Guardicore Enhances Ease-of-Use and Security for Infection Monkey

New MITRE Techniques and Enhanced User Interface Will Be Demonstrated at DEF CON Red Team Village

Boston, Mass. and Tel Aviv, Israel – August 6, 2020 – Guardicore, the segmentation company disrupting the legacy firewall market, today unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation (BAS) tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework.

New capabilities include an expanded list of MITRE ATT&CK techniques, user interface improvements, and increased security measures for the user. Today’s updates demonstrate Guardicore’s commitment to empowering cybersecurity professionals with sophisticated but easy-to-use tools that significantly improve security posture. Guardicore will be showcasing the open source tool’s new functionality and user interface together with the already existing features at this year’s DEF CON Red Teams Village’s virtual conference on Thursday, August 6th at 8:30 p.m. ET.

Infection Monkey is a self-propagating testing tool that hundreds of information technology teams from across the world use to find weaknesses in their on-premises and cloud-based data centers. Over the past four years, Infection Monkey has gained significant momentum and popularity amongst the cybersecurity community. With more than 3,200 stars on Github, Infection Monkey is trusted by large enterprises, educational institutions, and more, and has garnered praise from distinguished industry analysts such as Dr. Chase Cunningham, principal analyst at Forrester.

“In cyberspace and in cyber warfare exploitation, attacks succeed because they locate and leverage the weak points in systems and networks. In order to defend from this type of attack cycle, it is necessary to continually test the system for those likely weak points. But this can be difficult, especially when dealing with large infrastructures that are bridged between cloud, non-cloud, on premises, off premises, and a wide variety of other potential configurations. Infection Monkey is one of the most well-aligned tools that fits this need. I’m a huge fan.” – from Chase Cunningham’s “Cyber Warfare – Trust, Tactics, and Strategies”

Expanded MITRE ATT&CK Techniques and Reporting
Recognizing that cybersecurity experts and enterprise DevSecOps teams continue to rely on the MITRE-developed ATT&CK framework as the foundation for network security tests and assessments, Infection Monkey 1.9.0 now offers a total of 32 MITRE ATT&CK techniques available for testing. These new attack techniques enable cybersecurity professionals to exhaustively test their network like never before while also empowering them to easily communicate steps towards actionable remediation with all relevant stakeholders, from IT to the C-suite.

Improved Usability
As the cybersecurity skills gap continues to widen and IT teams find themselves short-staffed, Infection Monkey 1.9.0 received several interface improvements that ensure the tool can be easily implemented – and most importantly valuable – with no additional staff or education.

Infection Monkey 1.9.0’s user interface has been significantly upgraded for configuration, making it easier than ever to set up a variety of different test scenarios on the network. In addition, Infection Monkey 1.9.0 now runs more stealthily to avoid interruptions in attack simulations, and improve coverage rates.

Secure By Default
Guardicore is committed to ensuring that Infection Monkey offers the highest standards of quality and safety as a tool. Deployed in enterprise production data centers and cloud deployments, delivering a secure and stable tool is a top priority.

Therefore, Infection Monkey 1.9.0 now requires a secure login by default and has also been verified as secure by Synk.io, a security firm that continuously scans for vulnerabilities in software dependencies. Users of Infection Monkey 1.9.0 can be confident that the tool is safe and secure for deployment.

“Our mission with Infection Monkey is to equip cybersecurity professionals with a valuable open source tool that helps improve their security posture against cybercriminals,” said Shay Nehmad, Team Lead and Open Source Software Developer, Guardicore. “With this new version, we have made it easier than ever to use the tool’s sophisticated features.”

About Guardicore
Guardicore is the segmentation company disrupting the legacy firewall market. Our software-only approach is decoupled from the physical network, providing a faster alternative to firewalls. Built for the agile enterprise, Guardicore offers greater security and visibility in the cloud, data-center and endpoint. For more information, please visit www.guardicore.com or go to Twitter or LinkedIn.

Guardicore Receives Application Certification from ServiceNow

Company’s Software-Only Segmentation Platform Empowers ServiceNow Customers to Gain Greater Security and Visibility of Business-critical Applications

Boston, Mass. and Tel Aviv, Israel – July 30, 2020 – Guardicore, the segmentation company disrupting the legacy firewall market, today announced it has received certification of its application with ServiceNow, the fastest-growing enterprise cloud software company in the world, available now in the ServiceNow Store. Certification by ServiceNow is only granted to apps available in the Store and signifies that Guardicore Centra has successfully completed a set of defined tests focused on Now Platform security, compatibility, performance, and integration interoperability.

