Illumio Adds IBM i Support with Zero-Trust Security
June 30, 2021 Alex Woodie
Illumio this week announced that it now supports IBM i with its zero-trust security framework, which is designed to isolate data and applications with “microperimeters” that prevent the spread of malware and hackers once they have breached the corporate firewalls.
The zero-trust security model is gaining steam as organizations attempt to stop hackers from infiltrating their networks and pilfering valuable data or encrypting data as part of a ransomware attack.
Previously, security experts recommended that the best way to keep bad guys out of internal networks was to implement multiple overlapping levels of security. This approach incorporated network security devices on the perimeter (firewalls, VPNs, IDS/IPS), traditional access control for applications (LDAP/Active Directory), email gateways, and regular audits to ensure that nobody was doing anything naughty.
However, some security experts are beginning to question this “trust, then verify” method, which they see as vulnerable to increasingly sophisticated hackers who can circumvent multiple layers of perimeter security. Instead, they are advocating a “zero-trust” approach in which it is assumed that hackers and malware have breached the firewall, and therefore each individual application or data store must be hardened.
Illumio is one of a number of vendors providing tools to turn the zero-trust idea into a reality. The Sunnyvale, California-based company says the zero-trust approach enacted by its offerings, including Illumio Core and Illumio Edge, “ensures that attackers and ransomware have no ability to move laterally across applications, clouds, containers, data centers, and endpoints.”
On Monday, the company announced that it has extended its zero-trust offerings to support a number of additional operating systems, including IBM i and mainframe operating systems like zLinux running Kubernetes, as well as Red Hat Open Shift. It also added support for Oracle Exadata, Oracle Exastack, and the Oracle Zero Data Loss Recovery Appliance.
Incorporating these valuable corporate systems into a zero-trust framework is important to ensuring the security of the data and applications they hold, says Matt Glenn, Illumio’s senior vice president of product management.
“The new automated security enforcement for IBM AS/400 and Oracle Exadata enable many enterprise organizations to protect their most critical applications and infrastructure with Illumio Core,” Glenn stated in a press release. “Although the move to cloud-hosted and cloud-native IT environments is still accelerating, enterprise infrastructure systems remain prominent in large organizations. As these enterprises shift to a Zero Trust security strategy, the need to secure IBM mainframes and Oracle Exadata systems alongside modern systems and clouds is paramount to ensure that attacks infiltrating the perimeter don’t spread into cyber disasters.”
While the IBM i server is often denigrated as something less than modern, it actually was designed with some of the core concepts of zero-trust in mind. For instance, the inability to execute objects that are not recognized by the system would have largely prevented the spread of malicious software on Windows had it been implemented there. It also collects a plethora of security-related data in its security journal, although making sense of that data is not a simple thing.
Illumio claims to have hundreds of customers around the world, including “five of the leading insurance companies, and six of the 10 biggest banks in the world.” It claims to be a leader, and has Forrester Research reports to back that up.
The company is the second purveyor of the zero-trust security approach to announce support for IBM i systems. In April, Guardicore announced that it was adding support to IBM i to its offering. As the zero-trust approach gains steam, it seems likely that more security vendors will adopt the approach — maybe even the vendors offering automated security solutions for IBM i.
