Illumio, ColorTokens, Cisco Lead Microsegmentation Rankings
Governance & Risk Management
,
Network Firewalls, Network Access Control
,
Security Operations
Illumio, Akamai Keep Atop Forrester Wave, Whereas ColorTokens, Cisco Be part of Leaderboard
A lot has changed in the microsegmentation market in recent years. Vendors have expanded beyond traditional on-premises networks to address modern public cloud workloads, covering a range of environments such as IoT, OT and healthcare to ensure consistent protection across all environments in light of zero trust principles.
See Also: Guiding Your Leadership Team Through the Zero Trust Mindset
In its first evaluation of the market in practically two years, Forrester stored Illumio and Akamai atop its microsegmentation rankings, whereas ColorTokens and Cisco climbed into the chief area.
Microsegmentation distributors have expanded their choices to assist site visitors at layer 4 and combine person and machine identities at layer seven to assist organizations higher handle entry to delicate information, implement identity-based insurance policies and align with the wants of utility environments, based on Joseph Blankenship, Forester’s vp and analysis director for safety and danger. Together with addressing layers of community site visitors, Blankenship mentioned these choices combine with endpoint detection instruments (see: Is Microsegmentation for Zero Trust Defenses Worth It?).
Microsegmentation now performs a job in advancing zero belief rules by segmenting networks at a granular stage, all the way down to the applying and workload, Blankenship mentioned. Whereas early microsegmenetation implementations relied on firewalls and community segmentation, fashionable microsegmentation provides extra granular management on the workload stage, permitting for environment friendly coverage enforcement and entry management.
“Within the early days of zero belief, we might suggest segmenting networks utilizing issues like next-gen firewalls,” Blankenship mentioned. “Now, we are able to do this down on the utility and workload stage with one thing like a microsegmentation software by making use of coverage on to that workload. So now, we’re not having to go and truly have both logical or bodily community segmentation.”
Microsegmenetation performs a essential position in limiting the affect of ransomware assaults because the skill to isolate compromised methods helps stop the unfold of malicious software program all through the community, Blankenship mentioned. Whereas it is attainable for ransomware to achieve a foothold in a micro-segmented community, he mentioned segmentation helps with containment and ensures your entire community would not go down.
The State of the Microsegmentation Market
Blankenship mentioned the microsegmentation market has a mixture of platform gamers and pure-play distributors, with the previous interesting to shoppers with unified options and simpler administration and the later showing usually extra modern and agile. The steadiness between platforms and pure-play microsegmentation distributors is useful for the market, Blankenship mentioned, because it offers prospects with materials alternative.
“A market the place we have some massive distributors which have a number of capabilities in addition to very well- established pure play distributors, I feel that is sort of a win-win,” Blankenship mentioned. “That manner, shoppers have alternative. They’re in a position to decide on and be versatile and never fall into the concept of vendor lock-in that we hear a lot about.”
AI is anticipated to play a bigger position in shaping safety coverage choices, Blankenship mentioned, analyzing danger conduct and workloads for extra clever and dynamic safety controls and information to assist implement identification and entry management insurance policies extra effectively. Blankenship predicts AI-driven decision-making will grow to be commonplace in microsegmenetation over the subsequent few years, notably in relation to insurance policies.
“AI is without doubt one of the issues that persons are going to search for,” Blankenship mentioned. “They wish to have some intelligence behind the coverage choices which can be making, they usually need to have the ability to make these choices actually rapidly. We’re already seeing that on this area, however I feel we’ll see that develop.”
Akamai fell from first to fourth in Forrester’s assessment of energy of present providing as in contrast with the know-how analyst agency’s winter 2022 evaluation, whereas Illumio climbed from second to first, ColorTokens jumped from fifth to second and Cisco held regular at third. Additionally coming in third final time round was Aruba – now a part of Hewlett Packard Enterprise – which fell to tenth within the present rankings.
Illumio remained atop the leaderboard from a method standpoint, whereas Akamai fell from a tie for first all the way down to the fourth highest rating. ColorTokens improved from third to second in technique, whereas Cisco improved from sixth to fifth. And Elisity – who did not seem within the 2022 microsegmenetation Forrester Wave – acquired the third-highest technique rating this time round.
Exterior of the leaders, this is how Forrester sees the micosegmentation market:
- Sturdy Performers: Elisity, Broadcom, Zero Networks
- Contenders: TrueFort, Ordr, Hewlett Packard Enterprise
- Challengers: Hillstone Networks
Illumio Invests in Agentless Providing, Platform Unification
Illumio’s funding in agentless cloud safety know-how and platform unification throughout information middle, endpoint and public cloud have been central to the corporate’s success, mentioned co-founder and CEO Andrew Rubin. The corporate took two years growing on agentless model of its product tailor-made to guard cloud environments, and Rubin mentioned the software has grow to be central to operations and gross sales conversations.
In the meantime, unifying Illumio’s information middle, endpoint and cloud merchandise below a single administration and coverage framework enhances ease of use and scalability for shoppers, based on Rubin. The corporate has additionally centered on making it simpler for enterprises to implement, scale and implement insurance policies utilizing Illumio’s know-how by way of a give attention to playbooks and sensible implementation, based on Rubin (see: How AI Helps Strengthen Zero Trust Segmentation, Labeling).
“One of many choices we made, actually earlier than we began transport product, was we determined that dwelling in person area was a primary precept architectural resolution for Illumio,” Rubin informed Data Safety Media Group. “Though there are specific issues that you are able to do within the kernel area that you just can’t do in person area, the tradeoff of the danger of being will not be well worth the incremental issues that you are able to do.”
Forrester criticized Illumio for missing an intuitive person interface. Rubin mentioned Illumio will study its person interface with a recent perspective to reinforce usability and ease whereas sustaining the performance that makes the corporate’s person interface efficient and highly effective.