Guardicore makes it easy for enterprises using ServiceNow to integrate disparate data sources and create a unified labeling scheme across their cloud infrastructure, data centers, and endpoints. When used with Guardicore, these data-driven insights help security teams visualize network traffic and accelerate segmentation initiatives aimed at reducing the attack surface and eliminating risk. ServiceNow’s CMDB servers regularly sync with Guardicore Centra to ensure new on-premise and cloud workloads are labelled properly and protected.

Our innovative Centra platform uses the most advanced labeling and policy engines to deliver segmentation decoupled from the physical network to help agile enterprises gain visibility and secure their critical applications,” said Sharon Besser, VP business development, Guardicore. “Integrating with ServiceNow’s CMDB makes it easier than ever for our mutual customers to aggregate, analyze, and act on data-driven insights that protect critical data and prevent lateral movement inside their environment”

To learn more about Guardicore’s partner program, please visit: https://www.guardicore.com/partners/

ServiceNow Store
The ServiceNow Store is the exclusive source for Now Certified apps from ISV Technology Partners that complement and extend ServiceNow and accelerate time to value for customers.

ServiceNow, the ServiceNow logo, Now, Now Platform, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.

About Guardicore
Guardicore is the segmentation company disrupting the legacy firewall market. Our software-only approach is decoupled from the physical network, providing a faster alternative to firewalls. Built for the agile enterprise, Guardicore offers greater security and visibility in the cloud, data-center and endpoint. For more information, please visit www.guardicore.com or go to Twitter or LinkedIn.

An Affordable Approach for Reducing the Attack Surface of the Evolving Telecommunications Infrastructure

Telecommunications service providers are constantly launching new service offerings that require new infrastructures and cloud technologies. This requires managing the security posture in hybrid and complex environments, many times having to use different tools for each.

Guardicore has taken an entirely new approach that simplifies the challenge and makes the process significantly more effective. With Guardicore Centra, telecommunications service providers can segment their most important assets by focusing on three steps:

  • Visualize
  • Build
  • Enforce

Let’s look at each of these in-depth.

Visualize Telecommunications Infrastructure

Adonias Filho, Senior Sales Manager at Italtel, a leading telecommunications provider and Guardicore strategic partner, notes, “Segmentation is a need that has long been felt – but unfortunately never [previously] been achieved in an effective way. The micro-segmentation projects have been catastrophic, because it was not possible to segregate something if you don’t know exactly what it is.”

In other words, you can’t design an effective segmentation program if you don’t have complete visibility into application interdependencies and communication flows. Guardicore Centra rectifies that issue, making it quick and easy to visualize and secure on-premise and cloud workloads.

Adonias adds, “The main point Guardicore brings to this context is visibility. Starting out from visibility, one can propose rules for separation, segmentation, micro-segmentation, and nano-segmentation. With Guardicore, I was able to implement micro-segmentation rapidly and with stability – that is to say, without any problems.”

Centra collects and maps detailed information about application functionality, communication flows, and dependencies. These maps make it simple for security teams to assess potential for exposure and identify when assets have been compromised. They can also define expected behavior and identify areas where additional controls can be applied to reduce the attack surface.

Build Rules With Ease

Telecommunications service providers feel constant pressure from regulations and industry standards. In addition, they operate complex infrastructures. The two issues combine to create a challenging situation, wherein managing/enforcing security controls and reporting on risk across a diverse set of technologies on multiple platforms is resource intensive. Moreover, frequent reconfiguration needs can result in production downtime.

Because of these security challenges, telecommunications communities often end up with security gaps and broad attack surfaces. This leaves them vulnerable to illicit activities.

With a single click, Guardicore Centra generates automated rule suggestions and enables organizations to quickly build strong security policies. Intuitive workflows and a flexible policy engine allows for continuous policy refinement and reduces costly errors.

Enforce Consistent Security Controls

Guardicore Centra helps Telecommunications companies maintain consistent security controls, regardless of their underlying infrastructure. Leveraging software-based overlay segmentation technology enables telecommunications companies to achieve network segmentation in record time, with significant risk reduction across all types of infrastructure.

What’s more, Guardicore provides integrated breach detection and response capabilities, enabling businesses to see policy violations in the context of an active breach. Data exfiltration in particular – a threat which telecommunications services are vulnerable to due to the new infrastructure and technologies they support – requires the kind of protection that Guardicore provides.

All an attacker needs is an opening to a single network-connected resource in order to be able to move laterally across the network. At that point, they can access the entire infrastructure and destroy, ransom, or steal any data they want.

As Adonias comments, “Protection in data centers and clouds defends, at the origin, the companies that subcontract provider services. Why try to invade directly a large company, with its defenses up to speed, if there is an open door to it through a provider from whom it outsourced – for example its financial department?”

