How Illumio Simplified eBay’s Large-Scale Microsegmentation Project

For global e-commerce giant eBay, the cybersecurity stakes couldn't be higher. It manages millions of transactions and customer interactions every day. The company’s success is built on buyers’ and sellers’ trust in its platform.  

This is why eBay turned to Illumio for microsegmentation. It wants to make sure potential breaches and ransomware attacks can’t spread through the network, disrupt operations, and access sensitive data.

In a recent fireside chat, Brian Hansen, senior systems administrator and 23-year veteran at eBay, spoke with John Kindervag, creator of Zero Trust and chief evangelist at Illumio.  

He shared eBay’s success story of using the Illumio Zero Trust Segmentation (ZTS) Platform to roll out microsegmentation across its network. His journey offers insights into how even the most complex environments can easily build microsegmentation with the right tools, strategy, and platform.

Watch their full discussion on-demand.

Building microsegmentation for one of the largest e-commerce companies

eBay’s system is extensive, with over 2,000 Windows servers, 1,000 Linux servers, and about 250 unique applications. Adding in development and testing environments, the number of applications climbs to around 350.  

Microsegmentation, which creates secure zones within a network to stop attackers from moving freely, was a big task for a network the size of eBay’s. But with Illumio, they built 350 rule sets in just over a year and fully protected all 3,000 servers.

“Installing Illumio was really straightforward,” Brian said. “We didn’t have any problems.”

4 key benefits eBay gained from Illumio ZTS

eBay’s journey to cyber resilience took a major leap forward with Illumio ZTS. Here are the four benefits they saw from the Illumio platform:

1. Complete visibility into all network traffic removed guesswork

One of Illumio’s standout features is its end-to-end visibility across cloud, endpoint, and data center environments.  

Before even starting microsegmentation, eBay’s team could see how traffic moved between applications across their network. This allowed them to create accurate security policies without relying on outdated vendor documentation or app owners’ best guesses.  

"Rather than asking app owners what they needed, we used Illumio to tell us exactly what traffic was coming in and going out of the network," Brian shared.

This also helped catch misconfigurations. For example, sometimes traffic was being allowed for applications that weren’t being used or no longer existed. “With Illumio, we found lots of misconfigurations that the app owners weren’t even aware of,” Brian explained.

By cleaning up these unnecessary flows, the eBay team made their system more efficient, reduced vulnerabilities, and removed blind spots.

2. Automation simplified deployment and reduced errors

Rolling out new security measures can be a huge strain on a security team’s resources. But Illumio’s approach minimized these kinds of issues.

The team deployed Illumio’s Virtual Enforcement Nodes (VENs) across both Windows and Linux servers using automated tools like Microsoft Endpoint Manager (MEM) and Ansible. This automation allowed new servers to come online with Illumio installed and labeled correctly right from the start.  

For Windows servers, 99% of deployments were labeled and protected immediately, thanks to a custom script that applied the right labels based on server names.

The eBay team's Illumio deployment went smoothly and didn't result any any major disruptions. But just in case any issues did arise, Brian’s team knew they could quickly remove the servers from enforcement mode and troubleshoot without causing downtime.

3. Real-time traffic info avoided disruptions

At eBay, maintaining business continuity is a priority. Fortunately, the accuracy of Illumio’s reporting and traffic analysis gave Brian and his team confidence that they could apply rules without breaking applications.

In fact, Brian said that not one of their 250 applications was broken by enabling Illumio.

Brian noted, “We put these servers into full enforcement mode with Illumio with almost 100% confidence that we weren’t going to break anything.”

4. Proactive ransomware protection

One of the major goals of eBay’s microsegmentation project was to improve its protection against ransomware.

eBay used Illumio to control both east-west traffic (within the network) and north-south traffic (between the network and the outside world). Based on Illumio’s Ransomware Protection Dashboard, the eBay team achieved a ransomware protection score of 98%. This proved that their efforts had worked to lock down potential attack routes. Even if an attacker managed to breach one part of their system, they couldn’t move laterally to other parts.

In addition to securing internal traffic, Illumio also made it easier for Brian’s team to troubleshoot issues quickly. “If app owners come to me and say something is blocked, I can create a rule and push it out within a couple of minutes,” he said.

eBay's plans to expand its Illumio deployment

As eBay continues to grow, it’s exploring even more ways to use Illumio ZTS.  

For example, the team is working on integrating Illumio’s data into their Splunk system, allowing for a one-stop dashboard to monitor both perimeter firewalls and microsegmentation rules. This will make it even easier for the team to identify and fix potential issues across the entire network.  

eBay is also planning to broaden security for its containerized environments. Securing Kubernetes and containers can be challenging, but Brian believes that Illumio’s continued updates to its container security offerings will make the process even easier.  

Illumio ZTS: eBay’s path to simple microsegmentation

eBay’s journey with Illumio shows that microsegmentation doesn’t have to be overwhelming. With the right tools and approach, even a massive, complex system like eBay’s can be segmented and secured in a relatively short time.  

For any company considering microsegmentation, eBay’s experience with Illumio is proof that it’s not only possible but also practical.

As Brian put it, "Anything we did was making us more secure. You can’t make things less secure with Illumio, only better."

Watch Brian's and John’s full discussion. Get in touch with us today to learn how to start containing breaches with microsegmentation.