Governance & Risk Management , Network Firewalls, Network Access Control , Security Operations
Illumio, ColorTokens, Cisco Lead Microsegmentation Rankings
Illumio, Akamai Stay Atop Forrester Wave, While ColorTokens, Cisco Join LeaderboardA lot has changed in the microsegmentation market in recent years. Vendors have expanded beyond traditional on-premises networks to address modern public cloud workloads, covering a range of environments such as IoT, OT and healthcare to ensure consistent protection across all environments in light of zero trust principles.
See Also: Zero Trust: Approaches, Use Cases, and Myths Debunked
In its first assessment of the market in nearly two years, Forrester kept Illumio and Akamai atop its microsegmentation rankings, while ColorTokens and Cisco climbed into the leader space.
Microsegmentation vendors have expanded their offerings to support traffic at layer four and integrate user and machine identities at layer seven to help organizations better manage access to sensitive data, enforce identity-based policies and align with the needs of application environments, according to Joseph Blankenship, Forester's vice president and research director for security and risk. Along with addressing layers of network traffic, Blankenship said these offerings integrate with endpoint detection tools (see: Is Microsegmentation for Zero Trust Defenses Worth It?).
Microsegmentation now plays a role in advancing zero trust principles by segmenting networks at a granular level, down to the application and workload, Blankenship said. While early microsegmenetation implementations relied on firewalls and network segmentation, modern microsegmentation offers more granular control at the workload level, allowing for efficient policy enforcement and access control.
"In the early days of zero trust, we would recommend segmenting networks using things like next-gen firewalls," Blankenship said. "Now, we can do that down at the application and workload level with something like a microsegmentation tool by applying policy directly to that workload. So now, we're not having to go and actually have either logical or physical network segmentation."
Microsegmenetation plays a critical role in limiting the impact of ransomware attacks since the ability to isolate compromised systems helps prevent the spread of malicious software throughout the network, Blankenship said. While it's possible for ransomware to gain a foothold in a micro-segmented network, he said segmentation helps with containment and ensures the entire network doesn't go down.
The State of the Microsegmentation Market
Blankenship said the microsegmentation market has a mix of platform players and pure-play vendors, with the former appealing to clients with unified solutions and easier administration and the later appearing often more innovative and agile. The balance between platforms and pure-play microsegmentation vendors is beneficial for the market, Blankenship said, since it provides customers with material choice.
"A market where we've got some large vendors that have multiple capabilities as well as very well- established pure play vendors, I think that's kind of a win-win," Blankenship said. "That way, clients have choice. They're able to choose and be flexible and not fall into the idea of vendor lock-in that we hear so much about."
AI is expected to play a larger role in shaping security policy decisions, Blankenship said, analyzing risk behavior and workloads for more intelligent and dynamic security controls and data to help enforce identity and access control policies more efficiently. Blankenship predicts AI-driven decision-making will become standard in microsegmenetation over the next few years, particularly when it comes to policies.
"AI is one of the things that people are going to look for," Blankenship said. "They want to have some intelligence behind the policy decisions that are making, and they want to be able to make those decisions really quickly. We're already seeing that in this space, but I think we'll see that expand."
Akamai fell from first to fourth in Forrester's assessment of strength of current offering as compared with the technology analyst firm's winter 2022 assessment, while Illumio climbed from second to first, ColorTokens jumped from fifth to second and Cisco held steady at third. Also coming in third last time around was Aruba - now part of Hewlett Packard Enterprise - which fell to tenth in the current rankings.
Illumio remained atop the leaderboard from a strategy standpoint, while Akamai fell from a tie for first down to the fourth highest score. ColorTokens improved from third to second in strategy, while Cisco improved from sixth to fifth. And Elisity - who didn't appear in the 2022 microsegmenetation Forrester Wave - received the third-highest strategy score this time around.
Outside of the leaders, here's how Forrester sees the micosegmentation market:
- Strong Performers: Elisity, Broadcom, Zero Networks
- Contenders: TrueFort, Ordr, Hewlett Packard Enterprise
- Challengers: Hillstone Networks
Illumio Invests in Agentless Offering, Platform Unification
Illumio's investment in agentless cloud security technology and platform unification across data center, endpoint and public cloud have been central to the company's success, said co-founder and CEO Andrew Rubin. The company took two years developing on agentless version of its product tailored to protect cloud environments, and Rubin said the tool has become central to operations and sales conversations.
Meanwhile, unifying Illumio's data center, endpoint and cloud products under a single management and policy framework enhances ease of use and scalability for clients, according to Rubin. The company has also focused on making it easier for enterprises to implement, scale and enforce policies using Illumio's technology through a focus on playbooks and practical implementation, according to Rubin (see: How AI Helps Strengthen Zero Trust Segmentation, Labeling).
"One of the decisions we made, literally before we started shipping product, was we decided that living in user space was a first principle architectural decision for Illumio," Rubin told Information Security Media Group. "Although there are certain things that you can do in the kernel space that you cannot do in user space, the tradeoff of the risk of being in kernel space versus user space is not worth the incremental things that you can do in kernel space."