With Guardicore, organizations can contain this type of attack before it spreads across the company, keeping it from becoming a true disaster. Using Guardicore Centra, telecommunications providers have been able to dramatically shrink their attack surfaces across thousands of critical servers without service disruptions, significantly reducing risk and impact of security breaches.

Learn More About Protecting Telecommunications Infrastructures Today

Ready to learn more? Join the webinar, Simple and Fast Segmentation for Telecommunication Service Providers, to hear about:

  • Real-world security challenges facing Telecommunications CISOs, including:
    • Maintaining full visibility across all environments
    • Enforcing third-party access controls
    • Protecting 5G technology, cloud infrastructure, and legacy assets
  • How security and cloud infrastructure professionals can accelerate and simplify segmentation projects
  • Deutsche Telekom’s approach to segmentation and its enable of hyperscale in data centers and clouds

View the webinar.

What SANS Thinks About Guardicore’s Micro-Segmentation Solution

Gone are the days when perimeter security or traditional segmentation were all you needed to keep your crown jewels safe. As the speed of work and cloud integration increases, traditional security models no longer suffice. Instant visualization of your security posture with context is key. A software-defined segmentation will get you where you need to be in a faster, easier and in a more cost-effective manner. Moreover, it replaces other disparate, time-intensive segmentation methodologies with a single method that works across all environments seamlessly.

That’s where Guardicore Centra comes in.

It’s a no-brainer that we think our micro-segmentation solution is pretty awesome. What has been more exciting to see, is the enthusiasm with which analysts and customers have embraced our solution as well. In fact, SANS analyst Dave Shackleford recently ran Guardicore Centra through its paces, testing the product across a wide variety of environments. After pummeling it with attack scenarios and trying out all its features, he uncovered some interesting insights.

Read the SANS evaluation report: Securing Assets Using Micro-Segmentation: A SANS Review of Guardicore Centra

Guardicore Centra is Comprehensive

Guardicore Centra replaces multiple, arduous security methods with a single agnostic approach. Attempting to find a separate solution for each new platform, infrastructure, operating system, etc. – and every legacy one as well – doesn’t work. Instead, Guardicore provides visibility and a single point of management across it all, supplying a context-rich, unified view from a single pane of glass.

“Guardicore provides assurances that we are locking down the environment properly while validating that Azure is doing its job in a very efficient and effective way.”

~Michael Lamberg, Vice President and Chief Information Security Officer with Openlink

INDUSTRY

  • Software company

MAIN USE CASES

  • Software-Defined Segmentation
  • Visualization of application dependencies and entire enterprise environment
  • Secure hybrid cloud adoption
  • Accelerate troubleshooting, threat detection and response

FEATURES USED

  • Visibility
  • Segmentation
  • Threat detection and response

Read the full story here.

Guardicore Centra is Simple and Easy to Use

Many companies using traditional security methods have found it difficult to implement zero trust, particularly because it is challenging to view and map assets, their behaviors, and their local components. And of course, if you can’t do that, you can’t create logical policies – and therefore, you can’t create effective segmentation rules.

Guardicore Centra makes micro-segmentation simple. With unparalleled flexibility and visibility – real-time and historical – you can quickly and easily visualize your entire environment. Centra offers a wide variety of unique views per use case/user role and intuitive policies so you can implement ring-fencing, internal micro-segmentation, and more.

INDUSTRY

  • Utility Company

MAIN USE CASES

  • Centralized policy management for SCADA and other assets
  • Updated outdated and inefficient third-party access controls
  • Streamlined compliance for regulations and consistent audit management

RESULTS

  • Required only ½ full-time equivalent to run the solution
  • Fully segmented within a few weeks

With Centra, You Can Work At the Speed of Business

Imagine if you could visualize your infrastructure, create policies, and update those policies as needed in weeks, not months or years. With Guardicore, you can! That’s the beauty of not requiring underlying network or infrastructure changes. It’s a real game-changer.
INDUSTRY

  • International bank

MAIN USE CASES

  • Superior visibility
  • Flexible, fast labeling – no IP address or VLAN changes needed
  • Mapping and segmenting more than 10,000 servers

RESULTS

  • 10x acceleration of compliance
  • Zero downtime
  • Significant cost and risk reduction

Beyond Segmentation: Breach Detection, Response Capabilities

Many businesses start using Guardicore Centra for its segmentation capabilities. That said, they often discover soon thereafter that we offer a variety of additional invaluable capabilities that enable them to discover the origin of breaches and respond in hours instead of weeks.

For example, we support such features as:

  • Dynamic detection and response capabilities
  • Reputation and monitoring services
  • Threat and intelligence data

“Guardicore enables us to enhance our overall data center security strategy and help our IT security team to avoid today’s advanced threats.”

