ServiceNow Finds the Smarter Way to Segment Using Illumio Core

Overview and challenges

As the premier cloud platform for IT service management, ServiceNow clients have high expectations of the cloud giant’s IT department. It meets these expectations by following security best practices and using the best tools available, but a steady stream of client audits regularly puts ServiceNow to the test.

When the business identified the need to address a flat network and properly secure its domain controllers and core services, Principal IT Security Architect, Joel Duisman, knew it was time to refine their network segmentation strategy.

As a VMware shop, Joel got his hands dirty trying out a hypervisor-based microsegmentation solution first. But ultimately, cost and technical flexibility factors forced his team to try a second vendor.

The team now had the segmentation chops to set up rules and turn the solution on quickly, but they ran into critical technical problems, including known product issues and inexplicable breakages, and found they couldn’t stand up the deployment.

Despite these vendor challenges, microsegmentation was still a requirement. ServiceNow needed a flexible, foolproof solution and a vendor with a transparent design.

How Illumio helped

As the saying goes, third time’s a charm. For Joel, the idea of using Illumio wasn’t novel.

As an “old school” (in his own words) but innovative architect, he knew Illumio’s solution could meet their needs to be client-audit ready; to go to the cloud with them as they deployed domain controllers in Azure and AWS; and to be operationally safer and simpler to implement and maintain than hypervisor- and network-based approaches.

“As an architect, I prefer clean solutions that I can easily explain,” Duisman says. “Architecturally, Illumio is not complicated because it acts as a control plane for existing server firewalls. With the other vendors, diagnosing issues can depend on tools and information that we do not have access to.”

Joel and team followed a deliberative, phased rollout process to balance their security requirements with the residual internal trepidation within the business from previous microsegmentation vendor challenges.

They started with domain controllers, and “it went off without a hitch — there were no service interruptions, and that is key,” Duisman explains.

I sleep better at night knowing that Illumio closes the doors on potential attacks against our domain controllers. The demonstrable risk to the environment is noticeably lessened. Joel Duisman Principal IT Security Architect ServiceNow

Illumio’s real-time application dependency map visualizes the connections between the on-premise servers and AWS and Azure clouds, revealing how ServiceNow’s applications are communicating. The ServiceNow team can understand what needs protection and can take immediate action on blocking or authorizing workflows.

“High-quality information on traffic patterns is valuable,” Duisman says. “The gold standard up until now has been full packet capture, but that is expensive and takes a lot of effort. Illumio provides the solution to two security challenges. The map allows us to see what is talking to what and to go back to a server and see when the server’s behavior changes. We use Illumio’s integration with Splunk for quick insights and alerts. We feel confident that we’re protected. Illumio makes it easy to become a real expert at your own application behavior.”

Results and benefits

• Seamless SIEM integration
  Using Illumio’s integration with Splunk, the team has more security and operational insights into its Illumio-secured environments and can detect, alert, and quarantine in a few clicks.
• Real-time visibility
  The Illumination map is an invaluable multi-purpose tool for ServiceNow, used for building segmentation policies and seeing what’s talking to what for compliance, incident response, and disaster recovery testing.
• Consistent protection across multi-cloud
  The segmentation policies work consistently across Azure, AWS, and on-premises data centers to protect critical systems, with no interruptions.
• Easy and reliable for the win
  The team scored their much-anticipated microsegmentation win with a phased rollout and the Illumio team just a phone call away — helping to make them segmentation heroes.
• Deployed on AWS: Illumio SaaS offering is built on AWS, leveraging multiple services such as EC2, S3, EKS, and RDS — simplifying the customer implementation experience and improving performance. 

We feel confident that we’re protected. Illumio makes it easy to become a real expert at your own application behavior. Joel Duisman Principal IT Security Architect ServiceNow