The Graph Goes Live
Illumio shipped the first cloud detection and response product built entirely on an AI security graph, reaching general availability on July 31, 2025. Illumio Insights ingests network flow and resource data at cloud scale, builds a living map of every workload conversation, and lets a security team quarantine a compromised segment with one click — shifting breach containment from alerting on signatures after the fact to real-time containment.
The architecture centers on the AI security graph: a data layer that continuously classifies traffic, resources, and risk across hybrid and multi-cloud estates without agents. During private preview, early adopters found risks existing tools missed: east-west traffic flowing to unsanctioned geographies, services exposing high-risk ports through misconfiguration, and unsanctioned use of public large language models inside the environment. Those findings exposed the gap Illumio targets: visibility into lateral movement paths that traditional perimeter and endpoint controls cannot see.
This is the market's new fault line: an AI-powered breach containment platform that maps and stops lateral threats in hybrid clouds, boosting zero-trust demand amid rising ransomware and upcoming U.S. federal zero-trust mandates, while rivals accelerate microsegmentation offerings.
Andrew Rubin, Illumio's CEO and founder, framed the launch around that gap. "The biggest gap in cybersecurity today isn't tools, it's visibility," he said in the GA announcement. "It gives security teams the visibility they've been missing — what's talking to what, where the risk is, and how to contain it fast." "This isn't about more alerts. It's about actionable intelligence that helps organizations stay ahead of real threats."
The product ships with three operational modules that turn the graph into action. Country Insights maps traffic patterns by geography so teams can spot anomalous cross-border flows and apply geo-specific controls. The Quarantine Dashboard isolates compromised workloads with a single click, designed for analysts without deep segmentation expertise. Resource View consolidates investigation context, letting responders identify risky systems or services and limit exposure across cloud and on-premises assets in one pane.
Deployment is agentless and push-button; the graph scales to millions of workloads in minutes. Illumio reports significant reductions in both mean time to detect and mean time to respond. The graph also drives the Insights Agent, an AI teammate that surfaces role-specific guidance — what a SOC analyst needs versus a threat hunter — and recommends segmentation policies to close the exposure gaps the graph reveals.
Insights does not replace Illumio Segmentation; it completes it. The platform now pairs real-time detection and one-click containment with the strategic segmentation policies that enforce zero trust proactively. Dr. Chase Cunningham, known as DrZeroTrust, described the security graph approach as solving the inventory problem that plagues hybrid environments: automatically ingesting data from asset databases, cloud APIs, and network scans to build a dynamic, real-time map of infrastructure and dependencies.
Frank Dickson, group vice president for Security and Trust at IDC, positioned the launch within the broader shift toward adaptive security: "As the cybersecurity environment continues to evolve, it's no longer about having more technology — it's about having smarter, more adaptive solutions." The need for intelligent systems has never been greater, and AI is at the heart of this transformation.
Partner validation followed the GA. World Wide Technology's Chris Konrad called Insights a tool that "helps security teams manage complexity and emerging AI technologies to focus on what matters." Deloitte's Delisa Stone recommended it for clients seeking a "scalable, adaptive solution that aligns with evolving regulatory and operational demands." BT Global Services' Stuart McCulloch noted the operational difference: "You had to know what to look for, which could be time-consuming. Insights is the capability which now cuts to the chase."
The hiring signal aligns with the product push. Zero G Talent's data shows 18 roles added in the past week, including a Director of Engineering for Insights at the Sunnyvale headquarters with a salary band of $263,000–$315,000, plus senior engineering managers for cloud security and platform, roles that map directly to scaling the AI security graph and the Insights Agent.
The question now is whether the graph's real-time containment model can keep pace with adversaries who are beginning to automate lateral movement at machine speed. The ransomware surge is forcing that question onto every security roadmap.
What Ransomware Changed
Eighty-eight percent of organizations have fallen victim to a ransomware attack, Illumio's 2025 Global Cloud Detection and Response Report found, per a survey of 1,150 global cybersecurity leaders published by Illumio in January 2025. More than half the respondents — 54 percent — said they were confident in their security posture before the breach hit. The gap between confidence and reality is where the market moves.