~ Marino Aguiar, CIO, Santander Brasil

Learn More About SANS and Guardicore Micro-Segmentation Today
Ready to learn more? Watch the webinar featuring SANS’ analyst Dave Shackleton and our own Dave Klein to find out the detailed SANS analysis and review, or download the Guardicore Centra review paper today.

Guardicore Labs Launches Botnet Encyclopedia to Aid in Global Fight Against Cybercrime

Open Knowledge Base of Persistent Botnet Threats Helps Security Teams Turn Intelligence Into Action; Unknown Decentralized Worm Discovered Upon Launch

Boston, Mass. and Tel Aviv, Israel – June 30, 2020 – Guardicore, a leader in data center and cloud security, today announced that its global research division, Guardicore Labs, has launched the Botnet Encyclopedia. Guardicore’s Botnet Encyclopedia provides a continuously updated universal knowledge base of past and present botnet campaigns researched by the Labs team – many of which previously unknown to the cybersecurity community – showcasing the greatest threats to enterprise security in a single, open location.

The Botnet Encyclopedia is powered by the Guardicore Global Sensors Network (GGSN), a network of detection sensors deployed in data centers and cloud environments around the world, capable of capturing and recording complete attack flows to the highest resolution. The Botnet Encyclopedia is designed to allow security teams, IT teams, researchers and the cybersecurity community at large to better understand and protect themselves from persistent and advanced threats, identified as campaigns.

FritzFrog, a mass-scale attack campaign active since January 2020 in which a sophisticated Golang binary is deployed on brute-forced SSH servers, is one of the first Botnet Encyclopedia campaign entries. Research identifies FritzFrog as a highly concerning peer-to-peer botnet with no centralized infrastructure, rather one whose control is distributed among its nodes. Its discovery as a decentralized worm makes it particularly unusual and dangerous. In addition, the research team identified racist terminology hard coded in the malware.

“FritzFrog is the type of threat that must be recognized as a campaign due to its operational longevity and danger it presents, particularly as a previously unknown threat,” said Ophir Harpaz, security researcher, Guardicore. “It’s our mission to bring these campaigns to light on a rolling basis and provide a level of context unavailable in any other public knowledge base in order to equip the cybersecurity community with the required information to defend itself and mitigate risk. Our research and analysis of FritzFrog is ongoing. We’ve been unearthing new findings into its enterprise impact and attacker attribution on a daily basis. We encourage all contributions, questions and suggestions from the community to enhance our findings into FritzFrog and the entire Botnet Encyclopedia.”

Botnets can be found within the encyclopedia using free-text search, allowing users to search all entries using any type of indicator of compromise (IOC) – IP addresses, domains, file names, names of services and scheduled tasks, and more. Extending beyond common cyber threat intelligence feeds and services, the Botnet Encyclopedia contextualizes advanced threats with tiered analysis including:

Campaign information including name, variants, time frame of identification within the GGSN and links to external resources detailing the campaign.
IOCs associated with the campaign including IP addresses from which attacks originate, IPs and domains holding outgoing attack connections, and files dropped or created as part of the attack.
Full attack flow as it was captured and saved by the GGSN, accompanied by detailed analysis from Guardicore Labs’ global team consisting of hackers, researchers and industry experts.

“Winning the war against cybercrime cannot be achieved by any one individual or organization, it must be a collaborative global effort,” said Harpaz. “Threat intelligence and knowledge sharing has long been the cornerstone of such efforts. With the Botnet Encyclopedia, we are enhancing the ability for teams and organizations to turn intelligence into action with publicly accessible, deep context into the most dangerous campaigns targeting enterprises around the world; past, present and future.”

To learn more about the Botnet Encyclopedia, please visit: https://www.guardicore.com/botnet-encyclopedia/

About Guardicore
Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

The Minimum Viable Controls (MVC) to Secure IaaS and PaaS

The mass move to the cloud over the last few months has been good for digital transformation, but challenging for security. While many companies have successfully transitioned to a more remote-friendly environment, there is still a lack of clarity around the minimum viable controls (MVC) needed to secure IaaS and PaaS.

Speeding the Move to the Cloud

In “ancient” days – as in a couple of months ago – it was obvious that the adoption of public clouds was inevitable. However, it seemed that it would take some time until every organization had a significant presence there. Then came COVID-19.

Even during a disaster, there are winners. Many organizations followed Winston Churchill’s famous quote “don’t waste a good crisis” and accelerated their journey to the cloud on a mission to transform their IT environment.

It was great that they could speed the migration process. It was not so great that many did so without paying enough attention to security requirements and risk mitigation.

