Illumio

The ongoing IT sprawl and the dynamism of cloud computing mean an organization’s attack surface is in constant flux. As a consequence, security breaches have become nearly inevitable for many organizations. Ransomware is the fastest-growing type of cybercrime, costing a forecasted $265 billion globally in 2031 as attackers extort or steal assets from companies. Further, 76% of organizations have experienced a cyber breach since 2021, and ransomware attacks occur every 11 seconds.

Zero trust segmentation has emerged as one of the critical solutions to solving the ransomware issue, with around 80% of organizations planning to adopt zero trust security as of 2023. The surge of ransomware is driving the adoption of zero trust security, especially for organizations that have experienced a ransomware attack. Rather than try to prevent every cyberattack, zero trust assumes that breaches will occur and instead shifts the focus to limiting the impact.

Illumio is a cybersecurity company that employs microsegmentation, which is a way of granularly segmenting a network. This process involves dividing a network into smaller, distinct sub-networks that enable IT teams to deliver unique security controls and services to each sub-network. As a result, an attacker may breach a network but can’t move laterally across a company’s network in search of more valuable systems. Microsegmentation is a critical building block for enterprises planning to implement a comprehensive zero trust architecture. The key principle in this is defaulting to view every request across a network as untrustworthy. Granular network policies can also be used to ensure entities (users, machines) are only connecting to other entities that they absolutely need to. This hardens an enterprise’s network and makes it easier to enforce zero trust.

Illumio was co-founded by Andrew Rubin (CEO) and PJ Kirner (CTO) in 2013. Prior to founding Illumio, Rubin joined Cymtec Systems as the VP of Sales in 2004. Cymtec Systems was a cloud-enabled enterprise intrusion detection system (IDS). In 2006, Rubin was promoted to CEO of the company.

Before Illumio, Kirner was a veteran engineer, serving in roles including software architecture and systems engineering. In 2011, Kirner joined Rubin at Cymtec Systems as the CTO. In his prior roles, Kirner explained that he saw three emerging trends that led to the creation of Illumio: first, compute was getting more dynamic, with AWS and VMWare entering the scene. Second, applications were becoming more interconnected, such as the Netflix architecture connecting a giant map of interconnected microservices. Third, there were increasing number of customers with a lateral movement problem in their environments, such as governmental organizations with regulatory requirements to separate devices.

Rubin and Kirner founded Illumio to address these issues, starting with the question of how security solutions needed to evolve to respond to a “faster moving, more highly connected environment” in which lateral movement was becoming a bigger security concern. In December 2012, Rubin and Kirner left Cymtek Systems and shortly after founded Illumio in 2013.

Since founding Illumio, the team’s goal has been to address the lateral movement issue. In November 2022, Kirner noted that “Ransomware is probably the top issue today. And ransomware takes advantage of lateral movement—or the lack of lateral movement controls—from inside people’s environments.”

In May 2023, Kirner left his position as CTO, but remains a strategic advisor. Key hires of Illumio include Chief Product Officer, Mario Espinoza, who joined in May 2022 after working for three years as VP of Cloud SaaS Security & Data Protection at Palo Alto Networks. Further key hires include Gautam Mehandru, the Chief Marketing Officer who was hired in 2021, and Anup Singh, the CFO hired in 2019. As of September 2023, Illumio had grown to over 550 employees.

Illumio is a zero trust segmentation (ZTS) platform. Zero trust segmentation is a security approach that divides a network into smaller segments, each of which is isolated from the others. This helps to prevent attackers from moving laterally across the network even if they are able to breach one segment. Illumio describes the difference between its ZTS platform and detection and prevention platforms (e.g., EDR, XDR) as follows:

According to Illumio, there is a new paradigm in technology: organizations are switching from on-premise to hybrid environments, resulting in 76% of organizations being attacked by ransomware, and ransomware attacks occurring every 11 seconds. Illumio notes that the tools of the 2000s and 2010s, designed to keep attackers out, are no longer suitable, leading to an era of detection tools like firewalls and EDR platforms. However, these tools had difficulty containing the breaches after detection, leading to a new era of zero trust security.

In the 2020s and beyond, Illumio build its zero trust segmentation product to build on from the historical detection tools. Since the attack surface is expanding, Illumio’s approach was to assume that breaches will occur, but to change the approach to stopping the breaches spread and minimizing the impact.

Source: Illumio

Illumio’s ZTS platform is designed to contain the breaches that it assumes will occur. The product utilizes microsegmentation across the entire hybrid (cloud and on-premise) attack surface to enable organizations to easily see risk, set policy, and stop the spread of breaches.

Source: Illumio

There has been some criticism of microsegmentation from Illumio’s rivals, particularly against Illumio’s policy control simplicity. By opting for simplicity, Illumio aims to offer more visibility into second-order effects. Allowing IT admins to set excessive rule combinations will likely create a 360-degree turnaround back to the complexities similar to managing network firewalls.

As of September 2023, Illumio has four product offerings to enable organizations to build a zero trust segmentation model: Illumio Core, Illumio CloudSecure, Illumio Endpoint, and Illumio for Microsoft Azure Firewall.