The damage is no longer theoretical. Fifty-eight percent of hit organizations had to shut down operations, up from 45 percent in 2021. Revenue loss nearly doubled to 40 percent from 22 percent four years ago. Customer loss hit 41 percent. Job cuts reached 40 percent. Reputation damage rose to 35 percent from 21 percent. The average incident takes critical systems offline for half a day and consumes 17 people working 132 hours each to contain and remediate.
Budgets reflect the panic. Nearly a third of IT spending (29 percent) goes to staff and tools meant to prevent, detect, contain, and resolve ransomware. Yet attacks still succeed. Only 27 percent of organizations have implemented microsegmentation, which the same study calls a vital control for stopping the spread of breaches. Forty-four percent lack the ability to quickly identify and contain attacks. Thirty-five percent say poor visibility across hybrid environments makes response difficult.
The entry points are familiar. Desktops and laptops account for half of compromised devices. Phishing and Remote Desktop Protocol remain the top vectors. Once inside, attackers move laterally, exploiting unpatched systems in 52 percent of cases, up sharply from 33 percent in 2021. The backup myth persists: 52 percent believe a full, accurate backup is sufficient defense. Only 13 percent actually recovered all their data.
Illumio's breach containment platform, powered by its AI security graph, maps communication across hybrid and multi-cloud environments in real time. When the graph spots lateral movement, Illumio Segmentation can isolate the affected workload with a single click. The company reports Zero Trust Segmentation stops ransomware spread in minutes — nearly four times faster than detection and response alone. Forrester named Illumio a Wave Leader in microsegmentation for 2024. Gartner Peer Insights named it a Customers' Choice for Network Security Microsegmentation in 2026.
Seventy-two percent of victims didn't report the attack to law enforcement, citing fear of publicity (39 percent), payment deadlines (38 percent), and retaliation (38 percent). That silence hides the true scale. Meanwhile, only 42 percent of organizations have adopted AI specifically to combat ransomware, while 51 percent worry they'll face AI-generated attacks. The gap between threat evolution and defensive adoption is the market signal.
The Federal Pipeline
The Office of Management and Budget issued its federal Zero Trust architecture strategy nearly two years ago, setting a hard deadline: agencies had to hit specific maturity targets by the end of fiscal year 2024. That timeline forced a procurement scramble that Illumio entered formally on October 10, 2023, when Carahsoft Technology Corp. announced it would serve as Illumio's Master Government Aggregator. The agreement placed Illumio's Zero Trust Segmentation platform on Carahsoft's GSA Schedule No. 47QSWA18D008F, the NASPO ValuePoint Master Agreement #AR2472, and the OMNIA Partners Contract #R191902, three contract vehicles that let any federal civilian or defense buyer purchase without a new competition.
The partnership arrived as the Biden administration made Zero Trust a pillar of the 2023 National Cybersecurity Strategy, Executive Order 14028, and CISA's Strategic Plan 2023-2025. Illumio's Government Cloud solution had already earned a FedRAMP In Process designation at the Moderate Impact Level under the sponsorship of the Department of Health and Human Services Office of Inspector General, a credential that shortcuts the authorization grind for agencies shopping the Carahsoft catalog. For Illumio, the aggregation deal converted a compliance mandate into an addressable pipeline: every agency racing the FY2024 clock became a qualified lead.
"Agencies are facing persistent cyberattacks and are looking for ways to reliably combat them, which is why the Federal Government has been prioritizing the adoption of Zero Trust strategies that contain attacks and minimize their impact," said Alex Whitworth, Cybersecurity Solutions Vertical Executive at Carahsoft. Gary Barlet, Illumio's Federal Field CTO, put the buyer's logic more bluntly: "Right now, government agencies are focusing on breach containment because it is an easy and reliable way to keep critical assets and infrastructure safe." Both executives frame segmentation as the fastest path to checking the OMB boxes without ripping out legacy firewalls.