Understanding Cloud Security Requirements

According to Gartner analyst Tom Croll, enterprises trying to implement on-premises data center security processes and tools for the cloud are actually inhibiting cloud adoption, slowing their own progress and increasing risk. Using yesterday’s tools to protect today’s cloud infrastructure is risky and creates more damage than benefits. It will not get you the desired results and may even risk your organization.

IaaS and PaaS are provided by the Cloud Service Providers, which have to assure and secure the infrastructure of the cloud itself. We wrote a lot about it in the past, for example here and here. This “shared responsibility model” still leaves your data and critical application exposed and unprotected.

Luckily, modern security solutions – such as Guardicore Centra – are capable of providing the necessary controls required to protect the cloud. Micro-segmentation and zero trust network access (ZTNA) should be implemented when configuring cloud infrastructure, combined with strong IAM, robust encryption, and constant posture management.

The Five Most Important Security Controls You Need to Implement Today

Wondering how to put together an actionable plan for securing your infrastructure? Together with our ecosystem partner SecuPi, Guardicore has created a webinar sharing the five most important security controls that organizations should take in order to ensure that the IaaS and PaaS infrastructure they are using is secure and solid.

View the webinar today and you’ll be on your way to lowering risk and tightening security across your entire environment.

How to Do Micro-Segmentation the Right Way

The evolution of network segmentation and application segmentation has brought about the movement to micro-segmentation. Micro-segmentation adds flexibility and granularity to access control processes. This detail-oriented viewpoint is key, especially as businesses adopt cloud services and new deployment options like containers that make firewalls and other traditional perimeter security less relevant.

Infrastructure visualization plays an essential role in the development of a sound micro-segmentation strategy. When it’s done well, visualization makes both sanctioned and unsanctioned activity in the environment easier for IT teams to identify and understand.

In case you didn’t catch it, the key phrase there was, “when it’s done well.” That’s important, because many businesses don’t know where to start.

What we often hear is:

“We want to better secure our infrastructure by defining tight security policies  – but where do we even start? How can we build policies at the application level for thousands of existing machines, each one developed and deployed by a different person?”

This confusion is understandable in today’s complex environments! Let’s dive into the details and gain some clarity into how to do micro-segmentation the right way.

What is Micro-Segmentation?

Using legacy tools like VLANs for separation is no longer enough in today’s network environments. Every machine – virtual or physical – in every location – cloud or not – must have incoming and outgoing traffic limits. Otherwise, bad actors can easily take advantage of loose policies to move undetected between machines.

Micro-segmentation is the central IT security best practice response to overly-permissive policies. Software-defined segmentation allows companies to apply workload and process-level security controls to data center and cloud assets that have an explicit business purpose for communicating with each other. It is extremely effective at detecting and blocking lateral movement in data center, cloud, and hybrid-cloud environments.

Some solutions facilitate segmentation across physical and virtual data centers by doing distributed enforcement on all east-west traffic. Public cloud offerings also provide limited abilities, and other products fully integrate with these frameworks, moving existing firewall technologies into the data center.

Then there are solutions like Guardicore Centra, which was purpose-built to simplify micro-segmentation and increase agility, while simultaneously increasing security. Centra creates human-readable views of your complete infrastructure – from the data center to the cloud – with fast and intuitive workflows for segmentation policy creation.

So the technology is there, but the question of how to set these policies up remains. How can administrators tell the role of thousands of machines in their data center and decide which specific ports to open to what other machines?

The Old-Fashioned Way to Build Policies

This is how the usual process for building application-specific policies works:

  1. Discover a specific application and the machines it’s running on.
  2. Build security groups for each of the different application tiers (i.e., web/application/logging/DB servers).
  3. Define a tight policy between the different security groups, so only the ports necessary for the application’s proper functioning are open.
  4. Rinse and repeat.

This can be a long and burdensome process, especially without deep visibility into data centers – all the way down to the process level. Administrators and security teams are required to browse endless logs or chase app developers. Obviously, not the ideal way to do things.

A (tiny bit of a) typical firewall log. How easy is it to build a security policy using these?

How to Do Micro-Segmentation Right

Guardicore decided that there had to be a better way to simplify segmentation. That’s why we built a wonderful feature into Centra: Reveal. This feature enables teams to avoid the above-mentioned pain.

Guardicore Reveal provides a full visual map of the entire data center, all the way down to the process level. By using Reveal to focus on specific parts of the data center and identify relations between different servers, admins and security teams can easily discover the running applications, one by one.

A typical 3-tiered application. Note the process information which shows the underlying Tomcat->MongoDB traffic.

Process-level visibility allows users to do a number of things, including:

  • Identify servers with similar roles (which belong to the same tier).
  • Group them together.
  • Push the resulting security groups to a micro-segmentation framework.

