
Network & Infrastructure Security
Illumio Core
Host-based microsegmentation mapping dependencies to enforce least-privilege and contain breaches.
Illumio Core Overview
What it does
Illumio Core is a host-based microsegmentation product that contains breaches by stopping lateral movement across data center, cloud, and endpoint workloads. Rather than relying on network firewalls or VLANs, it decouples segmentation policy from the underlying network and enforces rules directly on each workload through a lightweight agent paired with a centralized policy controller. This host-level model lets security teams write least-privilege policy based on application identity instead of IP addresses.
How it works
The Policy Compute Engine (PCE) ingests real-time traffic telemetry from a Virtual Enforcement Node (VEN) installed on each workload, builds an application dependency map of east-west flows, and computes per-workload policy. Policies are expressed through Role, Application, Environment, and Location labels, and the VEN enforces them using the operating system's native firewall on Linux and Windows hosts. Progressive enforcement modes let teams test rules before blocking traffic, while SecureConnect adds IPsec encryption between workloads. Coverage spans bare-metal servers, virtual machines, containers, and cloud instances. Named deployments include eBay, which segmented 3,000 servers, and Marriott Vacations.
Credentials and traction
Illumio has completed a SOC 2 Type II audit. It was named a Leader in The Forrester Wave for Microsegmentation (2024) and a Customers' Choice in the 2026 Gartner Peer Insights Voice of the Customer report for Network Security Microsegmentation, earning 4.8 of 5 across 59 reviews. The product maps to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Maturity Model and is used by federal agencies and 15 of the Fortune 100.
Key Capabilities
mapped to solution categoriesEvaluates proposed segmentation policies against observed traffic to identify what legitimate connections would be blocked, enabling policy validation without a production enforcement change.
Enforces identity-based allow policies (user identity, workload identity, device posture), rather than IP-based rules, policy follows the workload regardless of network location.
Applies consistent microsegmentation policy to cloud VMs and containers alongside on-premises workloads, using cloud-native enforcement mechanisms (security groups, NSGs) under unified policy.
Enforces segmentation via a host agent at the OS network stack or through upstream network controls (cloud security groups, SDN, switch ACLs) where agents are not viable.
Blocks SMB, RDP, and WMI connections between endpoints by default, preventing ransomware from moving laterally via common network shares and remote management protocols.
Discovers actual application communication flows by observing traffic before policy creation, producing a dependency map that forms the basis for allow-list policy without manual documentation.
Compliance
certificationsIntegrations
compatible toolsImplementation & support
Info last updated on June 30, 2026