The reality inside agencies is messier than the strategy documents suggest. HHS, the sponsor of Illumio's FedRAMP bid, tracks progress across 1,250 systems and has deployed algorithmic labeling tools just to start categorizing the sensitive data those systems hold. "You cannot protect the data if you do not know whether it is sensitive or not," said Dr. Robert Roser, chief information security officer for Idaho National Laboratory. The first step, Roser added, is to "label, classify or categorize data as to whether it contains sensitive information." At the Centers for Medicare and Medicaid Services, CISO Robert Wood described a federated environment where "nobody is mandated to use or consume any of the centrally managed IT resources," creating "choose-your-own-adventure type of self-managed tech decisions" that complicate any enterprise-wide Zero Trust rollout. Wood's team is implementing in stages (identity first, then data security, then application workloads) because "you can't really work on data security or application workloads and identity at the same time, because you're probably not going to address it with the same people, technologies, policy or process changes."
Sean Connelly, Federal Zero Trust Architect and TIC 3.0 Program Manager at CISA, argued that the mandate's value extends beyond compliance. "It's about appropriately designating what agencies are trying to protect, rather than trying to protect everything by a single, legacy system like a firewall." He pointed to recent agency awards that embedded Zero Trust principles into business modernization projects: a farmer-facing forms portal, an import-export records system, a veterans' benefits request platform. "Each of those proposals, embedded in them, were cybersecurity Zero Trust principles," Connelly said. The dual-track payoff (security and service delivery) is what makes the federal pipeline stickier than a pure compliance play.
La Monte Yarborough, an HHS official involved in the agency's Zero Trust governance, emphasized that collaborative effort across agencies is "critical to developing standard Zero Trust policies, procedures and guidelines." That collaboration helps HHS "ensure Zero Trust principles are embedded in all aspects of agency operations," and the shared lessons learned "accelerate the adoption and integration of Zero Trust principles." Training, joint assessments, and monitoring segmentation effectiveness have become standing agenda items. The upshot: once an agency lands on a segmentation platform, the switching costs rise with every interagency working group it joins.
The Carahsoft agreement gives Illumio a seat at those working groups. The contract vehicles are live, the FedRAMP sponsorship is active, and the FY2024 deadline has passed, but the maturation model runs through 2025 and beyond. Agencies that missed the initial targets are now asking for phase-two architectures. Illumio's pipeline is no longer theoretical; it is measured in task orders against GSA Schedule 47QSWA18D008F.
Market Momentum and the Giants' Response
The zero trust security market is expanding at a pace that turns boardroom talk into budget line items. MarketsandMarkets' latest forecast, published in May 2024, projects the global market growing from USD 36.5 billion in 2024 to USD 78.7 billion by 2029 at a 16.6 percent compound annual growth rate. An earlier MarketsandMarkets report from September 2023 had pegged the 2023 base at USD 31.1 billion heading to USD 67.9 billion by 2028 at 16.9 percent CAGR.
| Source (date) | Base year | Base value | Forecast year | Forecast value | CAGR |
|---|---|---|---|---|---|
| MarketsandMarkets (May 2024) | 2024 | USD 36.5B | 2029 | USD 78.7B | 16.6% |
| MarketsandMarkets (Sept 2023) | 2023 | USD 31.1B | 2028 | USD 67.9B | 16.9% |
Solution revenue (spanning identity and access management, micro-segmentation, security analytics, and multi-factor authentication) accounts for the largest slice across both reports. Services, however, are projected to grow at a higher CAGR, driven by integration complexity and the shortage of in-house zero trust architects. By security type, application security leads the growth pack, a tailwind for vendors that secure workload-to-workload communication rather than just user-to-app access. The IT and ITeS vertical commands the biggest vertical share, while Asia Pacific is flagged as the fastest-growing region, outpacing North America's mature but still expanding base.
Illumio sits inside this expansion with a specific vector: Zero Trust Segmentation. The company closed its fiscal year ending January 2022 with over 60 percent worldwide revenue growth and nearly 100 percent year-over-year bookings growth, per its own announcement. The hiring pattern maps to where the market is hardening. Micro-segmentation, the core of Illumio's platform, is explicitly called out in the MarketsandMarkets taxonomy as a solution-component driver. Federal mandates and ransomware-driven breach containment demand both funnel spend toward the segmentation layer, the "inside the perimeter" controls that stop lateral movement. Analysts note that legacy perimeter tools are losing relevance as hybrid cloud estates dissolve the network edge, a dynamic that directly benefits segmentation-native architectures.
