Have You Heard the News? Guardicore Employees Making Waves in Cybersecurity

Here at Guardicore, our employee successes are always a cause for celebration. We love seeing their names up in lights when they gain media attention for their achievements in cybersecurity and beyond.

With that in mind, let’s take a closer look at some of our Guardicore family who have hit the headlines recently, and understand why the Guardicore culture promotes and attracts this kind of success.

Encouraging our Diverse Voices

Ola Sergatchov, our Vice President of Corporate Strategy, was recently recognized as one of The Software Report’s Top 25 Women Leaders in Cybersecurity for 2019. An Executive Leader at Guardicore, Ola encourages women in technology to pursue both technical and leadership positions with creativity, integrity, and determination. Ola has more than 20 years in the industry, and combines technical knowledge with strategic business experience and an innovative flair.

On the topic of awesome Guardicore women who are gaining press attention, check out Danielle Kuznetz Nohi, Guardicore’s Information Security Researcher and Team Leader, featured in this article on female voices that are making a difference in cybersecurity. She talked about how she looks for the right skill set and personality when she is hiring for her team, applicants who show creativity, communication, organization and superb management ability.

Age is Just a Number

An open mind when it comes to hiring practices is an area where many companies fall short, often focusing on the age and experience of candidates rather than their skills and raw talent and potential to contribute. In contrast, at Guardicore we look for the right talent, no matter where it comes from. Rather than restricting ourselves to one ‘type’ of person, we look for interesting people with fresh ideas who can add to our teams. Omri’s story has attracted a lot of interest, as he was just 18 years old when he came to work for us. His high school teacher had sparked his interest by teaching him Scratch, and he began developing his own applications and programming websites.

When Omri applied to Guardicore, Daniel Goldberg, our Information Security Expert and Security Researcher, said that the decision to hire him was an easy one, although he knew that Omri could only join the team for a few months and then would leave for his army service. He saw the win-win nature of the situation, and said yes where others may have said no. Tangling with the bad actors and malicious hackers that only the top percentage of security experts ever grapple with is an unusual experience for any teenager, and one that Omri feels has prepared him for both his army intelligence unit, and an ongoing career in hi-tech.

Innovation and Fresh Thinking

A fresh voice shouting out from the frontlines of cybersecurity research, Ophir Harpaz is a reverse-engineering enthusiast, sharing her skills through her pet project, begin.re where even beginners can get some hands-on advice and knowledge. She was recently featured in 21 Cybersecurity Twitter Accounts You Should Follow for bestowing her insight and practical know-how to the masses. Innovative and exciting, it’s easy to see why she is such a good fit for Guardicore Labs.

Sharing her own story on her experience in cybersecurity, Product Manager, Avishag Daniely was recently featured in ITSP magazine, giving her fresh and unique perspective on how minorities in the workplace can fight their fear of failure.

We encourage our staff to work on their own unique personal goals, and then use these to excel in the workplace, too. Expanding the company’s global footprint and extending the search for talent to new markets is increasingly important. With this in mind, for Avishag, becoming confident in business Spanish, learning to present and hold meetings in this language helped her to close the culture gap, whether she was making new connections, presenting to large audiences, or building informal relationships while she temporarily relocated abroad.

The Best People for the Job

Despite the company experiencing great growth over the past few years, one unique element of Guardicore is that we still manage to keep a truly caring culture, the feeling of being one big family, celebrating one another’s successes.

I believe that this has a lot to do with our hiring practices, and how we create a strong, cohesive culture that runs through everything we do as a company. Tune in to my next blog to hear about the steps we put in place to make this happen.

The Nansh0u Campaign – Hackers Arsenal Grows Stronger

Guardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.

4 Insights about the Salesforce Outage

On May 17th, Salesforce announced a significant outage to its service, resulting in customers losing access to one of the most critical applications being used daily. The issue was acknowledged by Parker Harris, Salesforce’s chief technology officer and a co-founder, while the company worked together to try to resolve the critical outage as soon as possible.

At the center of the disaster was a faulty database script that was deployed in the production environment. Salesforce announced that “a database script deployment inadvertently gave users broader data access than intended.” This affected Salesforce customers who use Salesforce Pardot, a b2b marketing CRM, as well as any customers who have used Pardot in the past. The inadvertent access allowed users to both read and write permissions to restricted data.