Forrester criticized Illumio for lacking an intuitive user interface. Rubin said Illumio will examine its user interface with a fresh perspective to enhance usability and simplicity while maintaining the functionality that makes the company's user interface effective and powerful.
"Let's make sure that we never let go of the powerful information that we're presenting in service of trying to be simple," Rubin said. "Let's also make sure that we have a really powerful UI, but we don't make it so cludgy to that people can't get through it easily."
Operational Efficiency, OT Take Center Stage for ColorTokens
ColorTokens over the past year has focused on operational simplicity and extending microsegmentation solutions to the operational technology sector, said Vice President of Marketing and Partnerships Sunil Muralidhar. Operational issues resulted in a low adoption rate for microsegmentation, and ColorTokens has invested in simplifying the deployment process without having to overhaul existing infrastructure.
The company has developed an agentless platform specifically for OT systems to address their unique needs, and has partnered with Medigate and Claroty to boost offerings in specific verticals, Muralidhar said. He said ColorTokens' emphasis on breach resiliency, ability to operate across IT, OT and cloud environments, and ability to quickly deliver risk reduction sets the company apart from competitors (see: ColorTokens Strengthens Zero Trust With PureID Acquisition).
"We are the only ones who can go in and say, 'Within 90 days, you will have majority of your risk reduced through our platform," Muralidhar told Information Security Media Group. "We are the ones that are giving that guarantee. In fact, we are actually putting some great incentives for the customers to adopt it even before they pay us a single dollar. Because we can put our money where our mouth is."
Forrester criticized ColorTokens for average market presence, a meager partner business, and a lack of integrations with public cloud-native constructs like security groups. Muralidhar said ColorTokens has focused on identity-based and API-based segmentation rather than IP-based techniques since the later are less effective in the cloud. Growing investments, meanwhile, will address the partner ecosystem.
"We'll write for the future where the customers are going," Muralidhar said. "That's what they're asking us to do. They're saying, 'How can I know the IP address of an Amazon S3 bucket that doesn't work?' You got to do it differently.'"
Cisco Seeks More Network Integration, Operational Simplicity
Cisco Security has integrated microsegmentation into its network architecture, pursued operational simplicity through automation, and rolled out advanced traffic inspection for higher security outcomes, said Senior Vice President and Product Leader Raj Chopra. Automation tools like Kubernetes have simplified segmentation management, while architectural advancements now allow every switch port to act as a firewall, he said.
Unlike competitors who make incremental improvements to their architecture, he said Cisco developed a fundamentally new approach that integrates segmentation and inspection into the switching fabric using specialized software and hardware. He said Cisco's ability to offer more innovative and scalable solutions has allowed the company to replace Illumio and Akamai in several major deals (see: Palo Alto, Versa, Cisco Lead First-Ever SASE Tech Evaluation).
"What they've done is more incremental in nature, make existing stuff a little bit better," Chopra told Information Security Media Group. "What we've provided is fundamentally a new way in which you can bring both efficacy and scale in an operationally efficient manner. That's what sets us apart in the biggest of these deployments."
Forrester criticized Cisco for an uninspiring recent track record around innovation and a lack of effort from partners to create successful microsegmentation outcomes for customers. Chopra said this assessment is outdated, adding that Cisco has made significant strides in product development and has successfully addressed the concerns raised by customers and analysts.
"We feel very confident that all of these things are fully addressed by not just roadmap that is going to show up one of these days, but factual product capabilities in the hands of customers that they're using for production workloads as we speak," Chopra said. "I feel very confident that we have delivered all of the promises that we've made in the roadmap to address the kind of outcomes."
Akamai Takes on Zero Trust, Unified Operational Control Plane
Akamai expanded the applicability of segmentation controls in public cloud settings and integrated zero trust features like network access, multi-factor authentication and DNS security into a unified platform, said Pavel Gurvich, senior vice president and general manager of enterprise security. Unifying these tools and control planes simplifies the lives of users, Gurvich said, making deployment, policy management and operations more efficient.
The company is incorporating generative AI and large language models to address issues around building microsegmentation policies for applications, which Gurvich said can be more efficient and intelligent with Gen AI. Akamai adopted a more pragmatic approach to policy-building as compared to the stricter approach of rivals, which Gurvich said allows for flexibility and adaptability in real-world environments (see: Akamai CEO on How Guardicore Prevents the Spread of Malware).
"We want to make sure that the segmentation solution we provide is as broadly applicable as possible, so we're constantly expanding the applicability of these controls," Gurvich said. "And for us, a lot of innovation has been done in the public cloud role, in particular being able to enforce segmentation policies and gain visibility into traffic and workloads running in the major clouds."
Forrester said Akamai must add Amazon Web Services and Google Cloud Platform to stay competitive. Gurvich said Akamai's existing solutions work in these environments through traditional agent-based deployment, but acknowledged the company is actively working on additional cloud-native solutions.
"What Forrester is talking about is, 'Hey, we don't think you necessarily have to use the agents in the public cloud,'" Gurvich said. "But we do have a sufficient one that customers are quite happy with, and in some cases, it also has advantages. The level of visibility and policy that they maintain on the workload is always higher that the kind of things you can do without an agent.”