The Illumio Policy Model
Illumio allows you to manage your security policies using adaptive or static policies. The Illumio policy model allows you to choose how to implement security policies.
Security Policy Guidelines
The following guidelines are recommendations on how to create your security policy in Illumio Core. Creating a security policy is an iterative process; following these recommendations will provide a broad initial policy, which can then be incrementally improved until a sufficiently robust policy is established.
When creating your security policy:
Refine your initial policy to strengthen it by narrowing overly broad access.
Use the Visibility Only enforcement to verify and enact your policy.
Enforcement States
After creating a policy, you can preview its potential effects using Illumination's Draft View, which displays the changes that will occur once the policy is enforced.
Visibility only: Initially, policies are refined until most traffic lines appear green in Illumination. In this state, no traffic is blocked, allowing verification of policy accuracy. Any new, unaddressed traffic appears as a red line.
Selective enforcement . This state enables partial enforcement of policies, targeting specific applications or processes. It helps address vulnerabilities rapidly by temporarily enforcing security rules, while the remaining services and ports remain unaffected.
Full enforcement: Gradually implementing full enforcement can minimize disruption by starting with less critical workloads, stabilizing them, and progressively including more sensitive systems. This phased approach reduces potential issues to a manageable number of workloads.