Salesforce took initial steps to mitigate the problem by blocking access to all instances that contained impacted customers, and by shutting down other Salesforce services. This heat map below shows the extent of the blackout for Salesforce customers.

Salesforce outage map

The essential nature of the Salesforce application is self-evident, so these outages were extremely significant. Users who need Salesforce on a daily basis as part of their job found themselves idle, forcing many businesses to simply send them home.

As a data center company, focused on protecting the most critical applications, here are our essential four insights following the crisis:

  1. Think Further than Cyber-Attacks
    Always remember that cyber-attacks are not the only threats on your data center. When evaluating your data-center risks, it is important to take into account internal “threats” and implement the right controls that will protect your “digital crown jewels” – the most critical business applications and processes. For example, separating your production and development environments is foundational for strong security, ensuring that testing scripts cannot run in your production environment, even in the case of human error.
  2. Always Consider the Cloud
    Companies are increasing their presence on the cloud, for reasons such as a positive impact on cost, maintenance efforts, and flexibility. However, security needs to be considered from the outset of your cloud strategy. Some companies are unaware that cloud apps have a greater exposure to different threats due to lack of visibility and the difficulty to introduce policy and controls. On the cloud, your business is at greater risk in the case of a breach or an outage.
  3. Zero Trust
    You cannot trust your single point of configuration to control and isolate your environment. Best practice is to criticize your controls and simulate the situation of failures. Zero Trust, the approach of “never trust, always verify,” can be focused on lateral movement and breach detection attempts in internal vs. external networks. However, it can also be relevant for any security controls that are being used or updated. In many cases, your business is in danger from internal threats, misconfigurations, and innocent mistakes, all of which can be as catastrophic as a malicious cyber-attack. The zero trust approach helps to limit the damage.
  4. Be Ready for a Crisis
    Distributed controls are your strongest weapon to ensure that you are prepared for any eventuality. These will allow you to act quickly against the unexpected, especially in hybrid cloud environments where you need to manage multiple clusters and control planes. Make sure that you have the visibility and control of your entire environment that allows you to instantly isolate any affected environments. This will give you time to put your incident response plan into place, and protect your critical assets until a solution has been found.

The Salesforce outage shows that mistakes can happen to anyone, and the best protection is always going to be preparation. Start by separating your environments, limiting the exposed surface, and then move on to using the zero trust model to keep your most critical assets safe from harm, even in a hybrid-cloud infrastructure. Remember that without adequate segmentation, you are exposing your applications to internal threats as well as external ones. With strong data center security, you are one step ahead at all times.

Want to learn more about micro-segmentation in the cloud? Read our white paper on how to secure today’s modern data centers.

Download now

Guardicore Raises $60 Million; Continues to Build Momentum in Cloud and Data Center Security

Led by New Investor Qumra, Funding Fuels Company Growth and Continued Disruption in Firewall and Data Center Markets

Boston, Mass. and Tel Aviv, Israel – May 21, 2019 – Guardicore, a leader in internal data center and cloud security, today announced it has raised $60 million in Series C funding, bringing the company’s total funding to $110 million. This more than doubles the total capital raised to date and represents an endorsement of Guardicore’s current momentum as the company continues to disrupt the broader firewall and data center markets.

“Any organization has critical IT assets that need to be secured. Our distributed, software-defined segmentation solution is the simplest way to secure these assets whether they reside in the cloud or on premises. The days of being chained to legacy firewalls are over,” said Pavel Gurvich, CEO and co-founder of Guardicore.  

New investor Qumra Capital led the round and was joined by other new investors DTCP, Partech, and ClalTech, Access Industries’ vehicle for Israeli technology investments. Existing investors Battery Ventures, 83North, TPG Growth, and Greenfield Partners also participated in the round. Guardicore will leverage the funds to fuel continued growth and accelerate investments in sales, marketing and customer service as it seeks to expand delivery of its Guardicore Centra security platform to enterprise organizations seeking to protect dynamic data center and cloud infrastructure environments. Ram Metser, Executive Chairman of Segterra, Inc., an innovative digital health analytics company, and former CEO of Guardium, Inc., a dominant database security company acquired by IBM, also joined the Guardicore board of directors.

Continued Gurvich, “Since our last round of funding, we have successfully been able to articulate our vision and demonstrate that the market is ripe for disruption. With consistent revenue growth the past three years and large-scale deployments with numerous Fortune 500 customers, we have proven that our product is more intuitive, flexible, and makes security easier to apply than traditional firewall technology currently being used to protect internal and cloud infrastructure. We are displacing incumbent players and newcomers alike as we strive to help our enterprise customers quickly secure their business-critical applications and data, reduce the cost and burden of compliance and secure cloud adoption.”