Illumio Core

Illumio Core is the original Illumio product that can be deployed on servers across hybrid networks. Implementation entails a lightweight agent being remotely installed on all necessary machines. The agent connects with the host’s operating system firewall to enforce policies, segment traffic, and send telemetry data back to the control plane.

Source: Illumio

Illumio CloudSecure

In October 2021, Illumio announced the launch of Illumio CloudSecure, an agentless product to supplement parts of cloud environments that cannot host agents. The control plane of CloudSecure instructs the host firewalls and collects telemetry via public cloud APIs. The major difference between CloudSecure and Core is that CloudSecure is an agentless product built to enable organizations to achieve zero trust segmentation.

Source: Illumio

Illumio Endpoint

In September 2022, Illumio announced the launch of Illumio Endpoint, the endpoint equivalent of Illumio Core. An endpoint is any physical device that connects to a network systems, such as a laptop or a mobile phone. Agents are deployed but on endpoints like laptops, PCs, and workstations, instead of servers. In exactly the same way, the agents integrate with the host firewall to enforce policies and feed telemetry back to the central control plane.

Source: Illumio

Illumio for Microsoft Azure Firewall

Illumio for Microsoft Azure Firewall simplifies Microsoft Azure by improving visibility and bringing customizability to traditionally static firewall policies. Illumio notes that Azure lacks context that leads to difficult device management, lacks elasticity that can lead to breaking applications, and lacks a view of how devices interact which can lead to clients being unaware of risk exposure. Illumio notes that Azure was not built for cloud environments and intends to improve on the existing system. The overall goal of Illumio for Microsoft Azure is to provide zero trust segmentation capabilities for Azure.

Customer

Illumio primarily targets large corporations large network environments, with ~20% of the Fortune 100 using Illumio for microsegmentation and data protection in 2023. The company primarily targets organizations in banking and financial services, energy and utilities, government, and healthcare. Additionally, Illumio specifically markets a custom solution to small and midsize companies. Notable customers of Illumio include Oracle, BNP Paraibas, Brooks, and Morgan Stanley.

Source: Illumio

Market Size

The global cybersecurity industry was valued at $202.7 billion in 2022 and forecast to grow at a CAGR of 12.3% through 2030. Illumio specifically addresses the microsegmentation and zero trust segment of cybersecurity. The global zero trust security market size was valued at $25.1 billion in 2022, forecast to grow at a CAGR of 16.8% through 2032 to reach approximately $118.5 billion. The key market drivers for zero trust security are the rise in remote work leading to a rise in cyber threats and that organizations migrating to cloud environments will have an increased need for zero trust security.

Security budgets remain resilient despite the market downturn from 2022-2023. Specifically, network security received a higher allocation than other categories of cybersecurity. A breakdown of security budgets in 2022 can be seen below:

Source: Battery

Cisco: Cisco is a technology service provider founded in 1984. Cisco Secure Workload is a cloud-native security platform that provides a variety of security features, including microsegmentation, threat detection and prevention, and compliance reporting. Cisco Secure Workload is a comprehensive security platform that offers a variety of security features in addition to microsegmentation, whereas Illumio is focused specifically on microsegmentation. In 1990, Cisco went public at a market cap of $224 million. As of September 2023, Cisco is trading at a market cap of around $218.5 billion.

Akamai: Akamai is a provider of cloud services founded in 1998. Akamai Guardicore Segmentation is a software-based microsegmentation solution that secures on-premise and hybrid environments with zero trust security. In addition to zero trust security, Akamai offers cloud computing solutions and other cybersecurity solutions such as app and API security, distributed denial-of-service (DDoS) protection, and abuse and fraud protection, whereas Illumio does not. In 1999, Akamai IPOd and closed its first trading day at quintuple its initial value at a market cap of over $13 billion. As of September 2023, Akamai is trading at a market cap of around $16.2 billion.

Palo Alto Networks: Palo Alto Networks is a cybersecurity company that was founded in 2005. Palo Alto Networks’s zero trust product includes microsegmentation, threat detection and prevention, and data security. The company offers a more comprehensive cybersecurity suite than Illumio, including safe access service edge (SASE) and cloud native application protection. According to Palo Alto Networks, the Department of Defense utilizes its zero trust product. In 2012, the company went public, and as of September 2023, Palo Alto Networks is trading around a market cap of $72.5 billion.

Perimeter 81: Founded in 2018, Perimeter 81 is a cloud-based Secure Access Service Edge (SASE) platform that provides a variety of security features, including microsegmentation, zero trust network access, and web filtering. Unlike Illumio, the company offers a variety of cybersecurity products beyond zero trust and microsegmentation, including firewall-as-a-service and malware protection. As of September 2023, the company has raised a total of $165 million of disclosed capital. Most recently, Perimeter 81 raised a $100 million Series C in June 2022 led by B Capital at a $1 billion valuation.

Illumio does not publicly disclose its pricing model. However, customers can purchase Illumio Core through Amazon Web Services, and pricing is based on pricing level and number of protected workloads and ports. Purchasing Illumio’s most basic Core package for one year starts at around $7.1K per year, and can scale up to $35.4K per year for additional segmentation features and additional workloads.