The same application — grouped.

Once the users create policy rules tying the discovered applications and security groups, they can see these policies overlaid on Reveal’s visual map. This allows users to test, monitor and optimize their created policies.

Watch the video below to see how it works.

The Easy Way to Achieve First-Class Protection

Micro-segmentation is an essential building block for data center security. By using Guardicore Reveal along with the real-time threat detection provided by the Guardicore Centra platform, data centers can now do micro-segmentation the right way. The result: first class protection, without the hassle.

Cogna Group Migrates Data Center in Record Time With Guardicore

Guardicore technology improves group security both in on-premise and cloud environments; Helps compliance with the Brazilian General Personal Data Protection Act

Boston, Mass. and Tel Aviv, Israel – June 10, 2020 – Guardicore, a leader in data center and cloud security, today announced that Cogna, a leading Brazilian educational group, has chosen the Guardicore Centra Security Platform as the tool to help perform a data center migration for one of its companies. Committed to keeping safe a tremendous amount of information related to students, proprietary materials, teaching systems, services, and application microservices, the Cogna IT team managed to successfully complete the migration in just two weeks.

Alex Amorim, the information security manager at Cogna Group, has embraced the Zero Trust concept as the most efficient way to protect the group’s IT infrastructure, applications, data, and third-party information it holds. To achieve this goal, he needed the detailed workflow segmentation that Guardicore provides, defending Cogna against external threats and from lateral threat movements inside the company’s technology environment.

Growth Challenges and Achieving Compliance
In December 2019, Cogna Group completed the acquisition of Somos, a company devoted to primary and secondary education. The contract with the datacenter provider hosting Somos would expire in one month, creating a short time span for Cogna to integrate all of the Somos data and infrastructure to the Group’s environment, which already hosted three other Cogna Group companies.

As the Guardicore Centra Security Platform had already been implemented to protect Cogna’s companies, the solution was to install the platform in the environment in which the Somos infrastructure was located before migration. Successfully carried out in two-weeks, the migration allowed for Cogna Group’s on-premise equipment to be gathered together in just one location and for the Group’s private cloud to be unified.

To mitigate risk and preserve the organization’s reputation, Cogna is committed to creating a security framework based on the principles of confidentiality, integrity and availability. These principles extend to compliance with the Brazilian General Personal Data Protection Act, ensuring the Cogna Group is ready for its full implementation when it comes into effect. The Cogna Group has been preparing to deploy LGPD since 2018 and see Guardicore’s micro-segmentation capabilities as a great ally in the protection of company data.

Protecting Cloud Managed IT Services
To ensure security against all possible threats, the Cogna Group’s plan is to extend the Guardicore Centra Security Platform to public cloud services. The Group uses multiple public clouds, in addition to its private cloud. As the responsibility for management of cloud IT solutions shifts from the company that provides colocation services to a new service provider, the Group will take the opportunity to increase its security level.

Alex Amorim counts on the Guardicore technology to achieve this goal: “Nano-segmentation is about monitoring access in order to allow only authorized users to access each server and each communication channel between machines. This is the kind of control we must have today.”

“At Guardicore, we strive to make security effective in the easiest and quickest way. Our ability to show how all systems interact allows our customers to make faster and more accurate decisions,” said Fernando Ceolin, Director Sales Engineering, Brazil – LATAM, Guardicore. “In addition, with our ability to control interactions no matter where the workloads are, they can safely make any move they need. These features have proven to be instrumental for customers all over the world who want to develop new zero trust security projects. We are proud and honored to be chosen as Cogna’s preferred security partner.”

To watch the video on how Alex Amorim used Guardicore Centra to rapidly enforce micro-segementation policies on multiple environments, please visit: https://www.guardicore.com/resources/cogna-group-leader-in-education-guardicore-centra-customer-spotlight/

About Cogna
Over 50 years of tradition and pioneering spirit make Brazil’s Cogna Educação a leading global educational organization. Operating under four brands – Kroton, Platos, Saber and Vasta Educação / Somos Educação – the Group provides educational solutions and services for both the B2C and B2B markets. Guided by an innovative educational strategy, Cogna aims at transforming people’s lives through quality education and serves more than 2.2 million students from all over Brazil, from Basic to Higher Education, with over 900,000 students taught directly and 1.3 million students through partner schools and educational institutions. Cogna’s social activities and programs benefit more than 3.07 million people and generate a socio-economic impact of R$ 12.5 billion, helping to transform the communities where it operates.

About Guardicore
Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For
more information, visit www.guardicore.com.

Why Micro-Segmentation Needs to be a Priority for Banks

Micro-segmentation allows financial institutions to achieve a number of key goals while protecting their crown jewels through a single, straightforward approach.