“Deutsche Bank is committed to the highest standards of security and a high priority for us is implementing tight network segmentation in our on-premise and cloud environments. Guardicore gives us an effective way to protect our critical assets through segmentation,” said Alan Meirzon, Director, Chief Information Security Office at Deutsche Bank, a Guardicore customer.

“Guardicore is changing the way enterprises approach data center security with modern segmentation capabilities that overcome the inherent inefficiencies of traditional techniques and results in stronger security for enterprise environments,” said Boaz Dinte, founding partner of Qumra Capital, investing in exceptional late-stage companies. “Guardicore is disrupting the market and is well positioned to capitalize on the broader opportunities this presents. We were compelled to invest as the lead in this round because we believe Guardicore will play a critical role in shaping the future of enterprise security, helping organizations better protect vital systems and data as we evolve our digital information society.”

“Guardicore is led by an exceptionally strong team with deep tech know-how and has demonstrated consistent growth and momentum since inception. With wide-spread adoption of distributed and hybrid infrastructures, we need a new paradigm for enterprise security outside of classic perimeters,” said Irit Kahan, Managing Director at DTCP, a global investment platform with c. $1.7 billion assets under management from Deutsche Telekom and other institutional investors. “The company’s unique market positioning and attractive roster of customers across the US and Europe, including some of the largest Fortune 500 names, have validated the value and scale of Guardicore’s approach and strong capabilities.”

Guardicore protects data centers of large and mid-sized enterprises across North America, South America, and EMEA in financial, healthcare and retail industries, including global, blue-chip brands.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Guardicore Raises $60 Million; Funding Fuels Company Growth and Continued Disruption

Today I am excited to share that we have secured a Series C funding round of $60 million, bringing our total funding to more than $110 million. The latest round was led by Qumra Capital and was joined by other new investors DTCP, Partech, and ClalTech. Existing investors Battery Ventures, 83North, TPG Growth, and Greenfield Partners also participated in the round.

Since we launched the company in 2015, Guardicore has been focused on a single vision for providing a new, innovative way to protect critical assets in the cloud and data center. Our focus, and our incredible team, has earned the trust of some of the world’s most respected brands by helping them protect what matters most to their business. As the confidence our customers have in us has grown, so has our business, which has demonstrated consistent year-over-year growth for the past three years.

Our growth is due to our ability to deliver on a new approach to secure data centers and clouds using distributed, software-defined segmentation. This approach aligns with the transformation of the modern data center, driven by cloud, hybrid cloud, and PaaS adoption. As a result, we have delivered a solution that redefines the role of firewalls and implementing Zero Trust security frameworks. More dynamic, agile, and practical security techniques are required to complement or even replace the next-generation firewall technologies. We are delivering this and give our customers the ability to innovate rapidly with the confidence their security posture can keep up with the pace of change.

Continued Innovation

The movement of critical workloads into virtualized, hybrid cloud environments, industry compliance requirements and the increase of data center breaches demands a new approach to security that moves away from legacy firewalls and other perimeter-based security products to a new, software-defined approach. This movement continues to inspire our innovations and ensure that our customers have a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment.

Our innovation is evident in several areas of the company. First, we have been able to quickly add new innovative technology into our Centra solution, working in close partnership with our customers. For example, we deliver expansive coverage of data center, cloud infrastructure and operating environments, and simpler and more intuitive ways to define application dependencies and segmentation policies. This gives our customers the right level of protection for critical applications and workloads in virtually any environment.

Second, our Guardicore Labs global research team continues to provide deep insights into the latest exploits and vulnerabilities that matter to the data center. They also equip industry with access to open source tools like Infection Monkey, and Cyber Threat Intelligence (CTI) that allows security teams to keep track of potential threats that are happening in real time.

We have also continued to build out other areas of our business, such as our partner ecosystem, which earned the five-star partner program rating from CRN since its inception two years ago, as well as our technology alliances, which include relationships with leading cloud / IaaS infrastructure players such as AWS, Azure, and Nutanix.

