Illumio Segmentation Reviews

Illumio serves as our primary endpoint security solution, utilizing the VEN as an agent installed across each workstation, laptop, and server managed through the PCE, the Policy Compute Engine. We manage all endpoint devices, both managed and unmanaged, through the Illumio agent, which communicates with the PCE to monitor all behaviors involving high-level security between north-to-south and east-to-west traffic.

A specific example of how I use Illumio with endpoints to protect my laptop from outside threats involves internal threat protection as well. Suppose two computers are already in the same network domain. If one computer gets compromised by any means, the communication between the other computer would normally continue unprotected. However, when I use Illumio as a security device and install the secure agent on each workstation, if one workstation becomes compromised, I can protect the second one. This means I can protect communication between devices in the same network segment. I can restrict and manage the communication between these devices effectively.

In addition to our primary use case, we protect our devices and environment from ransomware attacks, and I have witnessed several scenarios where Illumio protects devices from such threats. Illumio PCE includes a map where I can see all communication similar to micro-segmentation, including details about the production environment, its location, and the web application. Everything can be micro-segmented, allowing me to segment the network and protect it comprehensively.

The best feature of Illumio is micro-segmentation. Within the same segment of a network or device, I can create micro-segmentation based on location, environment, and roles. I can customize what exactly each particular endpoint device is and accordingly write rules to manage communication through inbound and outbound rules, allowing or denying communication as required.

While working with micro-segmentation and setting rules based on roles or locations, managing and updating policies in Illumio does not take considerable time because I have intra-scope and extra-scope rules. If I make a rule and need to modify it, I simply adjust the scope accordingly. When a new workstation comes into the network, I only need to apply the labels to that workstation, and it merges into a policy automatically without needing to modify the policy unless absolutely necessary.

Deploying the VEN is straightforward, as I can deploy it on Windows, Linux, and macOS operating systems. In my organization, we have deployed it on approximately 300,000 devices, and it is easily manageable through Illumio. We have a cloud, SaaS-based environment of the PCE where I manage all those devices, making deployment very straightforward.

Illumio has positively impacted my organization by protecting devices not only from external threats but also from internal ones. If any single PC becomes compromised by an external or internal attack, I can isolate those PCs or devices. If any server becomes compromised, I can isolate it as well, which is a wonderful feature of Illumio.

Illumio can be improved in several areas based on our feedback. Sometimes, the PCE experiences slowness, especially when deploying around 300,000 endpoint devices. When these devices communicate within the network, loading the map or connections can cause latency, which needs improvement for a more user-friendly and faster experience.

Regarding improvements to the interface, I believe we can add more features to the graphical user interface, such as proper logs. While the logs currently indicate what was blocked or allowed, clicking on a specific log should provide more information, such as which extra-scope rule is causing a denial, offering better analysis for troubleshooting.

I have been using Illumio for the last two and a half years.

In my experience, Illumio is completely stable.

Regarding scalability, from the PCE, I can push policies or use scripting to facilitate scalability. By employing Linux scripting or other methods, I can push the policy to all devices at once, making it easy to scale.

Customer support from Illumio is exceptional. Whenever I raise a case with their support team, regardless of the priority level—P1, P2, P3, or P4—they generally reply within an hour and are available for a call whenever needed, providing a complete solution.

Before using Illumio, we had not utilized a different endpoint security solution. We relied on Windows firewall and our own firewall, which was a legacy system that could not provide the micro-segmentation we required, prompting us to switch to Illumio for better security.

Since implementing Illumio, my organization has seen a reduction in work effort, and it helps to secure the network efficiently. For example, we have several endpoint devices located in different locations. I can create extra-scope or intra-scope rules to simplify communication while managing their Windows firewall and other firewalls through Illumio.

I have seen a good return on investment with Illumio, and it definitely saves our time. Additionally, if we were to buy any other product besides Illumio, we would need to invest more. Illumio serves as a single endpoint technology where I can implement various features, including a zero-trust network, north-to-south and east-to-west configurations, and micro-segmentation, all coming from one platform, which ultimately saves us time and money.

While choosing Illumio, we did not evaluate other options since we received an offer for a trial, and it turned out to be a wonderful experience without trying other vendors or technologies so far.

For others looking into using Illumio, I would advise purchasing and testing this product, as it will provide immense satisfaction regarding security and user-friendliness.

I was engaged in a deployment of Illumio, where in my previous project, I actually worked for 3,500 endpoints, so I needed to deploy the VENs on individual workplaces and then onboard them to PCE, then make them on segmentation, and finally, make their entire network in segmentation. I handled the entire deployments.

Challenges in the sense of multiple applications present on a customer's premises require you to engage with the application owners first to understand their necessary communication paths. Once you deploy the VEN and obtain a visualized map over the PCE, you gain an understanding of how the communication is going, but you need to verify with the application owner whether the communication traffic between the applications and servers is legitimate or authorized or not, based on which you create the policies. I found that bit critical, engaging with the application owners and obtaining their confirmations. Apart from that, everything else goes smoother from my end. Every other scope and deliverables, whatever is possible by Illumio, turn out to be an almost smoother process.

My main experience includes completing two projects. On both projects while installing the VENs, on one of the sites, we found that we needed to label manually as the CMDB was not integrated, necessitating us to understand the application's behavior, location, roles, and other metadata for all the workloads before preparing the labeling. In the other project, the CMDB was already present on the infrastructure, so it was easier to get authorized. Another use case involved using automation for Windows and Linux with Jenkins during the deployment of the VENs, spreading pairing profiles to all workloads, leading to smooth onboarding. It took some time to finalize the execution of the policies in draft mode before switching to enforcement mode, but it was more realistic and challenging to achieve the exact outcomes we expected.

The best feature Illumio offers, in my opinion, is the visibility map, which provides a useful end-to-end traffic connection. It gives details at a granular level about what applications are communicating inside your network, making it easier to create policies. Once you know the communication paths and identify the legitimate users, you can effectively prepare those policies.

The granular visibility provided by the visibility map changes the way we manage network security or policy creation by allowing us to directly refer to nano-segmentation. We can see which specific ports are being accessed, enabling us to segregate or segment the policy rules based on those security ports. This allows for more granular control over communication, tightening security. We have two modes of enforcement in Illumio; before applying enforcement rules, we utilize visibility to get details of the traffic, draft our policies, and ensure the targeted audience is met before enforcement. Initially, we allow traffic and then block everything else except the allowed policies on Illumio, which helps tighten the security of the east-west traffic within our network.

I observed another important feature in Illumio—it is not just replacing the perimeter firewall. A perimeter firewall provides a different level of security, whereas Illumio controls the local firewall. Illumio coexists with other non-Illumio processes that control the local firewall, and in that scenario, it can detect and alert users about local firewall tampering, allowing for better control over workloads.

Illumio positively impacts our organization through granular level segmentation of communication traffic. Initially, security controls depend on the network and applications, but with Illumio, we manage how one host communicates to another and the necessary paths that need to remain open, which reduces unauthorized communications. If any devices are compromised, Illumio instantly notifies us and isolates dangerous hosts, decreasing the spread of ransomware or other threats.

Illumio supports both on-prem and cloud environments, but I think the GUI interface could be more user-friendly. The integration with other tools such as SIEM and SOAR could also be improved for easier use in the future.

I did not give it a 10 mainly due to the issue with user-friendly GUI experience and the integrations with third-party tools. The technical certifications and learning paths could also be enhanced with more videos or advisories for better understanding.

I found the pricing, setup cost, and licensing to be minimal and realistic.

We are a partner of Illumio. In our initial days, we trained with Illumio through multiple certifications, which helps us understand customer requirements and how we deploy Illumio in different projects.

Illumio definitely demonstrates its value in money-saving capabilities, enhancing our lateral environment inside the organization and providing effectiveness overall once integrated.

One of the sites purchased Illumio through AWS, and at another site, it has been procured directly from Illumio as they provide their own region, cloud, and bucket.

