Cloud

By default, Illumio Segmentation for the Cloud automatically monitors for any changes to the state of security controls on your CSP.

For non-Illumio Segmentation for the Cloud-written rules in the security control, Illumio Segmentation for the Cloud generates tamper system event(s) when rules are modified, but does not provide Tamper Protection (in other words, original rules are not enforced back to the security controls). System events show what has changed in each modified rule.

For Illumio Segmentation for the Cloud-written rules in security controls, Tamper Protection generates system events when rules are modified or deleted. Tamper Protection automatically re-enforces correct rules to the security control. System events show what has changed in each rule, if modified, or whether that rule was deleted.

Tamper Protection and Drift Detection both alert you to changes made to security control rules. They address different scenarios:

In this example, assume you have an AWS SG and you recently created a rule for it in Illumio Segmentation for the Cloud. Suppose you later changed this rule in the AWS console.

Tamper Protection generates an event that makes note of this change, which would be considered tampering. In the Events page System Events tab, use the filter to select Event Type: network_security.tampering_modification. You would see an event message like this:

Illumio Cloud authored rule ExampleRule1 from ExampleSG was modified. Correct rule will be enforced again.

If you removed an Illumio Segmentation for the Cloud-generated rule in the AWS console, that would also be considered tampering. In the Events page System Events tab, use the filter to select Event Type: network_security.tampering_removal. You would see an event message like this:

Illumio Cloud authored rule ExampleRule1 from ExampleSG was removed. Correct rule will be enforced again.