What's New and Changed in Release 24.1

The following new features were added in Illumio Core 24.1.

Endpoint Statistics Dashboard

Beginning with this release, the VEN Statistics page (renamed Dashboard), accessed from the left menu via Dashboard > Servers & Endpoints, now includes separate widgets for Server VENs and Endpoint VENs. As before, the widgets display summary statistics and status information but the added granularity makes it easier to evaluate the two VEN types, helping you focus on the data you are interested in.

New Widgets on the Ransomware Protection Dashboard

With this release, the Ransomware Protection Dashboard features three new widgets.

Top 5 Risky Applications

Beginning in Illumio Core 24.1, the top 5 riskiest applications in your organization are displayed in a dedicated widget on the Ransomware Dashboard. Application risk is based on the Protection Coverage Score that appears in the App Group List.

For an app-level risk assessment and remediation recommendations, click any application in the list to redirect to its details page.

Top 5 Risky Services

Since Illumio Core release 23.3, the PCE automatically assigns default ransomware protection settings on certain services deemed to be at risk of ransomware penetration and lateral movement. These services and their default risk assessment are listed in the Ransomware-risky services table. Now, based on this default risk assignment, the top 5 riskiest services in your environment are displayed in a dedicated widget on the Ransomware Dashboard to help you assess the ransomware exposure on your Enterprise Services.

Click any service in the list to redirect to its details page. From there you can edit or remove the service, or navigate up one level to add new services.

To address the unique conditions in your environment, you can change the default ransomware risk assessment on a per-service basis by gong to Policy Objects > Services and changing the Severity as shown in the following image.

Recommended Actions

This widget presents links for securing your workloads so that you can more easily address the risks revealed in the other widgets.

Ransomware Protection Information for App Groups

Beginning with this release, App Group pages include information about protection coverage, ransomware exposure, and more.

  • App Group List page: Protection Coverage scores are provided for each app group.

  • App Group details page: On a per-app group basis, the Ransomware Protection tab (Preview version) presents a protection coverage score, workload exposure score, and recommended actions widget. A table of Risky Services is also provided.

Search for connected App Groups

Beginning in this release, you can search for App Groups connected to a given App Group. This is convenient for filtering a long list of connected App Groups.

Classic App Group Map Not Enabled by Default

Beginning with this release, the Map tab in an app group's detail page is no longer enabled by default. The map is scheduled for removal in an upcoming version of the Illumio PCE.

To enable the Map tab, (1) click your name in the upper right corner to access My Profile, (2) scroll to Classic UI, (3) select Classic App Group Map, and (4) then click Save.

Traffic Table Updates

Beginning with this release, you have access to more information and functionality when you mouseover workloads, IP addresses, and IP lists in the table.

View IP address associated with a workload

View and copy IP addresses in an IP list

Right-click an IP address to create an unmanaged workload

Map Updates

Connections Menu

With this release, the Connections Menu already available in the Traffic table is now also available in the Map and the Mesh.

Updated Tool Cluster

This release provides several updates to the Map's Tool Cluster.

Map
Undo / Redo
View Legend
Select Layout
Reset Layout

Mesh Updates

This release provides seveal enhancements to the Mesh page.

Easier data point isolation

It's now easier to isolate a single data point on an axis. Instead of needing to hover directly over a data label to select it, you can now simply place your mouse pointer near the item, and as you move your pointer up or down close to the axis the system responsively isolates the data point.

Drill in for more granular data

Click underlined data points to dive into deeper layers, traversing from grouped labels down to the granularity of individual IP addresses. Breadcrumbs above the mesh help you understand and traverse back through the layers.

New Tool Cluster

This release introduces a Tool Cluster to the Mesh page.

Map

Line Style

Click the icon to change from curved (default) to straight lines.
The Brush feature has been moved to the tool cluster and redesigned to allow you to isolate and select individual data points within a defined range.

To use the brush:

  1. Activate. Click the brush icon. The icon turns dark blue and the cursor changes to crosshairs. 

  2. Define a range of data points. Click the crosshairs on an axis and drag up or down to define a range (represented by the gray areas on the axis).

  3. Deactivate (optional). If you want to isolate individual data points for selection within the defined range, click the icon again to lock the range in place, and then select the points you're interested in.

  4. To clear the brush and exit Brush Mode, click the Clear Brush icon.
Customize Axes
Change Sort Order
Clear Brush

CLAS Architecture in Illumio Core SaaS for Kubernetes and OpenShift

Beginning with this Core 24.1 release, support for a new Cluster Local Actor Store (CLAS) mode is now available for Illumio Core SaaS (Cloud) customers.

The CLAS mode was initially released in Illumio Core 23.5.10 for On-Premises customers

Illumio Core for Kubernetes 5.1.0 adds support for the new CLAS mode, in which Kubelink becomes a full intermediary between PCE and C-VENs. With the CLAS architecture, Kubelink provides greater scalability, faster responsiveness, and streamlined policy convergence, offering several advantages:

  • Reclassifies a container workload to more closely align to the Kubernetes concept of a workload (now called in PCE a Kubernetes Workload, to distinguish from a non-CLAS legacy Container Workload)

  • Improved visibility to all containers/Kubernetes objects and changes

  • Enforces traffic to/from containers, and responds dynamically to changes

  • Improved performance as PCE does not have to keep track of every C-VEN change, which is now handled by CLAS

  • Traffic flow data is now retained even after deleting the corresponding pods

For complete details on new CLAS improvements, including how to migrate existing clusters to CLAS mode, see Illumio Core for Kubernetes and OpenShift.

IMPORTANT:

Before deploying any Illumio Core for Kubernetes version, confirm your PCE version supports it. For example, currently Illumio Core for Kubernetes versions 5.1.0 and 5.1.1 are supported only with PCE versions 23.5.10 (for On-Premises customers) or 24.1.0 (for Cloud customers), but NOT on PCE versions 23.5.1 or 23.6.0 or any lower versions of PCE. For details, see the Kubernetes Operator OS Support and Dependencies page on the Illumio Support Portal.