Healthcare Network Secured Critical Apps and Data

One branch of a national network needed a faster, more flexible, and less disruptive way than traditional firewalls to protect highly sensitive systems across a complex environment. As audit requirements tightened and threat actors evolved, it sought a better approach to microsegmentation. By adopting Akamai Guardicore Segmentation, it rapidly improved visibility, ringfenced its most critical applications, and delivered a smooth deployment that impressed users across the business.

For years, the organization’s Network Services team relied on classic macro segmentation anchored by firewalls, DMZs, and separated zones to satisfy audit requirements. But industry controls shifted, and auditors began asking about microsegmentation.

Attempts to extend microsegmentation through firewalls proved frustrating and slow. Trying to get visibility into east-west and north-south traffic required labor-intensive manual work. “I would visualize the network traffic, identify the servers talking to our segmented networks, group them by application type, then manually build rules,” explained the Sr. IS Communications Engineer. The process was both time-consuming and brittle.

Seeing the time it took to segment an application using this method, the team realized it needed a scalable solution. “I thought, ‘What happens if we need to segment 30 applications in a short period of time?’” recalled the Manager of Network Services.

As the search began, both the Network Services and Security teams jointly evaluated options, ultimately comparing Illumio and Akamai Guardicore Segmentation in depth.

Akamai Guardicore Segmentation is a lightweight, agent-based microsegmentation solution that provides intuitive labeling, dynamic policy enforcement, and real-time visibility into application flows. Its network map includes detailed insights combined with AI-powered policy workflows that make creating segmentation policies fast, intuitive, and rooted in real workload context.

During the proof of concept, visibility stood out. “Guardicore visualized the details better than Illumio,” said the Sr. IS Communications Engineer. 

The team also compared ringfencing workflows: Illumio offered a wizard that was more akin to a network logging view, according to the engineer. In contrast, “With Akamai’s wizard, you select parameters and Akamai Guardicore Segmentation kicks in,” he said.

After applying a weighted scorecard to both solutions, the teams chose Akamai Guardicore Segmentation.

With guidance from Akamai and a clear deployment strategy, the Network Service team moved quickly. What it assumed would take a year advanced at an unexpectedly rapid pace. The team completed its first major milestone — securing 800+ servers — six weeks early.

The lightweight agent was a major contributor. “It’s a simple script,” said the Sr. IS Communications Engineer. Because the agent enters monitoring mode by default, deployment was risk-free and could occur any time of day.

The organization integrated Akamai Guardicore Segmentation with Nutanix, NetScaler, Active Directory, Splunk, and ServiceNow. The Akamai solution uses information from these integrations to automatically suggest labels. “It saved me from hunting down that information,” explained the Sr. IS Communications Engineer.

Once the team had deployed Essential Policies, it quickly advanced to ringfencing the “crown jewels”: production database servers for critical applications. “We successfully ringfenced the most important data in our environment with zero issues,” he continued. “Our SQL admins were shocked. It’s unusual for a critical project to go this smoothly.”