Before choosing Illumio, we evaluated other options such as Cisco Secure Workload and Akamai Guardicore before deciding to go with Illumio.

For others looking into using Illumio, my advice is to activate the agent on the local workloads and set it to visibility mode for at least two weeks to gather insights on all communication before finalizing security policies. The more time you spend in visibility mode, the better understanding you will have of internal traffic, making it easier to create effective policies.

The technical training part on Illumio includes multiple certifications, and I recognize it as one of their finest initiatives. I gave this review a rating of 9 out of 10.

The main use case for Illumio is providing micro-segmentation where we don't want to segment the network based on IP addresses but rather segment them based on roles, applications, and environments. Everything that we do from the segmentation point of view is based on the label. Based on the label, we prepare the policies, and then we do the segmentation, which gives us a more granular approach and limits the attack surface from happening. Now the attack surface is limited, and this will happen if any attack occurs; we stop the lateral movement of the attack because we have segmented the environment.

I am managing a project where the client needs Illumio, and we are helping with their environment on the segmentation approach. They have many applications in their environment, and we support them by understanding the environment and applications they have. When we have the full inventory of their applications, we ask them to do the labeling in Illumio based on information such as how many applications they have, what labels we have to give them, and under what categorization those labels should be. For example, which application should be part of this location, this role, this environment, and this application. Based on that, we have created an approach to help our client onboard the applications, wherein we have many activities happening. For example, we review their traffic, conduct ring-fencing, and understand what traffic goes through. After a few days, we understand the required traffic, based on that we draft the policy, have the policy review session, and then finally enforce the application. All of this occurs alongside the process from the client end; they follow all the processes, and we handle the technical part before finally enforcing the application.

Illumio is deployed in the cloud environment in Azure.

The best feature that Illumio offers is that we can easily understand how to label the applications, how to install Illumio agent on the client machines, how to install the agent on the servers, and how to do the ring-fencing. The log analysis is very simple, and we can map the traffic very easily, such as the traffic view and map view. We have many views to do that, and then we have a topology environment where we can expand the topology and understand how we want to prepare our policy based on the requirement. These are some of the very good use cases that Illumio provides, which none of the other vendors can offer in such an easy and usable way.

The most important feature is the traffic review analysis, where we use the draft view and the reported view that helps us understand how the application interacts with other applications in the environment, and based on that, we are able to define the policies.

It has increased the business for the organization. We are creating business by supporting the client. The client is getting more security and is more confident in their network because they now have the micro-segmentation feature in their environment. This is new technology and that's how it helps the organization as a whole. The clients we support are benefited, and at the same time, we are making money out of it. This is definitely a good approach.

After implementing Illumio, there has been significant progress. Most of the app owners now understand what applications are communicating, how these applications interact with others, and we are more aware of which application is talking to what other servers and applications, and their roles. For instance, whether an application is talking to the DB server or an app server. We have a more granular understanding of the traffic view. Additionally, after implementing Illumio, there is greater segmentation, and fewer incidents are occurring. There have been times when an attack was halted from expanding laterally.

Illumio can be improved if we have more interactive sessions with the tech team. The support of Illumio can be better since it's a new tool, and people can explore it more. There could also be more examples of how the automations can be done using Illumio.

I have been using Illumio for the last two years.

The solution is very stable.

It is very good. We can expand it wherever we want. We can use it in container environments, install it on servers, and integrate machines in the environment. Scaling it to a large level is not an issue for us.

Customer support is good.

Neutral

We were about to experience Guardicore, but Guardicore was costly. Illumio is top in the market, and from a cost perspective, it is cheaper than Guardicore, so we chose that.

Time has definitely been saved.

My experience was really good because I think it's not very expensive if we compare it with Guardicore. I believe that's a good product.

I would advise others considering using Illumio to have a basic understanding of networking and some usage of protocols. They should be able to understand what TCP/IP is so they can look into the connections and understand what's happening. Some basic knowledge of networking is required before using Illumio, as well as the concept of micro-segmentation. We should have a proper purpose for using this tool.

I believe the additional thoughts for Illumio are that it's the best in the market. It will remain the best in the market if they continue working on addressing bugs and if customer support is helpful, friendly, and available all the time; I think nobody is going to lose Illumio at all.

We are the partner.

On a scale of 1-10, I rate Illumio a 10. It's best in Gartner. It's the top product in the market for micro-segmentation. The GUI is very simple, and I think there could be nothing better than this.

Illumio's use case compared to Akamai is exactly the same. For the purpose of micro-segmentation, it is the same.

The advantages of Illumio really stand out because they are not using the kernel module. The biggest thing is that the agents used, the software that goes onto the PCs or the servers, is not as comprehensive as that of Akamai. This might be better for some companies that want a light agent instead of a thick agent.

Illumio has some VPN features and encryption features that are not available in Guardicore.

Illumio's ability to contain threats through secure segmentation is positive. I would say it's a good part here.

They have some features that are not available in Akamai Guardicore.

Illumio does not have much in terms of application dependency mapping features. They lack layer 7 process level segmentation, which is a limitation.

In Guardicore, you have the layer 7, the process level. You don't have that in Illumio. This indicates that the information about malware, intrusion detection, and threats would be better in Guardicore because it has this layer 7 support which Illumio does not have.

Some customers like Illumio because it's a simpler product. If it's too complex, some customers think that it's better to have a more simple product. Of course, Illumio has some features that Guardicore doesn't have.

The container support in Illumio is not the same as in Guardicore.

Guardicore has native support for containers, but Illumio does not have native support. They need to install an agent in the container world, while Akamai Guardicore does not need to install an agent, so they have native support that Illumio lacks.

I have been dealing with Illumio for only one year so far.

Regarding stability for Illumio and performance issues, I cannot answer that. So far, everything is going well. I do not see any problems.

I think Illumio is scalable, the same as the others.

It's rather complex to install Illumio, but that would be the same for both vendors. There is no big problem when you're installing it. It's pretty much straightforward.

I observe extensive return on investment with Illumio. The savings will be more than 100% from Illumio.

It will be the same price as the Akamai price for Guardicore. It's expensive, that's true. But when you compare it to firewalls, then it may not be that expensive.

Before, I mentioned that Illumio is not very comprehensive in comparison to Akamai. I said that they could have a lighter agent and also process level segmentation. There is something that's not perfect in Illumio that could be improved.

We use Illumio as our network security platform to protect our EC2 instances. We use Illumio on our EC2 instances to detect and respond to any instance that might occur on the network side. That is pretty much all we use it for. It is very easy to detect and respond using Illumio.

Illumio offers great features such as controlling east-west traffic within data centers and clouds, enforcing segmentation policies between workloads, and reducing the attack surface by limiting unauthorized lateral movement.

Illumio's segmentation rules without requiring anything are pretty unique. It also integrates well with other security tools, giving you a centralized view of policy enforcement across your environment. If you're looking for east-west traffic control and zero-trust architecture, it's a great fit.

From what I have seen, Illumio positively impacts organizations by giving them a much clearer picture of their internal traffic, allowing them to identify risky connections they didn't see before. It also speeds up compliance, as I have heard, since they can enforce least privilege rules across their environments much faster. By reducing lateral movement, it just makes their overall security posture a lot stronger.

One area for improvement regarding Illumio might be making the policy management even more intuitive. Right now, it's powerful but can have a bit of a learning curve for some teams. Another thing could be deeper integrations with more third-party security tools. While they do integrate well, a broader set of APIs could make it even easier to slot into different stacks. It is already strong, but a bit more polish on usability and integration could take it further.

Another improvement might be around scalability, ensuring that as organizations grow, Illumio can handle even larger, more complex environments seamlessly. It would be great to see more advanced automation, such as AI-driven recommendations on segmentation rules or anomaly detection. That would really boost proactive security management.

I have been using Illumio for about six months now.

One big outcome we saw after implementing Illumio was a notable drop in lateral movement incidents. Within the first few months, we had about a 40% reduction in potential attack paths. On the compliance side, we cut audit times in half. What used to take weeks to validate now takes just a few days. It has really helped us tighten up both security and operational efficiency.

