Skip to main content

Illumio Security Policy Guide 26.x (SaaS)

  • Illumio Security Policy Guide 26.x (SaaS)
  • Introducing the Policy Advisor

Introducing the Policy Advisor

Use the Policy Advisor to automate security policy creation. The Policy Advisor analyzes your application and environment labels to generate tailored policy recommendations using an AI-powered summary on what the policy does. These recommendations can help you enforce zero-trust segmentation, reducing manual policy design and risk exposure.

Overview of the Policy Advisor

Illumio discovers applications from both on-premises (via VEN-installed workloads) and cloud environments (AWS, Azure, GCP, OCI). Using selected compliance frameworks, it generates rules that block risky traffic while allowing observed, necessary flows. Recommendations appear on a centralized page, with each recommendation providing an AI-generated analysis for context. Review, draft, and provision policies to move them into enforcement; starting with "Recommended" status and progressing to "Provisioned." The recommendations are generated once a day.

Advantages of Using the Policy Advisor

  • Speed: Auto-generate policies based on real traffic data, reducing analysis time.

  • Compliance: Align with framework standards like PCI DSS, ISO 27001, and NIST CSF by default.

  • Risk Awareness: Highlight "allowed but risky" traffic to prevent application breakage while flagging potential issues.

  • One View: Cover hybrid environments of data center, on-premises, and Cloud in one view.

Policy Recommendation Status

Each policy in the Policy Advisor can have any one of these statuses:

  • Recommended: The policy has been generated but not reviewed or saved as a draft.

  • Draft: The recommendation has been reviewed and saved as a draft. Additional rule recommendations may appear as new traffic data is observed and analyzed.

  • Provisioned: The policy has been fully enforced. Rules are actively applied in enforcement mode.

Review Policy Recommendations

Policy recommendations are based on the application label and environment label from Illumio Segmentation for the Data Center (on-premises) and Illumio Segmentation for the Cloud sources.

  1. Log in to the Illumio Console.

  2. Navigate to Segmentation > Policy Advisor.

  3. Click Configure to select a time range and choose compliance frameworks which will be applied to every recommended application policy.

    These frameworks are selected by default:

    • Illumio Best Practices

    • PCI DSS

    • ISO 27001

    • NIST CSF

  4. Review the application policy cards:

    • Policy Recommendations: Recommendations that are ready for review and have a status of Recommended.

    • Draft Policies: Recommended policies that have been created but not provisioned.

    • Drafts with New Rule Recommendations: Existing policy drafts that have new rule suggestions based on new data.

    • Provisioned: Policies that are already provisioned and in Enforcement Mode.

  5. Click a card to filter the application policy table.

    You can also search and filter the table by Label and status or set up your own filter.

  6. Review the application policies.

    • Each row shows the following information:

      • Application name (auto-populated)

      • Labels

        Examples: Payment API, Prod

      • Applied frameworks by framework logo

        Examples: Illumio Best Practices, PCI DSS, ISO 27001, NIST CSF

      • Rule count (total recommended rules)

      • Status (Recommended, Draft, or Provisioned)

  7. Click a policy row to view details and AI-generated policy analysis.

  8. Review the AI Policy Analysis to understand the policy rationale:

    • Scroll to the analysis section and expand the sections to view details:

      • Application Analysis: View an AI-derived description of what the rule is and why it was generated.

        Example: "Stripe Payment API handles secure transactions..."

      • Key Protections (blocked traffic): Describes what is blocked and why.

        Example: "Blocking VNC prevents unauthorized remote control of..."

      • Allowed but Risky Traffic: Observed traffic that bypasses blocks to avoid application breakage.

        Example: "Allowing HTTPS traffic for clinician access to the EHR system..."

  9. Review the policy rulesets and rules.

    • The table beneath the AI Analysis groups rules into Allow and Deny rulesets with these columns:

      • Status, Source, Destination, Destination Services, Rule Type (Allow/Deny)

    Note

    Rules are read-only. Individual rules may have mixed statuses.

  10. Update the Policy Status.

    1. Click Draft to save changes and add the policy to your policy library.

    2. Click Provision to enforce the policy and applies rules in monitor/enforce mode.

    3. For partial drafts: New traffic may trigger additional recommendations.