“Let’s ensure that we by no means let go of the highly effective data that we’re presenting in service of making an attempt to be easy,” Rubin mentioned. “Let’s additionally ensure that we’ve got a very highly effective UI, however we do not make it so cludgy to that folks cannot get by way of it simply.”
Operational Effectivity, OT Take Middle Stage for ColorTokens
ColorTokens over the previous 12 months has centered on operational simplicity and lengthening microsegmentation options to the operational know-how sector, mentioned Vice President of Advertising and marketing and Partnerships Sunil Muralidhar. Operational points resulted in a low adoption fee for microsegmentation, and ColorTokens has invested in simplifying the deployment course of with out having to overtake current infrastructure.
The corporate has developed an agentless platform particularly for OT methods to handle their distinctive wants, and has partnered with Medigate and Claroty to spice up choices in particular verticals, Muralidhar mentioned. He mentioned ColorTokens’ emphasis on breach resiliency, skill to function throughout IT, OT and cloud environments, and talent to rapidly ship danger discount units the corporate aside from opponents (see: ColorTokens Strengthens Zero Trust With PureID Acquisition).
“We’re the one ones who can go in and say, ‘Inside 90 days, you should have majority of your danger diminished by way of our platform,” Muralidhar informed Data Safety Media Group. “We’re those which can be giving that assure. Actually, we are literally placing some nice incentives for the purchasers to undertake it even earlier than they pay us a single greenback. As a result of we are able to put our cash the place our mouth is.”
Forrester criticized ColorTokens for common market presence, a meager accomplice enterprise, and a scarcity of integrations with public cloud-native constructs like safety teams. Muralidhar mentioned ColorTokens has centered on identity-based and API-based segmentation somewhat than IP-based strategies because the later are much less efficient within the cloud. Rising investments, in the meantime, will tackle the accomplice ecosystem.
“We’ll write for the longer term the place the purchasers are going,” Muralidhar mentioned. “That is what they’re asking us to do. They’re saying, ‘How can I do know the IP tackle of an Amazon S3 bucket that does not work?’ You bought to do it in another way.'”
Cisco Seeks Extra Community Integration, Operational Simplicity
Cisco Safety has built-in microsegmentation into its community structure, pursued operational simplicity by way of automation, and rolled out superior site visitors inspection for increased safety outcomes, mentioned Senior Vice President and Product Chief Raj Chopra. Automation instruments like Kubernetes have simplified segmentation administration, whereas architectural developments now enable each swap port to behave as a firewall, he mentioned.
In contrast to opponents who make incremental enhancements to their structure, he mentioned Cisco developed a basically new method that integrates segmentation and inspection into the switching material utilizing specialised software program and {hardware}. He mentioned Cisco’s skill to supply extra modern and scalable options has allowed the corporate to switch Illumio and Akamai in a number of main offers (see: Palo Alto, Versa, Cisco Lead First-Ever SASE Tech Evaluation).
“What they’ve executed is extra incremental in nature, make current stuff just a little bit higher,” Chopra informed Data Safety Media Group. “What we have supplied is basically a brand new manner in which you’ll carry each efficacy and scale in an operationally environment friendly method. That is what units us aside within the greatest of those deployments.”
Forrester criticized Cisco for an uninspiring current monitor report round innovation and a scarcity of effort from companions to create profitable microsegmentation outcomes for patrons. Chopra mentioned this evaluation is outdated, including that Cisco has made important strides in product growth and has efficiently addressed the issues raised by prospects and analysts.
“We really feel very assured that each one of these items are totally addressed by not simply roadmap that’s going to indicate up considered one of today, however factual product capabilities within the fingers of consumers that they are utilizing for manufacturing workloads as we communicate,” Chopra mentioned. “I really feel very assured that we’ve got delivered all the guarantees that we have made within the roadmap to handle the sort of outcomes.”
Akamai Takes on Zero Belief, Unified Operational Management Aircraft
Akamai expanded the applicability of segmentation controls in public cloud settings and built-in zero belief options like community entry, multi-factor authentication and DNS safety right into a unified platform, mentioned Pavel Gurvich, senior vp and basic supervisor of enterprise safety. Unifying these instruments and management planes simplifies the lives of customers, Gurvich mentioned, making deployment, coverage administration and operations extra environment friendly.
The corporate is incorporating generative AI and enormous language fashions to handle points round constructing microsegmentation insurance policies for purposes, which Gurvich mentioned might be extra environment friendly and clever with Gen AI. Akamai adopted a extra pragmatic method to policy-building as in comparison with the stricter method of rivals, which Gurvich mentioned permits for flexibility and adaptableness in real-world environments (see: Akamai CEO on How Guardicore Prevents the Spread of Malware).
“We wish to ensure that the segmentation resolution we offer is as broadly relevant as attainable, so we’re consistently increasing the applicability of those controls,” Gurvich mentioned. “And for us, loads of innovation has been executed within the public cloud position, particularly with the ability to implement segmentation insurance policies and acquire visibility into site visitors and workloads operating within the main clouds.”
Forrester mentioned Akamai should add Amazon Internet Companies and Google Cloud Platform to remain aggressive. Gurvich mentioned Akamai’s current options work in these environments by way of conventional agent-based deployment, however acknowledged the corporate is actively engaged on extra cloud-native options.
“What Forrester is speaking about is, ‘Hey, we do not suppose you essentially have to make use of the brokers within the public cloud,'” Gurvich mentioned. “However we do have a enough one which prospects are fairly pleased with, and in some circumstances, it additionally has benefits. The extent of visibility and coverage that they preserve on the workload is at all times increased that the sort of issues you are able to do with out an agent.”