Illumio delivers really solid results. Micro-segmentation is top-notch, and we saw real security improvements. Some of the finer automation and user experience aspects still require a bit of effort to get fully dialed in. Illumio is deployed in our organization in the public cloud, specifically AWS. We use AWS, which is Amazon Web Services, as our cloud provider. We did not purchase Illumio through the AWS Marketplace.

Illumio is definitely a good solution if you have a lot of network traffic that you're dealing with. I rate Illumio a solid eight out of ten.

The main use case for Illumio involves working on any new applications enrolled into the architecture, where I focus on understanding the traffic and documenting rules. I often face issues with agent and PC console communication, so in those cases, I suspend the agent, check the services, and make sure to activate and deactivate. I perform all types of troubleshooting to ensure the agent communicates properly with the PC console and fetches the policies actively.

For new applications onboarded into the infrastructure, I first work on understanding the application, the users, and whether it is in production, development, testing, or UAT, which involves grasping the basic structure. Then I work closely with application teams to identify what communication needs to be allowed and what is not required. After the agent is installed on those servers, we move them from idle to visibility to monitor traffic for a week. This involves exporting a report and closely collaborating with application teams to define which traffic requires rules and segregating the non-required traffic by source and destination. This documentation leads to a precise mapping of traffic, allowing me to create rules for the servers. The agents are eventually moved to visibility to selective enforcement for some and full enforcement for others, while also providing teams with guidance on future communications and necessary actions, all of which are clearly documented.

Illumio is a very good tool that is flexible, with policies written using labels such as environment, application, role, and location rather than IP addresses, making policy management scalable and easy to maintain in dynamic environments. However, the initial setup requires careful planning, and improperly configured policies can block communications between applications. Troubleshooting may require a deep understanding of traffic logs and flow data, alongside previously written policies. Additionally, agent dependency is a consideration since any agent-related issues can affect policy application, making proper monitoring of agent health crucial. Overall, Illumio is a powerful tool for micro-segmentation and zero trust security that provides strong visibility, flexible policy management, and effective threat containment, enhancing an organization's internal security posture. It is not just a security tool but a strategic solution for modern infrastructure security that can significantly reduce the risk of lateral movement and improve overall network security with proper implementation.

The best features Illumio offers include real-time control of traffic between servers and allowing required communication based on specified ports while blocking unwanted ports. It provides breach containment, preventing communication on unapproved ports, and offers full visibility of traffic flows that helps in troubleshooting and audits, with traffic mapping generated by a central controller that analyzes and creates policies based on labels instead of IPs. Policy management is highly scalable, and the lightweight agent can be easily installed on each server, enabling policy simulation to check impact before enforcement using a draft view.

These features are incredibly valuable, including predefined templates that save time and reduce manual errors, resulting in massive scalability that is suitable for larger enterprises, which represent the best features of Illumio for micro-segmentation and real-time visibility.

Illumio requires me to create policies for each type of traffic, and for new users, the policy design can be a bit complex. More guided onboarding or automatic policy suggestions would help teams adapt to Illumio faster without needing extensive expertise. While I do not find issues with the interface, first-time users might struggle with navigation. Current limitations also include the integration with tools such as SIM not being seamless, and support for Splunk and Sentinel could be improved. More AI automation in policy creation, such as auto policy recommendations and anomaly detections, would reduce manual processes and human errors. Additionally, old operating systems may not be fully supported, and broader compatibility for the agent or an agent-less option would be beneficial.

Enhanced reporting and analytics would be useful, as current reporting is basic, so improvements such as more customizable reports, compliance reports, and executive dashboards are needed due to their use for management and audits. Reducing dependency on the agent is crucial since enforcement depends on agent health, so improvements such as a backup enforcement mechanism and better agent monitoring or auto-recovery would increase reliability.

I have been using Illumio for the past five years.

Illumio is stable.

Illumio's scalability is very good; it is quite easy to scale.