Looking Ahead

We are proud of our past, but even more excited about our future. While there is always more work to do, we are in a unique position to lead the market with not only great technology, but a strong roster of customers, partners and, most importantly, a team of Guardicorians that challenge the status quo every single day to deliver the most innovative solutions to meet the new requirements of a cloud-centric era. I truly believe that we have the best team in the business.

Finally, as we celebrate this important milestone, I want to say thanks to our customers who have made Guardicore their trusted security partner. It is our mission to continue to earn your trust by
ensuring you maximize the value of your security investments beyond your goals and expectations.

4 of the Most Devastating Data Center Breaches of the Past 5 Years. (And How They Could Have Been Prevented)

In our last blog about data center hygiene, I talked about how most hackers are getting into your data centers in pretty standard, and more importantly, preventable ways. You can read more in depth about hacks and security with some interesting perspectives and thought leadership from our Guardicore Labs team, who research and write about the truly interesting campaigns they discover and analyze. In this article, however, I want to focus on four of the most talked about breaches of the past few years. By looking at what was stolen, who was impacted, how the data center breaches occurred, and what the tangible damage was, we should be able to see a pattern in how these attacks were perpetrated, and how they could have been stopped.

Equifax – What Happened?

The amount of data stolen was huge, including 148 million American names, dates of birth and social security numbers, 15 million British names, dates of birth and driving license and financial details, and an unknown number of PII belonging to Canadians and Australians. Home addresses, genders, passport details and taxpayer ID cards were stolen, as well as payment card information.

The damage to Equifax continues to grow. The stock drop alone cost the company $4 billion, alongside scrapped bonuses and IT costs of $242.7 million. There are 19 class action lawsuits pending against the company, and fines outstanding from US and Canadian regulatory commissions. The UK have fined the company £500,000, (US$660,000) which is the maximum they could levy prior to new GDPR regulations.

How Could it Have Been Prevented?

The initial entry point for the Equifax attackers was an unpatched vulnerability in their front-end web services, specifically in Apache Struts 2.0. According to the US House of Representatives, “The company’s failure to implement basic security protocols, including file integrity monitoring and network segmentation, allowed attackers to access and remove large amounts of data.” To understand more about this advice, see our deep dive on the Equifax failures.

Segmentation was obviously a core problem for Equifax- the lack of segmentation allowed the attackers to move with ease to critical areas once they made it through the perimeter. This was made worse by poor data hygiene, something we mentioned in our previous blog. The hackers were able to steal the data because of an out-of-date digital certificate, which had expired more than 19 months before the breach.

Equifax have also been criticized for their lack of proper incident response, a problem we see in many data center breaches. As early as August 2016, Equifax was warned about vulnerabilities, and told about flaws in their data center. Allegedly, the company did nothing, even when they learned that hackers had broken into their computer system and when they observed and blocked what they called “suspicious network traffic.” This dangerous inaction is not only illegal, but borders on negligence.

Target – What Happened?

100 million customers were affected by the 2013 Target data center breach, with data exposed including mailing addresses, names, email addresses, phone numbers and credit and debit card account data. This information could then be used to hack consumer accounts or launch phishing scams. Financial data stolen was complete, including account numbers, CVV codes and expiration dates.

Target also suffered a drop in their stock price as a result of the data center breach, with hundreds of lawsuits and around $3.6 billion worth of fines levied against them. The most unique outcome of this in comparison to other data center breaches is that it caused a total change to the retail industry. Card payment systems and Point of Sale systems were changed, the EMV chip was adopted, and a new protocol began with the tokenization of transactions.

How Can Data Center Breaches like the Target Attack be Avoided?

Third party vendors and services can be the weakest link in your ecosystem, without you even knowing it. For Target, the hack of their HVAC vendor network was the entry point for the hackers. With the right amount of visibility, the company could have seen that this was a risky connection, and a potential breach point. Once inside the Target network, the financial data was accessible to the attackers because it was not segmented for PCI compliance. Lastly, poorly patched Point of Sale systems could have been protected with better account management.

While the company was warned of the breach in advance, the CISO at Target was concerned about losing revenue during the all-important holiday season, so delayed the incident response.

Yahoo – What Happened?

The largest breach of its kind, 1 billion records were exposed in 2014 when Russian hackers infiltrated the Yahoo network. Among the data stolen was email addresses, usernames, phone numbers, security questions and encrypted passwords. This information has since been used in hundreds of attacks worldwide. Shockingly, Yahoo failed to notify anyone about the breach until 2016, and there is still not a clear answer to how the network was breached.

