Gecina Strengthens Cyber Resilience With Illumio Zero Trust Segmentation
Key benefits
Business goals
Gecina is Europe’s leading office real estate company and the owner of the first private residential park in Paris. It manages an asset portfolio valued at approximately €18.5 billion at the end of June 2023, serving approximately 100,000 clients and building occupants.
Part of Gecina’s mission is to enrich its customers’ experience. The company is fortunate not to have experienced a ransomware attack, but as the volume and frequency of threats increases, it recognized it needed to take proactive steps to strengthen its cyber defenses. Routine penetration test audits highlighted the need for Gecina to protect its servers from potential cyberattacks and east-west lateral movement to build greater resilience.
“We recognized that we must continuously strengthen our cybersecurity and protect the business from growing cyber threats. The most important thing for us was to improve our east-west defenses on our servers and, by extension, our applications. Microsegmentation was identified as the ideal approach, but after trying other solutions unsuccessfully in the past, we needed a simple solution that was easy to deploy and manage,” explained Joël Robin, Director of IT Infrastructure and Production at Gecina.
Technology challenge
Gecina manages approximately 300 servers and had tried to implement microsegmentation through a solution based on its hypervisor, but realised the chosen solution couldn’t meet its objective of microsegmentation, or even nano-segmentation. The solution was too difficult and inflexible, and lacked the visibility to best manage server segmentation.
Joël Robin started looking for alternative solutions and discovered Illumio. He immediately undertook a proof of concept of Illumio Core and quickly saw the added value
and benefits of Illumio compared to the first solution that was tested.
“We had tried to implement microsegmentation previously for two and a half years, but the complexity of the solution only allowed for broad segmentation and not true microsegmentation. We also couldn’t apply all the rules we wanted, and we needed to have visibility into flows between machines or groups of machines. That’s what we achieved with Illumio.”
Illumio Core showed us which data streams exist, including which ones were blocked, and which ones allowed. This helped us identify some flow matrices that had been put in place but were not necessarily up to date. Illumio Core also allows us to highlight shadow IT and to start implementing a Zero Trust cybersecurity strategy. Rather than finding and blocking bad traffic, we now focus on identifying and authorizing the good. Joël Robin Director of IT Infrastructure and Production Gecina
How Illumio helped
Illumio was deployed quickly, which allowed Gecina to reap immediate benefits. Illumio’s professional services team also provided comprehensive support to Gecina, investing time training employees so they could understand the solution and how it worked before it was implemented.
Gecina now has complete visibility into traffic flows within its server network with Illumio Core, which provides flow mapping based on information collected directly from workloads via the Illumio Virtual Enforcement Node (VEN) agent. This enables Gecina to quickly identify and block unnecessary traffic, reduce unauthorized access, and prevent breaches from spreading to critical assets. Illumio also leverages the native built-in firewall without kernel changes or traffic redirection, making it less intrusive and more predictable than other solutions.
Results and benefits
Gecina has deployed all the VENs within its environment and is now actively moving towards enforcement. It plans to have 300 servers microsegmented by the end of the year.
The main benefits are:
- Reduced risk of downtime: Gecina can now automatically block unnecessary connections – all without writing cumbersome firewall rules or touching the network.
- Enhanced security: Gecina can respond quicker to cyber threats and build cyber resilience because it now has a holistic view of its server environment and can isolate a server in the event of a compromise.
- Better visibility: Illumio allows Gecina to enrich its data flow matrices and gain a better understanding of how data flows through systems, which was not possible before.
The ability to see existing data flows, plus the segmentation by labels, was exactly what we were looking for. Thanks to Illumio, we have significantly reduced our risk of infection. Today, Illumio is the most mature solution on the market. For that reason, we have just launched an evaluation of Illumio on all our endpoints.
Joël Robin Director of IT Infrastructure and Production Gecina
Related stories
Investa Builds Confidence Against Breaches With Illumio
Segmentation helps one of Australia's largest commercial real estate firms protect critical applications.
Major Insurer Shrinks Hybrid Attack Surface by 99% With Illumio
Illumio helped a multinational insurer eliminate thousands of vulnerabilities and improve security for critical applications.
Brooks Makes Strides in Security Strategy With Illumio Zero Trust Segmentation
The top-tier running gear company implemented Illumio ZTS to reduce cyber risk, with zero application downtime or user impact.
Assume Breach.
Minimize Impact.
Increase Resilience.
Ready to learn more about Zero Trust Segmentation?