Financial institutions have a strong requirement for cost-savings through automation, resources optimization, and agile technologies. They need a solution that can increase security while also promoting operational efficiency.

Moreover, financial institutions have always been prime targets for crime. According to Forbes, cyberattacks cost financial institutions more to address than firms in any other industries. Given that remote and indirect transactions are the norm these days, attackers have even more opportunities to break through perimeter security. This further increases the risk of breach and the remediation costs.

How can banks use micro-segmentation to solve these issues? Let’s take a look.

What are the cyber-security challenges banks face?

Managing cyber security controls in financial services is a complex task. There are numerous drivers that make the work time-consuming and resource-heavy, such as:

  • There are country- and state-level cyber security requirements that need to be followed, not to mention vendor security mandates and various privacy regulations. Altogether, they impose a vast number of reporting and risk-management challenges.
  • Modern banking heavily relies on a large number of third-party applications, partners, and outsourcing vendors accessing the data center via a variety of access routes.
  • The evolving network infrastructure leaves organizations with a cloud technology and legacy systems mix, in a tangled environment that is hard to visualize, audit, and protect.

All those factors combined with a multitude of tools, users, and outside pressures makes financial institutions especially vulnerable to cybercrime.

Enabling digital transformation for better customer service and availability leads to even more ways for banks to be vulnerable to fraud and unauthorized transactions. Customers are well aware of these growing issues and want reassurance that their privacy and finances are protected.

“Customers are becoming increasingly aware of cybersecurity threats and they expect their banks and credit unions to secure and protect their private financial information.”
~ Credit Union Council (CUC), FS-ISAC, 2019

“Banks have validated this trend by reporting that losses due to operational disruption and losses in customer trust are more financially damaging than losses due to regulatory fines.”
~ Deloitte and FS-ISAC Cybersecurity Benchmarking Analysis, 2019

Four ways banks can benefit from micro-segmentation

The best way to address these challenges is to create a single pane of glass for security, with complete network traffic visibility and full isolation of the digital crown jewels. Using flexible, quickly deployed, and easy-to-understand micro-segmentation controls, financial institutions can protect their core assets simply and effectively.

In order to get the most from a micro-segmentation solution, there are four critical steps to take:

1. Simplify and accelerate regulatory compliance

To achieve this goal, start by mapping everything and isolating all compliance-related applications and systems. Granular visualization will help you understand how best to reduce the risk of breaches quickly and easily.

2. Protect your essential systems

Separate critical applications such as money transfers, payments, and customer applications from the general IT infrastructure.

3. Prevent unauthorized lateral movement

Properly isolate IoT and third-party access. In addition, manage access routes and terminate access at the target applications, preventing further movement within the data center.

4. Adopt Cloud, PaaS, and other emerging technology cost-effectively and securely

Use a single pane of glass for visibility and setting security policy across all infrastructures. In addition, be sure you enforce security via a unified set of tools.

How micro-segmentation works in real life

Need proof that the micro-segmentation approach works? Here is an example of a Guardicore customer – a US regional bank – which was able to produce vast improvements utilizing Guardicore Centra’s visualization and micro-segmentation capabilities.

This bank had a few initiatives in place:

  • Comply with the Fedline mandate to isolate any Fedline Service-connected application from general IT.
  • Ring-fence ten of their most critical applications to significantly reduce cyber risks and ensure business continuity in case of breach.
  • Limit third-party access to enforce Zero Trust access controls.
  • Make it possible to migrate applications securely to the cloud.
  • Maintain a single set of security controls across the entire hybrid infrastructure.

With a single security architect, over the course of two months, the customer was able to meet all of their goals beyond original expectations. Ultimately, they were able to:

  • Achieve granular east-west traffic visibility.
  • Ring-fence their business critical applications.
  • Restrict and properly route third-party access.
  • Map applications’ dependencies for seamless cloud migration.
  • Achieve full process automation with the DevOps integration.

Looking for more? Here’s what some of our other customers have to say:

“Guardicore enables us to enhance our overall data center security strategy and help our IT security team to avoid today’s advanced threats.”
~ Marino Aguiar, CIO, Santander Brasil

“Deutsche Bank is committed to the highest standards of security, and a high priority for us is implementing tight network segmentation in our on-premises and cloud environments. Guardicore gives us an effective way to protect our critical assets through segmentation.”
~ Alan Meirzon, Director, Chief Information Security Officer

Use micro-segmentation to protect your crown jewels today

With simple and easy to manage micro-segmentation controls, financial institutions can reduce attack surface and quickly detect breaches within the data center. Deep visibility into applications’ dependencies and traffic flows helps to enforce precise network and process-level policies that isolate critical applications and systems.