In 2018, the SEC fined them $50 million, and as with all data center breaches that affect this many individuals, there is likely to be more financial and legal consequences on the way.

Marriott – What Happened?

It can be hard to gauge the damage of an attack, especially when the company in question is less than upfront about the situation. Attackers breached the network of the Starwood systems, owned by Marriott hotels, during 2014, which means they achieved a dwell time of at least 1441 days. The hackers were Chinese intelligence services, with the motive of tracking people of interest and espionage.

The data stolen includes the names, phone numbers, email addresses, dates of birth and passport information of guests at the hotel, providing clear benefits for intelligence agencies who want insight into people’s movements, meetings, and credentials. It can also be used to create counterfeit passports, with real identification information. The secrecy around this attack, and the length of the dwell time means that the consequences are likely to be harsh. The GDPR breach alone will cost Marriott $915 million, while US federal investigations are still underway before further fines can be given.

Gaining Visibility and Control over Data Center Breaches like Yahoo and Marriott

Now let’s look again at our data center security checklist from the previous blog. In all of these cases, solving the issues on the checklist could have reduced risk and perhaps even prevented these data center breaches. Starting with visibility, identify your critical assets and digital crown jewels, so that you know where segmentation can make a difference. Ensure that areas of compliance are near the top of your to-do list. Protect your data center from the weakest links, namely the third-party vendors, suppliers and distributors who could be putting you at risk. Lastly, alongside underlying data hygiene, make sure you have an incident response plan that is up to date and tried and tested.

Want to learn more about how segmentation and micro-segmentation can help you achieve early wins for your company? Check out our white paper on smart segmentation.

Read More

Interested in research? Follow the exploits uncovered by Guardicore Labs here. You can also check out Infection Monkey, a free, open source vulnerability assessment tool that works across premises, vSphere, multiple clouds and containers. A recent addition- look up potential threatening domains and IPs using our cutting-edge Cyber Threat Intelligence.

May 2019’s Patch Tuesday: Must-Knows for Every Data Center

Guardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.

Containers vs Virtual Machines – Your Cheat Sheet to Know the Differences

Docker, Kubernetes, and even Windows Server Containers have seen a huge rise in popularity the last few years. With the application container market having a projected CAGR (Compound Annual Growth Rate) of 32.9% between 2018 to 2023, we can expect that trend to continue. Containers have a huge impact on application delivery and are a real game changer for DevOps teams.

However, despite the popularity of containerization, there is still significant confusion and misunderstanding about how containers work and the difference between containers and virtual machines. This also leads to ambiguity in how to properly secure infrastructure that uses containers.

In this piece, we’ll provide a crash course on containers vs virtual machines by comparing the two, describing some common use cases for both, and providing some insights to help you keep both your virtual machines and containers secure.

What are Virtual Machines?

VMware’s description of a virtual machine as a “software computer” is a succinct way to describe the concept. A virtual machine is effectively an operating system or other similar computing environment that runs on top of software (a hypervisor) as opposed to directly on top of bare metal computer hardware (e.g. a server).

To better conceptualize what a virtual machine is, it’s useful to understand what a hypervisor is. A hypervisor is a special type of operating system that enables a single physical computer or server to run multiple virtual machines with different operating systems. The virtual machines are logically isolated from one another and the hypervisor virtualizes the underlying hardware and gives the virtual machines virtual compute resources (CPU, RAM, Storage, etc.) to work with. Two of the most popular hypervisors today are Windows HyperV and VMware’s ESXi.

In short, hypervisors abstract away the hardware layer so virtual machines can run independent of the underlying hardware resources. This technology has enabled huge strides in virtualization and cloud computing over the last two decades.

Note: If you’re interested in learning more about the nuts and bolts of hypervisors, it is important to note that what we’ve described here is a “Type 1” hypervisor. There are also “Type 2” hypervisors (e.g. Virtual Box or VMware Fusion) that can run on-top of standard operating systems (e.g. Windows 10).

What are Containers?

A container is a means of packaging an application and all its dependencies into a single unit that can run anywhere the corresponding container engine is. To conceptualize this, we can compare what a container engine does for containers to what a hypervisor does for virtual machines. While a hypervisor abstracts away hardware for the virtual machines so they can run an operating system, a container engine abstracts away an operating system so containers can run applications.

