Introduction

In Illumio Core products, VEN collects communication information generated on each managed workload and automatically visualizes it as end-to-end communication information on PCE. By introducing VEN, you can easily visualize communication across physical, virtual, and cloud environments, regardless of platform.

The following are some examples of how the visualization results of generated communications can be used:

• Real-time understanding of communication control status over the entire environment (for strengthening governance, etc.)
• Detailed understanding of communications occurring (specific workload, specific communications protocol, etc.)
• Discovering unexpected communications
• Understanding communication control status (communications to which communication control policies are not applied, etc.)

Based on the visualization results of the occurring communications, it is possible to prioritize communication control responses and formulate specific policies. In formulating communication control policies, cross-organizational discussions involving security managers, system administrators, etc. may be required. The visualization results can also be used as material for such discussions. In addition, since the occurring communications information is accumulated on the PCE for a certain period of time, it can also be used to investigate the scope of impact when a security incident occurs.

In this article, we will introduce the communication visualization features provided by the Illumio Core product.

Communication visualization in Illumio Core: Three display formats

The Illumio Core product provides three display formats for visualizing communications.

Map display

The overall picture of communications occurring on each Managed Workload is visualized in map format. Arrows indicate the communications that occurred and their direction, and colors indicate the results of communications control by Illumio.

The map display covers everything from the overall picture of the communications occurring to detailed information, all on one screen. By arbitrarily grouping using the label information assigned to each workload, the amount of information displayed can be controlled, allowing for an overall picture to be understood. In addition, an interactive UI is provided, allowing you to narrow down the display and check detailed information by selecting any communication or workload on the map. Furthermore, it is also possible to move to the settings of communication control policies from the map (labels and communication control settings will be introduced in the next article).

In addition, there is a filtering function that allows you to narrow down your search from various perspectives depending on the purpose, such as specific workloads, systems, communication protocols, and communication control results (allowed/blocked).

Mesh display

It visualizes the communications that occur based on the source/destination/destination port/process. It visualizes what kind of communications are occurring with a given workload, process, or other starting point/ending point, which can lead to investigating the communications history of a specific device and discovering unexpected communications and outliers.

The Mesh display also has an interactive UI, allowing you to rearrange axes by drag and drop, display groups using labels, and filter communications to view detailed information.

Traffic display:

Communications that occur on each Managed Workload are displayed in a table format. You can check the type of communication between each workload and application, as well as detailed information such as the number of flows that occurred and the date and time. The displayed results can also be exported in CSV format.

in conclusion

In this article, we introduced the communication visualization feature of the Illumio Core product. In addition to the above features, the product also provides information display and report output features that focus on communication protocols that are often exploited by ransomware.
In the next article, we will introduce settings to further improve the readability of the visualization results.

If you would like to learn more about the visualization capabilities of Illumio Core products or request a demo, please contact us.