GuardiCore Centra Provides Visibility, Protection Through Advanced Micro Segmentation

CSO Online takes a look at the GuardiCore Centra Security Platform in this product review.  Says CSO Online: “The GuardiCore Centra solution offers one of the most efficient ways to begin implementing powerful security using micro segmentation. The fact that it is so easy to use, reasonably priced, and can be dropped into any physical or virtual environment is just icing on the cake for this impressive security toolset.”

Complying with the SWIFT Security Controls Framework May Be Harder Than You Think

In my previous blog I briefly explained the new SWIFT regulations framework that will come into force on January 1st, 2018. In this blog I will focus on what is required to meet the first SWIFT requirement: “Restrict Internet Access & Protect Critical Systems from General IT Environment”. I will also explain how GuardiCore can help in complying with these requirements faster, simpler and in a more robust and maintainable way.

Read more

When Looking for SWIFT Audit Guidelines, Beware of the Customer Security Controls Framework

In March 2017 SWIFT published its new Customer Security Controls Framework to the community. This is the first time SWIFT is publishing such security guidance and they announced that they will start auditing compliance with those requirements from January 2018, leaving SWIFT users (roughly any financial institution in the world) only a few months to take action. Organizations that are are found to be non-compliant will be published in a specific directory letting all other users of SWIFT to know that this counterpart maybe not safe to do business with. In practice this means that any respectable financial institution will have to do the effort to comply with the new regulations.

Read more

Your Business Is Evolving, Don’t Let Your Security Strategy Be Left Behind

The way businesses and IT teams are executing today has dramatically changed and will only continue to do so.   More and more organizations are embracing DevOps, Infrastructure as a Service (IaaS) and application-centric practices.  The goal of these changes is to enable IT teams to dramatically accelerate and more effectively adapt and respond to their organization’s business needs.

Read more

GuardiCore Honored as Gold Winner in Deception Based Security in the 9th Annual 2017 Golden Bridge Awards

Golden Bridge Awards Selects GuardiCore’s Centra Security Platform as The Leader In Deception Based Security Category

San Francisco, CA and Tel Aviv, Israel – GuardiCore, a leader in data center and cloud security, today announced that it has earned the prestigious Gold status in the Golden Bridge Awards for their GuardiCore Centra Security Platform. The coveted annual Golden Bridge Awards program encompasses the world’s best in organizational performance, innovations, products and services, executives and management teams, women in business and the professions, innovations, best deployments, product management, public relations, marketing, corporate communications, international business, and customer satisfaction programs from every major industry in the world. Organizations from all over the world are eligible to submit nominations including public and private, for-profit and non-profit, largest to smallest and new start-ups.

Read more

Highlights from Black Hat & DEFCON

I spent the last week at the “Hacker Summer Camp” of Black Hat and DEFCON. Besides meeting people and enjoying the dual craziness of the DEFCON crowd and the Black Hat business hall, we also gave a well received lecture – Escalating Insider Threats using VMWare’s API. Ofri Ziv, Head of GuardiCore labs, presented a backdoor we discovered in VMware’s remote administration API, enabling vSphere users to quickly and easily take over guest machines without providing guest credentials

GuardiCore Extends Series B Funding Round to $35 Million Adding TPG Growth as a New Investor

Funding to Accelerate Growth in Large Enterprise Accounts and Expand Further into Global Markets

San Francisco, CA and Tel Aviv, Israel – GuardiCore, a leader in internal data center and cloud security, today announced that the company has raised an additional $15 million as an extension to its Series B funding round. This brings the company’s total funding raised to date to $48 million. The additional investment was led by TPG Growth, the middle market growth equity platform of alternative asset firm TPG, and Greenfield Partners, a TPG-Growth backed company based in Israel that focuses on investing in early growth-stage global technology and tech-enabled businesses. Existing investors include Battery Ventures, 83North, Cisco Investments and Dell Technologies Capital.

Read more

Escalating Insider Threats Using VMware’s API

VMware vSphere is the most widely used virtualization platform for on-premises data centers. Similarly to other virtualization platforms, it basically relies on host servers running guest machines. These hosts and guest machines can be managed using administration interfaces such as vSphere API and VIX API. The GuardiCore Labs team has discovered a vulnerability in the vSphere infrastructure that can be exploited using VMware’s Virtual Infrastructure eXtension (VIX) API. This vulnerability allows an attacker to remotely execute code on guest machines, bypassing the need for guest authentication.

Guardicore Labs to Disclose Vulnerability in VMware vSphere at Black Hat USA 2017: From vSphere User to Guest Remote Code Execution

Session to Address Vulnerability That May Allow a vSphere User to Take Over Data Center Guest Machines

San Francisco, CA and Tel Aviv, Israel – GuardiCore, a leader in internal data center and cloud security, today announced it would unveil a significant vulnerability affecting all recent VMware vSphere versions including 6.5, 6.0, 5.5 and provide mitigation at the upcoming Black Hat USA 2017.

Read more

Top 5 Things to See and Do During Black Hat 2017

From the horrors of ransomware, panic over election hacking, stolen emails to very interesting things like WannaCry andPetya/NotPetya/Nyetya/Goldeneye, it’s been a red-letter year in the world of cybersecurity. At Black Hat 2016 we introduced the Infection Monkey, free, open source pen test tool to educate the world on lateral movement.  Lateral movement is how hackers […]