If you’re new to the world of containers and containerization, there is likely a ton of new terminology you need to get up to speed on, so here is a quick reference:

  • Docker. One of the biggest players in the world of containers and makers of the Docker Engine. However, there are many other options for using containers such as LXC Linux Containers and CoreOS rkt.
  • Kubernetes. A popular orchestration system for managing containers. Kubernetes will often be written as “K8s” for short. Other less popular orchestration tools include Docker Swarm and Apache Marathon.
  • Cluster. A group of containers that has a “master” machine that enables orchestration and one or more worker machines that actually run pods.
  • Pods. Pods are one or more containers in a cluster with shared resources that are deployed for a specific purpose.

Understanding the differences between containers vs virtual machines becomes easier when you view them from the standpoint of what is being abstracted away to provide the technology. With virtual machines, you’re abstracting away the hardware that would have previously been provided by a server and running your operating system. With containers you’re abstracting away the operating system that has been provided by your virtual machine (or server) and running your application (e.g. MySQL, Apache, NGINX, etc.).

Use Cases for Containers vs Virtual Machines

At this point, you may be asking: “why bother with containers if I already have virtual machines”? While that is a common thought process, it’s important to understand that each technology has valid use cases and there is plenty of room for both in the modern data center.

Many of the benefits of containers stem from the fact they only include the binaries, libraries, other required dependencies, and your app – no other overhead. It should be noted that all containers on the same host share the same operating system kernel. This makes them significantly smaller than virtual machines and more lightweight. As a result, containers boot quicker, ease application delivery, and help maximize efficient utilization of server resources. This means containers make sense for use cases such as:

  • Microservices
  • Web applications
  • DevOps testing
  • Maximization of the amount of apps you can deploy per server

Virtual machines on the other hand are larger and boot slower, but they are logically isolated from one another (with their own kernel) and can run multiple applications if needed. They also give you all the benefits of a full-blown operating system. This means virtual machines make sense for use cases such as:

  • Running multiple applications together
  • Monolithic applications
  • Complete logical isolation between apps
  • Legacy apps that require old operating systems

It’s also important to note that the topic of containers vs virtual machines is not zero-sum and the two can be used together. For example, you can install the Ubuntu Operating System on a virtual machine, install the Docker Engine on Ubuntu, and then run containers on top of the Docker Engine.

Security Challenges of Containers vs Virtual Machines

As data centers and hybrid cloud infrastructures integrate containers into an already complex ecosystem that includes virtual machines running on-premises and a variety of cloud services providers, keeping up with security can be difficult.

While virtual machines do offer logical isolation of kernels, there are still a myriad of challenges associated with virtual machines including: limited visibility to virtual networks, sprawl leading to expanded attack surfaces, and hypervisor security. These problems only become more magnified as your infrastructure scales and becomes more complex. Without the proper tools, adequate visibility and security is more challenging.

This is where Guardicore Centra can help. Centra enables enterprises to gain process-level visibility over the entirety of their infrastructure, whether virtual machines are deployed on-premises, in the cloud, or a mixture of both. Further, micro-segmentation helps limit the spread of threats and meet compliance requirements.

Micro-segmentation is particularly important when you begin to consider the challenges associated with container security. Containers running on the same operating system share the same kernel. This means that a single compromised container could lead to the host operating system and all the other containers on the host being compromised as well. Micro-segmentation can help limit the lateral movement of breaches and further harden a hybrid cloud infrastructure that uses containers.

Interested in Learning More About Securing Your Infrastructure?

That was our quick “cheat sheet” regarding containers vs virtual machines. We hope you enjoyed it! If you’d like to learn more about Docker security, check out our 5 Docker Security Best Practices to Avoid Breaches article. To learn more about securing modern infrastructure, check out our white paper on securing modern data centers and clouds. If you’d like to learn more about how Centra can help secure your hybrid cloud infrastructure, contact us today.

Easy Ways to Greatly Reduce Risk in Today’s Data Centers

Whether your infrastructure is on premises, in the cloud, or a combination of hybrid cloud, there are core characteristics of breached data centers that make them vulnerable to attack. These data centers are easier to penetrate and utilize, making them higher value targets for opportunistic hackers to exploit.

The truth is, protection is not that complicated. There are common, easily fixable data center problems that come up again and again in the biggest breaches, and best practices that can be easily implemented to provide significant risk reduction for your company against these kinds of threats. While security professionals often feel inundated with content that discusses ideas like “IT ecosystems are increasingly complex and fast-changing, and are therefore so difficult to secure” this is – in most cases, simply wrong.