Don’t forget to look for a tool that provides complete security coverage for applications, regardless where they reside. After all, most financial institutions need to protect workloads that span across platforms and environments: on-premise, legacy and bare metal, VMs, containers, and public and private clouds (including Amazon Web Services, Microsoft Azure, Google Cloud and Oracle Cloud Infrastructures).

Want to delve into more details? Watch the Regional Banking Webinar and learn more about how Guardicore can help you today!


Securing the Edge with Micro-segmentation and NVIDIA EGX

In recent years, the “Edge” has taken on a vital role in cloud computing. The Edge represents the growing need to deliver a better cloud model that enables locations and methods to place workloads, compute, storage, applications and data closer to the point of action.

Cloud edge computing moves the processing closer to the user and IOT devices, where the data is generated and consumed. This solves the problem caused by these highly distributed edge sites, by minimizing latency, maximizing bandwidth, and performing computation and data compression right at the point of action. Edge computing even addresses compliance requirements which can vary between different states and countries.

The Edge is decentralizing the cloud itself and creating a better model to support emerging use cases like self-driving cars, augmented reality (AR) and virtual reality (VR), connected homes and offices, 5G and more.

Guardicore is excited to partner and work together with NVIDIA to leverage their high-performance, cloud-native NVIDIA EGX Edge AI platform to deliver AI, IoT and 5G-based services efficiently, powerfully, and securely.

  • There are many verticals that can benefit from Edge computing. Here are just two examples:
    Healthcare organizations can run machine learning and analytics models on their health management platforms, especially where low latency processing requirements dictate that they remain on-premises. When it’s time to retrieve data, this information is stored locally and therefore quick to retrieve.
  • Financial services are another vertical that can leverage edge computing to handle the real-time processing of data that must reside within the confines of local data requirements.

Decentralizing the cloud has many benefits, but it also creates and amplifies the security challenges that are already present in the cloud. The distributed cloud edge creates a larger attack surface, spread across diverse IOT technologies and multiple unprotected physical locations. This provides attackers more opportunities to penetrate the organization and achieve their malicious goals.

Edge-related security challenges are compounded by the accelerating pace of change of infrastructure and the more dynamic application deployment models required to support the Edge. (But this is a topic for a different blog post).

In other words, the security of the cloud, which has always been a top priority, is becoming even more important with Edge.

To address these unique challenges, security must be built into the edge to ensure quality and transparent operations across the entire extended organization: at the core data center, public cloud, and the Edge.

Ironing security into workloads, compute, storage, critical application, and data in any environment and any platform is considered a huge challenge.

Fortuitously micro-segmentation has recently become available, and when implemented correctly, addresses the security challenges inherent in the distributed and decentralized nature of the Edge. Gartner recently named micro-segmentation as one of their top 10 security initiatives. They cited micro-segmentation’s ability to reduce risk and protect the critical assets and information that matter most to the business.

Gartner also described micro-segmentation as being well suited for thwarting “the spread of data center attacks in both on-premises and cloud environments.”

Micro-segmentation is a granular way to create secure zones in data center and cloud deployments, allowing workload isolation and protection. Since legacy perimeter protection is painfully inadequate, micro-segmentation is an essential technology to implement a zero-trust security model. Furthermore, it provides both real-time and historical visibility to understand application dependencies and then easily create network and application security policies based on various business owner contexts.

The cloud killed the enterprise’s legacy perimeter and the Edge is killing the cloud’s perimeter, making micro-segmentation more important for securing the distributed, hybrid cloud that includes an Edge component.

Micro-segmentation, when well-executed, provides benefits at the earliest stages of deployment. Many enterprises start out with easily implemented and achievable projects that eliminate the most fundamental risks first. Whether separating development environments from production, isolating a compliance-driven infrastructure or series of applications from the non-compliant ones, or merely segmenting most critical applications first, these early-stage projects provide the enterprise with immediate value and measurable gains.

It’s important to select a micro-segmentation approach that works consistently across multiple cloud providers. By decoupling security from the cloud infrastructure provider, organizations can prevent vendor lock-in from driving costs up and avoid unnecessary complexity when mergers and acquisitions create mixed cloud environments.

Our solutions are able to address both the security and performance requirements by taking advantage of the advanced hardware capabilities of NVIDIA Mellanox BlueField and NVIDIA Mellanox ConnectX SmartNIC technology, which include dynamically reconfigurable firewall offloads in hardware, encryption offloads and the ASAP2 flow engine for virtual switching offloading. We are excited to see secure NVIDIA Mellanox ConnectX adapters being integrated into the new NVIDIA EGX Edge AI platform, and look forward to the benefits that secure, accelerated computing will bring to the edge.