The solution segment has the largest market share in the zero trust security market due to its all-encompassing approach, which includes crucial elements such as identity and access management (IAM), multi-factor authentication (MFA), micro-segmentation, and security analytics. (MarketsandMarkets, May 2024)
Illumio's differentiation remains a purpose-built segmentation stack — agentless visibility, AI-driven policy recommendation, and a federal sales channel via Carahsoft that turns compliance deadlines into procurement vehicles.
The largest incumbents are already repositioning. Palo Alto Networks, CrowdStrike, and Zscaler each control a different slice of the enterprise security stack, and all three have accelerated microsegmentation or AI-driven capabilities in the past 18 months — moves that read as direct answers to the breach-containment narrative Illumio is pushing.
Palo Alto Networks took the most concrete step in May 2025, formalizing a partnership with Zero Networks that bolts automated microsegmentation onto its next-generation firewalls. The integration works by having Zero Networks' agentless platform discover and tag applications in roughly an hour, then synchronize that metadata with Panorama to generate dynamic address group policies in real time. Palo Alto's NGFWs then inspect the east-west traffic those policies surface. John Grady, principal analyst at Enterprise Strategy Group, described the combination as "Zero Networks' automation streamlines microsegmentation, while Palo Alto Networks NGFWs delivers deep inspection." The joint brochure claims 90% reduction in mean time to respond and "non-disruptive implementation" across on-premises and cloud assets. Forrester had already named Palo Alto a Leader in its Zero Trust Edge Solutions Wave (Q3 2023), and the company cites 95% of the Fortune 100 as customers. More recently, Palo Alto launched Idira, a next-generation identity security platform built for what it calls "the AI enterprise," and made its Prisma AIRS AI Gateway generally available, signaling that AI-driven policy generation is now a product-line priority, not a roadmap item.
CrowdStrike's response runs through its Falcon platform rather than a firewall partnership. The 2025 Global Threat Report highlighted that 79% of detections in 2024 were malware-free — a statistic that underscores why identity and behavioral analytics have become the company's primary vector for lateral-movement detection. Falcon Insider Threat Analytics and Falcon Data Protection now integrate Workday HR data to risk-score departing employees, and the company acquired Pangea to embed generative-AI guardrails directly into Falcon. The Developer Center exposes Alerts, Incidents, and Intel APIs alongside Spotlight vulnerability data, letting security teams automate containment workflows that previously required manual pivoting across consoles. CrowdStrike's pitch is that the endpoint agent is the natural enforcement point for microsegmentation; the Pangea acquisition suggests it wants the policy logic itself to be AI-generated.
Zscaler, meanwhile, has expanded its Zero Trust Exchange (a cloud platform spanning more than 160 data centers processing 500 billion transactions daily) with a "Zero Trust Everywhere" suite that adds end-to-end segmentation between and inside branch locations. The company frames this as extending microsegmentation beyond the data center to the network edge, where SD-WAN and SASE converge. Its AI-powered exchange now correlates signals across users, workloads, IoT/OT, and B2B partners to generate policy recommendations without requiring firewall hardware. Zscaler's architecture is fundamentally cloud-native; the competitive bet is that enterprises will prefer a single cloud control plane over the hybrid appliance-plus-agent models Palo Alto and Illumio represent.
The net effect: microsegmentation has moved from a niche segmentation project to a standard feature expectation across the three largest security platforms. Illumio's differentiation now rests on the AI Security Graph's ability to map hybrid-cloud traffic at cloud scale and translate that map into containment policy without the operational overhead of managing multiple vendor consoles — a claim the market will test as federal mandates and ransomware pressure push zero-trust deployments from pilot to production.
The living map that went live on July 31 still has to prove it can outrun the adversaries automating their own lateral movement. One click to quarantine. The graph keeps drawing itself.
Working in frontier tech? Zero G Talent tracks the openings: see every open Illumio role, browse frontier tech jobs, the companies hiring, and the people building the field.