What Are the Attackers Looking For?

Data centers offer the biggest bang for the criminal’s buck, whether that’s harvesting PII or other sensitive information such as technical intellectual property and best practices. Beyond direct gain, data centers offer a wealth of processing power which many attackers hijack for additional revenue opportunities to resell to other criminal groups. The black market for cyber-crime is continuously growing, with examples such as DDoS-as-a-service, and RAT-as-a-service giving attackers access to your compute infrastructure, to inject malware or to achieve remote access. We’ve even seen victims become the “false flag” bounce network to obfuscate an attack’s origin. Using hijacked resources for cryptocurrency mining is a steadily growing threat as well, up 459% in 2018.

The Simple Fixes That if Ignored, make a Data Center Easy to Compromise

Just over three years ago, In proposing a Zero Trust model, John Kindervag of Forrester said that we need to move to architectures with “no more chewy centers.” When we look broadly at data centers there are several things that lead them naturally to be what we don’t want, very soft in the middle. By making small changes, we can turn these deficits into enterprise positives, doing much to prevent future attacks from occurring and catching them quicker when they do happen.

  1. Good hygiene: Far too often attacks in data centers start by taking advantage of poor hygiene. By merely shoring up the below, attackers would have a much more difficult time getting in.
    1. Better patching acumen – doing a better job at finding unpatched vulnerabilities in applications.
    2. Better password and account management and enabling two factor authentication – many attacks come from simple brute force password attacks against single factor authentication applications.
    3. Better automation including OS, Application and kernel checks – while we have become very good at applying DevOps scripting in the form of auto-provisioning and managing playbooks/scripts like chef, puppet, ansible, we have not always added easy to incorporate OS, application and kernel update checks into those scripts. Instead of spinning up new automations that are only as good as the day they were born, it would be very easy to perpetually – and automatically update these scripts with these added checks cutting down exploitable vulnerabilities easily.
  2. Better segmentation & micro-segmentation – when an enterprise incorporates modern segmentation techniques – even if sparingly, it finds its risk greatly reduced. What makes these modern segmentation techniques different than what we have used in the past? Several things.
    1. Segmentation that is platform-agnostic and which provides visibility and enforcement to all platforms quickly and easily – Today’s data centers are heterogeneous in nature. Enterprises have embraced modern hypervisors and operating systems, containers and clouds, as well as serverless technology. Most enterprises also contain a good number of legacy systems and EoL operating systems such as Solaris, HP/UX, AIX, EoL Windows or EoL Linux as well.
    2. Segmentation that can be automated and works like your DevOps-based enterprise – Traditional security devices such as legacy firewalls, ACLs, and VLANs are extremely resource-intensive and impossible to manage in this kind of complex and dynamic environment. In some cases, such as in a hybrid cloud infrastructure, legacy security is not just insufficient, it’s unfeasible as a solution altogether. Enterprises need visibility across all of your platforms easily and seamlessly. Micro-segmentation technology is built for the dynamic and platform-agnostic nature of today’s enterprises, without the need for manual moves, adds, changes, or deletes. What is extremely important to understand – these modern techniques have been proven time and time again to be able to be implemented 30x faster than legacy techniques can be deployed and maintained.
    3. Segmentation – even when applied sparingly in “just a start” manner – this begins to reduce attack surface greatly. Grabbing these low hanging fruit makes it easy. Such examples include, but are not limited to:
      1. Isolating/securing off a compliance mandated environments
      2. Segmenting your “critical crown jewels” applications
      3. Sectioning off your vendors, suppliers, distributors, contractors off from the rest of the enterprise
      4. Securing off critical enterprise services and applications like remote access, network services and others
  3. Adequate Incident Response Plans & Practice – the final critical ingredient that can easily change an enterprise data center posture is having a well-thought -out incident response plan. One which incorporates not only the technical staff but also the business and legal parties that need to be involved as well. These plans should be practiced with incident response drills planned and run to establish blind spots or gaps in security.

Don’t believe everything you hear. Many of today’s biggest breaches are entirely preventable. In my next blog, I’ll take a look at four of the most devastating data center breaches from the last five years, and see how the checklist above could have made all the difference.

Interested in learning more about how to secure modern data centers and hybrid cloud environments?

Check out our White Paper on re-evaluating your security architecture