Customer support is really good.

I have not used any other solutions before Illumio. Prior options were not evaluated before choosing Illumio.

I give Illumio a rating of nine out of ten.

I gave it a nine out of ten due to some small changes I previously mentioned regarding improvements needed for Illumio, such as the dependency on agent health and requests for a simplified dashboard along with AI-based auto policy recommendations. The policy creation process is mostly manual, so AI-based recommendations would be useful. It is an excellent tool for cybersecurity, especially for micro-segmentation, preventing attacks from spreading from one compromised server to others in the infrastructure. With some additional improvements, particularly for first-time users and their understanding, it could reach a perfect score of ten.

Illumio is a great product for managing server-to-server communication properly. It is scalable and user-friendly, but first-time users may experience challenges understanding policy creation, so better guidance is necessary to enhance their learning process. My overall review rating for this product is nine out of ten.

We are using Illumio for network micro-segmentation to ensure that all applications comply with Dora compliance. This is an essential part of our infrastructure to ensure security and proper network segmentation.

The strongest aspect of Illumio is the visual traffic interface, which allows us to see all traffic that communicates with our servers and allied companies. We can write rules that can be embedded into the IP table, making it easy to handle. 

Illumio enables us to see network flows, traffic sources, and destinations. The policy generation and enforcement capabilities are valuable, allowing for selective enforcement. Illumio helps in audit purposes by saving data and showing blocked traffic, ensuring no outside traffic is allowed.

There should be an option to upgrade from the console to the latest version instead of performing manual upgrades. This would be more helpful to streamline processes.

I have been using Illumio for more than four years.

Illumio is a stable solution with no glitches or bugs reported, making it a reliable product for us.

Currently, we are working with an on-premises setup however, we plan to scale to cloud with Illumio's new product offerings.

Customer support is excellent. Even if we raise an issue on non-working days like Saturdays or Sundays, we receive prompt responses.

Positive

The installation process is straightforward and does not require much time, however, finding server owners and explaining the process takes more time.

We have professional support from Illumio and guidance for troubleshooting or implementation needs.

I cannot provide detailed information on ROI as it is handled by upper management. However, Illumio is known to be the cheapest solution among the security solutions we evaluated.

I do not have specific knowledge about pricing details as it is handled by upper management. I know that Illumio is the cheapest solution in the security area.

For the overall product, I would rate Illumio eight out of ten points. 

My advice is to consider Illumio as a strong option for visual traffic interface and network micro-segmentation needs.

I use the solution in my company to protect our environment and servers.

Illumio is the first new solution in our company's environment, but we need time to see the improvements from its use in our company. For three years, the tool was used by a different customer of our company, but recently, a new customer has been using it, and we have started to see improvements in their environment from the use of the product.

The most valuable features of the solution are the maps and the security build it offers. The tool helps with my company's security posture.

The log collection part needs improvement, and the tool should offer more details about the logs. We need more details on areas where there is an error or a traffic blockage. I would like the tool to offer a more detailed view.

I have been using Illumio for three years. I am a customer of Illumio.

The product's initial setup phase is not difficult. We are using a cloud version of the tool. Picking up the PC for the setup was difficult because Illumio's service provider took care of it. In our company, we only installed the tool on our devices, so it wasn't much of a difficult process. On a scale of one to ten, one is difficult, and ten is easy, I rate the setup phase as nine.

I didn't deploy Illumio. My company uses the cloud version of the tool. I created my account and paired my device, which was all that was required.

Illumio's real-time application dependency mapping has impacted our company's security operations, and it is very useful because, as I said, it has helped us build our security policy.

The number of people required for the deployment of the tool depends on the environment where it is used. For me, only one or two people are required to maintain the tool. Only if the issue is important will we need Illumio's support.

I rate the tool an eight out of ten.

The use cases were centered on microservices within the context of BNP Paribas. This was primarily due to the adoption of microservices and the hybrid cloud environment. The goal was to establish precise control over external network connections.

