.

We use Illumio as our network security platform to protect our EC2 instances. We use Illumio on our EC2 instances to detect and respond to any instance that might occur on the network side. That is pretty much all we use it for. It is very easy to detect and respond using Illumio.

Illumio offers great features such as controlling east-west traffic within data centers and clouds, enforcing segmentation policies between workloads, and reducing the attack surface by limiting unauthorized lateral movement.

Illumio's segmentation rules without requiring anything are pretty unique. It also integrates well with other security tools, giving you a centralized view of policy enforcement across your environment. If you're looking for east-west traffic control and zero-trust architecture, it's a great fit.

From what I have seen, Illumio positively impacts organizations by giving them a much clearer picture of their internal traffic, allowing them to identify risky connections they didn't see before. It also speeds up compliance, as I have heard, since they can enforce least privilege rules across their environments much faster. By reducing lateral movement, it just makes their overall security posture a lot stronger.

One area for improvement regarding Illumio might be making the policy management even more intuitive. Right now, it's powerful but can have a bit of a learning curve for some teams. Another thing could be deeper integrations with more third-party security tools. While they do integrate well, a broader set of APIs could make it even easier to slot into different stacks. It is already strong, but a bit more polish on usability and integration could take it further.

Another improvement might be around scalability, ensuring that as organizations grow, Illumio can handle even larger, more complex environments seamlessly. It would be great to see more advanced automation, such as AI-driven recommendations on segmentation rules or anomaly detection. That would really boost proactive security management.

I have been using Illumio for about six months now.

One big outcome we saw after implementing Illumio was a notable drop in lateral movement incidents. Within the first few months, we had about a 40% reduction in potential attack paths. On the compliance side, we cut audit times in half. What used to take weeks to validate now takes just a few days. It has really helped us tighten up both security and operational efficiency.

Illumio delivers really solid results. Micro-segmentation is top-notch, and we saw real security improvements. Some of the finer automation and user experience aspects still require a bit of effort to get fully dialed in. Illumio is deployed in our organization in the public cloud, specifically AWS. We use AWS, which is Amazon Web Services, as our cloud provider. We did not purchase Illumio through the AWS Marketplace.

Illumio is definitely a good solution if you have a lot of network traffic that you're dealing with. I rate Illumio a solid eight out of ten.