Source: AWS Marketplace

Customers report that the pricing depends on the number of workloads, meaning Illumio can grow with its customers. In April 2023, one customer specifically reported paying an annual subscription fee of $10-15K.

Illumio’s fourth quarter of 2022 delivered record performance for top-line metrics, with bookings of over $100 million. As of 2023, Illumio’s customer base included ~20% of the Fortune 100, with a gross retention rate of 97%. Notable customers of Illumio include Oracle, BlueCross BlueShield, Cathay Pacific, and Morgan Stanley.

Source: Illumio

In March 2022, Illumio announced that it closed its fiscal year ending in January 2022 with over 60% revenue growth, 100% year-over-year growth in total bookings, and over 140 new customers. This would imply that at the beginning of 2022, Illumio had approximately 280 customers. As of September 2023, Illumio has not publicly disclosed its customer count since.

Illumio was named a leader in the Forrester Wave for the Microsegmentation vendor landscape. Further, the company was recognized as a notable vendor in the Zero Trust Platforms landscape in 2023.

As of September 2023, Illumio has raised a total of approximately $558 million in disclosed capital, including a $225 million Series F round in June 2021 at a $2.8 billion valuation. The 2021 Series F was led by Thoma Bravo. Some of its other investors include Andreessen Horowitz, General Catalyst, Accel, and Salesforce CEO Marc Benioff.

In public markets, cybersecurity companies have seen relatively steady revenue multiples. As of September 2023, security companies such as Palo Alto Networks, Akamai, and Cisco had revenue multiples of 8.9x, 4.7x, and 3.5x respectively. However, it is important to keep in mind that these companies offer products outside of zero trust and microsegmentation, meaning these can only partially be used in comparison to Illumio.

Source: Koyfin

Capitalizing on Ransomware Prevention

An increasing number of ransomware attacks is driving the adoption of zero trust and microsegmentation. In order to successfully execute a ransomware plan, following the initial penetration of the network defenses, a bad actor must move inside the network in search of systems storing valuable data. An easy-to-deploy solution like Illumio is ideal to prevent such lateral movement. The number of ransomware attacks peaked in 2021 but remains high in comparison to previous years. On average in 2021, it cost an enterprise ~$2 million to recover from an attack and victims recovered approximately 65% of data.

Source: Forbes

One reason ransomware is so persistent is because the outcome is profitable without significant operational costs or meaningful risks. An extreme example illustrated below compares the economic outcomes of a digital crime like ransomware to a physical crime like cocaine trafficking at its peak in 1992, illustrating the economic appeal of a criminals to use ransomware. Given the growing interest in ransomware, there is an opportunity for Illumio to leverage microsegmentation as the default way for counteracting ransomware attacks.

Source: COVEWARE

Expansion to New Markets

In August 2023, Illumio announced that it was expanding to Latin American markets. In the first half of 2020, Latin America recorded the highest number of cyberattacks in the world (with nearly 3x more attacks than the global average taking place via mobile browsers). these cyberattacks can exceed 1% of some countries’ GDP and rise to 6% if critical infrastructure gets attacked. As a result, Latin American is a rapidly-growing market for zero trust security.

The Asia-Pacific region is another rapidly-growing market that Illumio has not yet established a strong footprint. In 2021, Illumio announced that it was expanding to Japan, but has not announced expansion to other Asia-Pacific countries as of September 2023.

Competition From Established Players

Illumio has a product that mitigates cyber threats and gives more control to SecOps and NetOps teams. The solution is also easy to deploy and manage. However, there is still a notable market risk facing Illumio. Larger vendors in the micro-segmentation space such as Akamai, Cisco, and Palo Alto Networks may be successful in outperforming Illumio in the marketplace with the appeal of broader security offerings. Tactics like bundling together products, or effectively offering micro-segmentation for free or at heavy discounts could threaten Illumio’s value preposition.

Growth of Business-Led IT

Business-led IT refers to employees of companies going out and getting required apps on their own. Since many of these apps do not go through an official purchasing process, these apps are often used outside of the governance of security. The main benefit of business-led IT is the ease and speed of accessing and setting up the application. However, even though Illumio is designed to integrate quickly, zero trust implementation can take weeks or months, which negates the benefit of business-led IT. Businesses prioritizing business-led IT may opt for alternatives to zero trust security, reducing the number of selling opportunities available to Illumio.

Illumio is a cybersecurity vendor specializing in zero-trust implementation and microsegmentation. The goal of Illumio is to assume ransomware attacks will occur, but minimize the impact of the breach. Zero trust is positioned to be a secular theme within the cybersecurity industry, with the global market for zero trust security to grow over the next decade.

Illumio is in a strong market position to capitalize on these trends. The company can capitalize on the market growth, increasing international penetration, and the growing threat of ransomware attacks. However, the cybersecurity market is made up of large, entrenched cybersecurity players such as Palo Alto Networks and Cisco, and Illumio offers a narrower product suite.