The feature that I have found most useful is the ability to centralize all the rules and then distribute them across various locations. However, I've encountered challenges related to tagging policies, which can be complex to devise. It's a matter that requires careful consideration and stakeholder involvement before implementing such policies.       

Some of the features that can be improved is offer additional guidance on creating an effective and risk-free tagging policy would be highly beneficial.

I have been using the solution for the past two years.

I have not worked with the solution directly, so I can’t comment on this aspect.

It scales effectively. To the best of my knowledge, we did not face any problems, despite having a large installation base. We did not encounter issues while expanding the project.

The deployment itself was quite straightforward. It took at least one year.

I would recommend this solution and rate it 9 out of 10. 

It's really good for avoiding and controlling lateral movement. Since everywhere there is ransomware, it's very good for micro-segmentation so that we can allow what is required for application-to-application communication. We are allowing what is required and blocking all unnecessary traffic, so that, in that way, we can control the attack surface, so we can reduce the attack surface. We're trying to secure the application and the company network as well.

We use it to write a policy for all the infrastructure-related servers manually. It will detect the infrastructure flows, and it will advise you automatically that you need to allow the traffic or block it. It'll use access just from the previous flows.

Everything is valuable in Illumio. We love the product.

The auto policy writing is great. The feature will give you the option of the inbound-outbound traffic. 

The Explorer allows you to know the traffic between source and destination. 

We have a feature called parallel coordinates. There, we can see what application is talking to which application and where a single application is talking to many applications. 

The illumination definitely stands out. Mapping is great. The application group mapping is useful. 

It's straightforward to set up.

Every month, we're getting new features. It's always improving. I don't see a place where it is weak or lacking in development. 

The customer service is lagging a bit. It could be better. 

We'd like labeling to be better. For example, if someone, by mistake, if he edits that labeling part, it should give you a warning pop-up to the effect of "Are sure to edit this enforced application?" so that person immediately will know that this is the enforced application and he should not touch that application labeling.

I've used the solution for more than one and a half years.

The stability is good. It's reliable. There aren't bugs or glitches. It doesn't crash or freeze. 

It is a very scalable product. Expanding is not a problem.

We have about 15 users on the solution. They are mostly engineers as well as two analysts and one product owner. 

We do plan to increase usage. 

Technical support could be better. When we get a reply from support engineers, it is not kind or empathetic. They also delay some responses - sometimes, not always. Maybe it depends from engineer to engineer. They could be a lot better, a lot more helpful.

We did not use anything previously. This is really the best product. 

We have a Nebule product - a Nebule cloud, a Nebule solution that is LSDX, a VMware LSDX. That is also in place, along with Illumio. It is not yet live. We are focusing on Illumio for on-prem. Once it moves to the cloud, we have been considering both Illumio and LSDX.

The initial implementation is simple. It's not complex. 

I was not there during the initial setup, however, the deployment might have taken about there months or so. That included the approvals and the entire setup process. 

In terms of deployment and maintenance, it all depends on how many applications you're going to onboard. It's not a straight answer. It all depends on the amount of work you are doing in your organization. 

There were people to help us from Illumio Professional Services Consultant, so we didn't find it hard to set up in our environment. For the most part, we handled the setup in-house. 

It's too early to really account for an ROI. We still need time with the product. We are seeing value in the product, however.

I'm just an engineer. I don't deal with the licensing aspect of the product.

We looked at a few other options, for example, Guardicore. There were a couple that we examined. We might have also looked at Cisco. 

Right now, we are using a non-production, 21.2.3 version. In production, we are in 19.3.6, which we are going for an upgrade on the weekend, which will be 21.2.30.

Right now, the deployment is on-premises. The roadmap is to go to a SaaS product with Illumio, however, right now, it's on-premises. It is being used for on-premises, however, we are thinking to make use of the cloud as well, using the CloudSecure product.

We like the solution. It's light. It doesn't take too many resources. For anyone to implement the product, it's pretty straightforward and simple. It's also very effective. It's very quick and very flexible to implement. That's the thing I can advise - just to implement this product and try it out.

I'd rate the solution eight out of ten.