SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Flat data center hybrid cloud network map segmented risk zones blocked lateral
#
Firewalls
#
Network Infrastructure
#
Hybrid Cloud

Illumio widens risk visibility with Network Posture

Fri, 20th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Illumio has added Network Posture to its Illumio Insights product, widening how customers identify and contain lateral movement risk across connected systems.

The update centres on Illumio's AI security graph, which maps relationships between traffic flows, policies and connected assets. With Network Posture, customers can analyse live network traffic, compare policy intent with enforcement, and assess exposure against security frameworks including NIST CSF, PCI DSS, SOC 2 and DORA.

The release reflects a broader shift in cyber security toward understanding how attacks move across environments rather than reviewing assets one by one. Illumio argues this has become more urgent as automated and AI-driven attacks increase the speed at which intruders can traverse enterprise systems.

Network Posture is designed to give security teams visibility across hybrid, multi-cloud and operational technology environments. Illumio says it identifies where lateral movement risk exists, including exposures not yet being exploited, and links those findings with application and business context to help teams prioritise containment and segmentation work.

That approach also supports reporting and compliance. By measuring network behaviour continuously, organisations can track security maturity and alignment with recognised frameworks through live operational data rather than point-in-time reviews.

John Kindervag, Chief Evangelist at Illumio, described the issue as one of understanding connections between systems rather than the status of individual assets.

"Most security failures happen because teams don't understand how things are connected," said John Kindervag, Chief Evangelist, Illumio.

He added: "Attackers exploit relationships, not individual assets. If you can't see how traffic flows throughout your environment, you can't see the attack and contain the breach. We're approaching an 'AI event horizon' in cyber, where the attacker advantage becomes nonlinear, and defenders can't keep up by chasing alerts alone. When prevention and detection fall short, the last line of defense remains breach containment."

Broader scope

Alongside Network Posture, Illumio outlined several related updates to extend its view of risk across more of customer infrastructure. One addition expands context for operational technology environments by incorporating OT system inventory, context and traffic into attack path analysis.

Integrations including Armis are intended to give customers a clearer view of exposure across connected OT and IT environments. In practice, security teams can examine how risk moves between industrial systems and conventional enterprise infrastructure, then use that information to guide segmentation and containment decisions.

Another part of the announcement focuses on private data centres. Illumio is introducing agentless visibility for on-premises environments so customers can identify lateral movement risks and attack paths across both local infrastructure and cloud systems without relying solely on software agents installed on workloads.

Those findings can then be tied to enforcement through integrations with firewall suppliers including Fortinet and Check Point. The aim is to connect visibility into attack paths with the controls used to restrict traffic and isolate compromised areas.

SOC response

Illumio is also changing how security operations teams investigate incidents. The latest updates are intended to shift analysis away from single alerts toward a broader view that links identity, vulnerability and traffic relationships across the environment.

Under that model, analysts can trace how suspicious activity may spread from one point in the network to another and identify which paths carry the greatest risk. This information can be used within existing SIEM and ticketing workflows rather than requiring teams to adopt a separate operational process.

The update is based on the argument that many organisations still approach Zero Trust as a collection of separate tools rather than a measurable operating model. Dr. Chase Cunningham, known as DrZeroTrust, framed the challenge in terms of outcomes rather than product purchases.

"Organisations still treat Zero Trust like a shopping list - buy more stuff, feel better, hope it works," said Dr. Chase Cunningham (DrZeroTrust).

He added: "Agentic AI is going to punish that mindset. The only measures that matter are outcomes: how often you get hit, how far the attacker can move, and how fast you can contain. That requires understanding how systems connect and how risk propagates because you can't defend what you don't understand, and you can't contain what you can't see."

The announcement places breach containment at the centre of Illumio's product strategy, with system-wide visibility and segmentation presented as the main tools for limiting how far an attacker can move once inside a network.

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack