Welcome to San Francisco. RSA 2020, Here We Come!

Since the early 1990s, RSA Conference has established itself as the destination where the world talks security.

I’ve attended RSA Conference for more than 15 years with roles at various companies: large and small, newly created and already established, public and private, stealthy or well-known. And even though the city I liked a lot is changing its face I still like to attend this event in San Francisco: I enjoy watching how our industry is growing and changing. The RSAC as we like to name it, feels like a big, warm, sometimes cheezy overcrowded wedding. RSAC is where the global security “community” participates in our annual networking events.

The “action” takes place on the expo floor, the surrounding restaurants where one can meet teammates he hasn’t seen for a while as well as the hotel bars and suites. The weather is expected to be sunny so I expect a lot of casual meetings on the surroundings of the Moscone Center.

For me, the real value is the networking opportunity and our (read:my) ability to learn new things from anyone that is willing to talk with me: job seekers, tire-kickers, prospects, ecosystem partners, colleagues and customers. The collective intelligence that is surrounding us is amazing and invaluable.

Obviously I was quite disappointed to learn about IBM Security’s decision not to attend the conference. I am sure that it was not an easy decision and yet, in my opinion it is a mistake and I’m happy to explain my reasons to anyone that will DM me.

And of course, we will be demonstrating our newest innovations. In my opinion, we have achieved some product achievements that will really blow your mind. I’m looking forward to meeting you all at the conference ! See us at the Guardicore Booth #4319, North Hall, Moscone Center.

Hybrid Cloud Security on Your Terms

Mellanox and Guardicore Deliver Agentless and High-Performance Micro-segmentation for Securing Hybrid Cloud Environments

This article was created and published in partnership with Itay Ozery, Director of Product Marketing at Mellanox Technologies

The face of the enterprise datacenter has changed dramatically in recent years. Business-critical applications, data confidentiality and the advent of digital products and services are among the driving forces behind today’s emerging data-center architectures. Sometimes it is easy to think about this change as transformation from 10G to 25G, 40G and 100G but actually it is more than that.

The face of the enterprise datacenter has changed dramatically in recent years. Business-critical applications, data confidentiality and the advent of digital products and services are among the driving forces behind today’s emerging data-center architectures. Sometimes it is easy to think about this change as transformation from 10G to 25G, 40G and 100G but actually it is more than that.

Although public cloud adoption is progressing rapidly, public offerings have not taken over a big piece of the enterprise pie. A recent Gartner research report indicates that less than 20% of total IT expenditure was allocated to public clouds in 2019. Bank of America’s CEO stated in late 2019 that the financial services corporation had saved $2 Billion per year by building its own cloud infrastructure. Aside from the dominant cost factors, some workloads must remain on-premise, due to regulatory and/or compliance reasons, while other legacy applications cannot be migrated to the cloud due to their nature/design. Breaking it all down, the prevailing approach of most enterprise leaders today, and most likely in the years to come is a hybrid-cloud strategy that typically involves a multi-tiered IT environment comprising both on-premises datacenter(s) and cloud service provider(s).

While hybrid clouds provide a cost-effective and agile solution, they also expose organizations to a cyber threat landscape that is broad and continuously changing, fast beyond what the guards can respond to with traditional security tools. Thus, a holistic approach is needed for enterprises to enhance their security postures and achieve robust and complete protection. Only solutions that protect all types of workloads, at any speed and against both current and future threats, can deliver the highest levels of security, integrity and reliability in the hybrid cloud era.

Micro-segmentation Emerges to Secure Hybrid Clouds

Micro-segmentation is an emerging datacenter and cloud security best practice that enables enforcement of fine-grained security policies for any network in a multi-, hybrid cloud environment. It provides many advantages over the traditional approaches of using VLANs for network segmentation and firewalls for application separation. Micro-segmentation uses software-defined controls, running on each node to provide individual workload isolation and protection reducing risks and simplifying security management. These advantages are key as enterprises adopt a hybrid cloud approach consisting of cloud services from one or multiple vendors while maintaining their own datacenters. The rise of cloud-native applications where microservices architectures and containers create new communication frameworks reinforce the need for elastic micro-segmentation implementation. Guardicore, a leader in the internal datacenter and cloud security realm , offers Centra, a comprehensive hybrid cloud security solution that delivers the simplest and most intuitive way to apply micro-segmentation controls to reduce the attack surface and detect and control breaches within east-west traffic.

Our network visualization providing flow and application-level monitoring, is both the basis for resilient micro-segmentation, and achievable through a variety of agent- and network-based techniques. However, there could be use cases when deploying agents is neither possible nor desired due to the nature of the application, identity of the workload owner and even intercompany organization challenges. Some application environments, like in high-frequency trading, are optimized for high-performance, low-latency transactions. In such use cases, even a minimal 3% impact renders the use of agents inefficient and thus, cannot be tolerated. Other businesses with a track record of failed agent deployment may be reluctant to try a different one. The result is a lack of visibility, which leaves enterprises with infrastructure silos where security policy enforcement cannot be applied.

So, here’s an idea: what if we could leverage the intelligent I/O processing units (IPU) from Mellanox to gain visibility into every workload, and enforce micro-segmentation without installing agents, impact performance or increase network latency?

Software-Defined Micro-segmentation Meets Hardware-Defined Isolation and Acceleration

The combination of Mellanox’s BlueField IPU-based SmartNICs with Guardicore Centra Security Platform creates a unique value proposition: No need to install agents on servers. No impact on server/application performance. A software-defined, hardware-native security policy enforcement at wire speed, fully isolated from the workload itself. The joint solution is ideally positioned to those environments in which deploying agents is not permitted:

  • HFT, latency-sensitive applications
  • Bare-metal clouds
  • Mainframe
  • Network-attached storage


We are excited to partner with Mellanox to deliver an agentless and high-performance micro-segmentation solution for hybrid cloud environments. This solution offering is the result of best-of-breed silicon capabilities, software IP and amazing engineering teams at our companies and is the first out of many innovative cyber security solutions we bring to market – stay tuned for more in 2020 and beyond!

Mellanox will be presenting our joint solution at the upcoming RSA Conference, February 24-27 in San Francisco, CA (North Hall #4525)

Guardicore’s booth is located few meters away – North Hall #4324

Learn more about agentless, high-performance micro-segmentation for securing hybrid cloud environments:

Guardicore Expands Its Centra Security Platform to Protect Cloud Native Applications and Simplify Segmentation Policy

Guardicore Centra Version 5 Introduces Expanded Coverage for Cloud-Native Applications and PaaS and AI-Powered Segmentation

Boston, Mass. and Tel Aviv, Israel – February 21, 2020 – Guardicore, a leader in internal data center and cloud security, today announced several new capabilities in its Guardicore Centra Security Platform designed to help security architects visualize, segment, and protect cloud-native applications while further simplifying the process for reducing risk to mission-critical business applications through segmentation. 

Building on its broad security coverage across hybrid data center environments, Guardicore protects cloud-native applications, including serverless computing and Platform as a Service (PaaS). This enables security teams to visualize and control access to cloud-native applications from the same Guardicore Centra Security Platform where they secure applications running on bare metal systems, virtual servers, Infrastructure as a Service (IaaS) and containers. This provides security professionals with a single platform, giving them a single view of all applications and flows, and a single, consistent dashboard to create, update and enforce policies, dramatically simplifying security policy management in hybrid data center and cloud environments.

“Cloud-native application development is rapidly becoming the new standard for quickly building and scaling new business applications and optimizing existing ones,” said Pavel Gurvich, Co-founder and CEO, Guardicore. “Until now, providing adequate protection of PaaS services such as AWS S3, Azure SQL, and GCP Cloud Run has required standalone security tools to properly visualize access to these services and apply access control policies, resulting in inefficient security policy management across hybrid environments. Guardicore has simplified this by integrating cloud-native support into the Guardicore Centra Security Platform. This allows security to keep up with the pace of DevOps while maintaining the appropriate levels of security to protect sensitive data and applications.”

Security for Cloud-Native Applications

The Guardicore Centra Security Platform secures the production and operational elements of cloud-native applications by enabling IT security teams to visualize access to PaaS services, by  user, system or cloud service, providing a visual map of all interactions between those services, including application flows. Guardicore segmentation policies then control access to cloud resources to ensure only sanctioned users and systems are allowed, blocking any unauthorized access, and reducing the attack surface of cloud-native applications. 

Guardicore Centra uses multiple methods for data collection and policy enforcement for cloud-native applications, including cloud-native access control policies, cloud APIs, Guardicore agents, and utilizing code instrumentation mechanisms for serverless functions. This provides the ultimate flexibility in how to apply least privilege and reduce the attack surface of cloud-native services.

AI-Powered Segmentation

Whether deployed in existing on-premises data centers or in the cloud, segmenting applications often requires IT to manually classify assets and write segmentation rules to achieve the proper level of security. Guardicore already provides an intuitive, integrated workflow to minimize manual effort, but by leveraging AI, Guardicore Centra version 5 further accelerates and simplifies segmentation and ongoing policy management.  Guardicore Centra’s AI-powered segmentation makes asset classification even easier and reduces the time and effort needed to apply a segmentation policy to new or existing applications.

Based on intelligence collected from tens of thousands of applications and millions of flows from Guardicore customers, and combined with AI-based algorithms, Guardicore Centra provides asset classification and policy assistance in three main areas:

  1. Automatic prioritization recommendations for application segmentation. Guardicore Centra automatically provides recommendations on which applications to segment first, based on Guardicore’s continuous analysis of the applications that represent the greatest risk reduction opportunities.
  2. Scoping and classifying applications.  To help reduce or even eliminate manual processes for labeling assets and components of a particular application, Guardicore Centra automatically discovers, scopes and provides recommendations for how to label an application for easy and seamless classification.
  3. Automatic segmentation policy recommendations. Guardicore Centra provides segmentation rule recommendations based on known application behavior and a pre-defined set of policy templates for common applications. For example, for Splunk users, Guardicore Centra will provide a pre-defined set of rules for securing this application with minimal to no human intervention. This provides a quick and easy way to reduce the risk without having to write new rules or rewrite rules for another application. 

Guardicore will preview new features at the RSA Conference in San Francisco, CA, February 24, 2020 – February 27 in Guardicore Booth #4319.

About Guardicore Centra

Guardicore Centra is a comprehensive data center and cloud security solution that delivers the simplest way to apply micro-segmentation controls to reduce the attack surface and detect and control breaches within east-west traffic. It provides deep visibility into application dependencies and enforces network and process-level policies to protect critical applications, in any environment.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Guardicore Threat Intelligence Firewall Hardens Security Policies in Modern Data Centers

Integrated with Guardicore Centra, Smart Firewall Continually Updated with Global and Local Source Data

Boston, Mass. and Tel Aviv, Israel – February 20, 2020 – Guardicore, a leader in internal data center and cloud security, today announced the availability of its Guardicore Threat Intelligence Firewall feature, integrated into its Guardicore Centra Security Platform. The Threat Intelligence Firewall goes beyond traditional firewall measures to help harden security profiles in complex cloud environments. Managed through Guardicore Centra’s segmentation rules dashboard, it identifies and blocks incoming and outgoing connections to known malicious IPs, limiting the network attack surface and eliminating attacker activity before it reaches critical assets in the data center.

 “With our Threat Intelligence Firewall, we eliminate suspicious activity before it even reaches our customers’ data centers,” said Ofri Ziv, Guardicore Vice President of Research and head of Guardicore Labs. “Automatically configured in Guardicore Centra, our Threat Intelligence Firewall is a smart firewall that is continually updated with new data about malicious IP addresses and domains, collected by threat intelligence sensors deployed in live production data centers and cloud deployments across the globe. By identifying, flagging and/or blocking the latest attack, scan, and command and control (C&C) threats, it gives customers the ability to easily and confidently reduce risk by preventing bad actors from gaining access to the data center environment.”

With this new feature, Guardicore Centra is the only host-based segmentation platform to block traffic from malicious IP addresses identified through both its global network and local customer sources. Guardicore Threat Intelligence Firewall adds another layer of defense for security teams using the Guardicore Centra Security Platform to deploy simple and intuitive micro-segmentation controls that reduce the attack surface and detect and respond to breaches within east-west traffic. Guardicore customers benefit from:

  • Early warning about a compromised environment through instant block or alert:
    Instant notifications provide accurate and real-time information that a customer environment has been compromised, allowing faster response.
  • Up-to-date intelligence about the newest threats:
    Lists of malicious IPs are updated daily with the latest attack, scan, and C&C IPs.
  • Reduced exposure to malicious actors:
    Drastically reduce your attack surface to malicious actors that attempt to attack, scan, or make a C&C connection with your organization.

The Guardicore Threat Intelligence Firewall leverages data consumed from Guardicore’s Cyber Threat Intelligence feed, a publicly available resource tracking potential threats specific to data center and cloud infrastructure, eliminating false positives. For more details visit Guardicore’s blog

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Introducing Guardicore Threat Intelligence Firewall

The Threat Intelligence Firewall is a new Guardicore Centra feature that blocks incoming and outgoing connections to known malicious IPs, eliminating malicious activity before it reaches your data center. To be up-to-date with the most recent threats, the list of known malicious IPs is updated once a day. 

Guardicore’s Threat Intelligence Firewall is based on our recently launched CyberThreat Intelligence (CTI), a service that offers unique information on malicious IP addresses and domains. The data is collected by Guardicore’s threat intelligence sensors installed in multiple data centers, organizations and cloud providers worldwide. More.

What Types of IP Addresses We Block

Guardicore’s Threat Intelligence Firewall blocks three types of IP addresses: 

Attackers IPs
An Attacker IP is a machine that has managed to breach Guardicore’s threat intelligence sensors and executes attacks on them such as malware dropping, scanning internal subnets, modifying system files etc.  

Scanners IPs
A Scanner IP is a machine that accesses one or more services across one or more subnets monitored by Threat Intelligence Sensors. This way we prevent the mere possibility of scanning your network which is normally one of the first steps of an attacker while looking for easy targets. 

A C&C IP is a machine that attackers connect to after breaching our Threat Intelligence Sensors. This way we prevent the attacker from communicating with its C&C servers which will ultimately cut the chain of attack.

These three types of IP addresses are grouped into three labels – Top Attackers, Top Scanners and Top C&C:

The Guardicore Threat Intelligence labels

Stopping Attackers at Bay

Updated daily, these IP blacklists are automatically fed into Centra to create rules to alert and block communications. We block incoming and outgoing connections to and from any port and process.

Threat Intelligence Firewall Block Policy Rules

Example of the TI FW block policy rules

The Threat Intelligence Firewall rules take precedence over standard Allow, Alert, and Block rules so they don’t conflict with any other security policies you may have in place. 

How do I know if a connection was blocked by the Threat Intelligence Firewall?

For any firewall blocked connection an incident is created. The Threat Intelligence Firewall incidents are located under Centra’s Policy Violations section and are tagged with the Threat Intelligence Firewall tag. But what does a Threat Intelligence Firewall incident mean? Well, it depends. Let’s distinguish between policy violation incidents that are generated by an inbound connection as opposed to an outbound connection. 

Inbound Connection Incident

If an inbound connection has been blocked, you shouldn’t be worried – you’ve been scanned by a compromised server. Check Guardicore Cyber Threat Intelligence to find out more about the attack you’ve just avoided. 

A policy violation incident generated by an inbound connection.

Outbound Connection Incident

An outbound connection to a malicious destination means that you’ve probably been hacked. In that case, you should find the source of the attack. Consult with Guardicore Labs security experts at labs@guardicore.com.

How to Get Guardicore Threat Intelligence Firewall

This feature is an enhancement offered to Guardicore customers upon request. If you are interested in this solution, contact our customer success team at support@guardicore.com. If you’re not yet a customer and interested in more information, contact us at labs@guardicore.com.

If You’re Benefiting from a Zero Trust Mentality for your Applications and Workloads, it’s Time to Think About your Users

According to the 2019 State of the Internet report, hackers made 30 billion attempts to attack businesses via successfully stolen credentials in 2018. Up to 2% of these attempts were successful. From just one entry point, the attackers were then able to make movements across an enterprise network, achieve fraudulent transactions, or take advantage of the business with malicious intent.

Once your organization has shored up its outer walls, and segmented the core applications that are business-critical, your people are your last line of defense. However, this doesn’t make this part of your security arsenal any less essential. As the Zero Trust eXtended framework says, “Most breaches are ultimately an inside job.” You don’t need an angry employee with an axe to grind, all you need is one instance of credential theft, and a flat network that’s easy to leverage for lateral movement within your data center.

Attacking this Head-on with your Zero Trust Model

A strong Zero Trust security strategy will include strict enforcement of user access, as well as authentication and monitoring of user behavior and movements, both within the data center and as users connect to the web. Governance of each user’s access and their privileges means that even if the worst happens and their credentials are successfully stolen, there is no way for an attacker to escalate this breach, or to make movements outside of what that specific user is entitled to access.

Think about an HR employee for example. An individual working in the HR team will need access to all the data and applications that are relevant to their role, and might also need permissions to certain financial systems for payroll, or applications that handle candidate information for on-boarding. However, they do not need extended access to anything outside of this, including other financial applications outside of their own purview, or further sensitive data connected to current employees such as medical information. In the same way as your workloads are isolated using micro-perimeters, your user access can follow suit, allowing each employee to access just what they need, and nothing further.

Features of a Strong Solution for User Identity that Leverages Zero Trust

Following the Forrester guidelines for a Zero Trust model, here’s how your security solution can check all the boxes for identity and access management, and achieve this high level of granularity and control. Whichever features you opt for, make sure that your solution can work seamlessly across any platform or infrastructure, and takes immediate effect on both active and new sessions of user activity. Without these two cornerstones, you’re starting from a place of blind spots and security gaps. With them, you’re well placed for success from the start.

  • Isolate user interactions: Using an Active Directory User Group, intelligent micro-segmentation can isolate user access exactly the way we described above, giving specific users access to certain servers and applications via specific ports and processes. This access control can be enforced between workloads in the same segment of the network, and even allows for simultaneous connections from the same server/Jumpbox.
  • Third party access management: User groups can support enforcing specific policies for each third-party connection, strengthening security where it’s weakest, while allowing the benefits of third-party integrations and partnerships. Define policies for the data center at large, as well as individual applications and workloads, providing access to just what each user needs – and no more.
  • Privileged identity management: Especially when it comes to administrative usage, this is an essential area for credential security. Admin/root access passwords are often left unchanged, and can be an open door for attackers to gain a foothold. When testing your network for weaknesses, it’s important to look at propagating using root passwords, as well as where attackers could move laterally from the initial breach.
  • Two-factor authentication: 2FA has become a baseline, heavily reducing the risk of credential compromise. If it isn’t already in place in your organization – it should be. If your managers worry that people will feel slowed down by this essential security tool, remind them of ordinary 2FA tasks that we all consider the norm, such as taking money out of an ATM with a bank card and a pin number. Soon, 2FA will be this equivalent for the workplace.
  • Web security: Phishing scams are becoming increasingly sophisticated and manipulative, and you can’t always rely on employee education to help users spot attacks ahead of time. Strong security solutions will include web security gateways that block user access ahead of time to any malicious websites.
  • User behavior analytics: You can learn a lot about the way your employees act from monitoring ‘business as usual,’ which can then help to build policy that learns from your real employees, and can alert you to anomalous actions. This could be anything from a login at an unusual time of day, to credential use when an employee should be on vacation.

Following the Zero Trust eXtended pillars is best-practice for protecting your network and its users from external and internal threats. This includes a Zero Trust model for more than just networks, applications and data alone. User Identity Access Management is a key part of your Zero Trust strategy, managing individual user access, simultaneous connections, and third-party access management. When done right, this can all be achieved from the same core technology that handles your application segmentation. This lessens the learning curve and streamlines your overall security posture with a truly holistic approach to Zero Trust.

Want to find out where your network stands when it comes to achieving a Zero Trust security strategy? Check out Infection Monkey: Zero Trust Edition, an open-source tool that can get you quick answers and recommendations in line with Forrester’s best-practices. And download our paper on how to get to zero trust implementation faster.

Read More

Are You up to Date with the Latest Guardicore Cyber Security Ecosystem News?

2019 was an incredible year of growth and innovation for Guardicore and the world-class technology ecosystem that passionately supports it. The future for software-defined cloud and data center security transformation looks more attainable than ever. A growing number of technology vendors, both large and small, now work with us to deliver joint solutions to solve some of the biggest cyber security pain points of today’s enterprise customers.

We are honored to have some of the world’s most well-known companies as our customers, and to work together with them to secure their most critical assets as part of their digital transformation strategy. These customers build, run and manage an integrated set of applications and services to deliver a unique experience for their own internal and external customers in turn. Guardicore, alongside our technology alliance partners provides a pragmatic enterprise-ready solution that allows our customers to embrace a complex and innovative hybrid cloud environment, both culturally and through technology. As we continue to evolve in this new year, I wanted to mention and highlight a few updates.

Cloud Updates:

Guardicore is now available on the Microsoft Azure marketplace as a preferred solution after earning an IP co-sell status. Customers worldwide can now gain access to the Guardicore Centra security platform directly from the Azure marketplace.

Guardicore was selected to join the AWS’ Outpost announcement. Outposts are developed, installed and deployed by AWS on customer premises and managed as if they are part of the cloud. Read more about it in our recent blog.

Don’t miss the recent AWS and Guardicore Webinar featuring our own Dave Klein and Moe Alhassan, Partner Solutions Architect at AWS, on securing and monitoring critical assets and applications on AWS.

Native Cloud Orchestration Updates:

Guardicore now provides out-of-the-box native integration with all large Cloud Service Providers: Amazon Web Services, Microsoft Azure, Google Cloud Platform and Oracle Cloud Infrastructure. This is in addition to VMware and OpenStack integration and support for other orchestration services via built-in RESTful API. This allows our customers to truly embrace and use a hybrid cloud infrastructure, allowing them to migrate from on-premises data centers to any cloud or clouds choosing the right technology that meet their needs, whether that’s hosted servers, IaaS, PaaS or hybrid.

New Eco-system Product Certifications:

We are happy to announce that the Splunk application for Guardicore has passed the Splunk certification process. The application and the add on are now available directly from Splunkbase. Guardicore integration is available for version 7.3 and above, including the newly released Splunk version 8.x

Guardicore Centra is now listed in the SUSE catalogue which you can find here, and is a proud member of the SolidDriver program. It is also available in the IBM Global Solution Directory.

Identity Management Updates

Guardicore completed an integration as well as product certifications with Privileged Access Management solution provider CyberArk (Centra Privileged Session Management plugin available from the CyberArk marketplace) and identity providers Okta, Duo, Ping Identity, Ilex International, and Redhat SSO using SAML and Active Directory Integration. To learn more about using Guardicore Centra with CyberArk read our blog on the integration.

On-premises Virtual Desktops and Desktop-as-a-Service

Guardicore Centra is validated as Citrix ready for Citrix Virtual Apps and Desktops and is listed in the Citrix Ready Marketplace. You can read more about it in this blog. In addition, we have shared information on how Centra can be used to segment users on Amazon Workspaces (DaaS).

We’re also excited about the future innovation that will be announced and demonstrated later this year. As our technology partners continue to work with us to deliver integrated solutions, you can expect more exciting announcements. Stay tuned and keep up with our blog for the most up-to-date information.

Want to learn more about how Guardicore micro-segmentation can help you protect AWS workloads? Download our white paper on supplementing cloud security and going beyond the shared security model.

Read More

When Firewalls & Traditional Segmentation Fail, What’s the Next Big Thing?

Ask many of today’s enterprise businesses what the most important factors are to remain competitive in their industry, and you’re likely to get an answer that includes both speed and innovation. There’s always another competitor snapping at your heels, and there aren’t enough hours in the day to get down your to-do lists. The faster you can go live with new features and updates, the better.

For many, this comes at a severely high price – security. If speed and innovation are the top items on the agenda, how can you balance this with keeping your sensitive information or critical assets safe? Of course, pushing security onto the back burner is never a solution, as increased risk, compliance and internal governance mandates will continually remind us.

A fellow cybersecurity evangelist Tricia Howard and I discussed this conundrum a while back. She came up with a terrific visual representation of this dilemma which can be seen in the Penrose Triangle, below. This diagram, also known as the ‘impossible triangle’ is an optical illusion. In this drawing, the two bottom points, speed and innovation, make the top point, security, seem like it’s further away – but it’s not.

penrose triangle

Penrose “Impossible” Triangle. Used in an analogy to modern IT challenges as proposed by cyber evangelist Tricia Howard.

First, let’s look at how organizations are achieving the speed and innovation corners of this triangle, and then we can see why securing our IT environments has become more of a challenge while still an ACHIEVABLE one.

Understanding the Cloud and DevOps Best Practices

There are two key elements to the DevOps process as we know it today. The first one is simplifying management by decoupling it from underlying platforms. Instead of managing each system/platform separately, DevOps and Cloud best practices seek solutions that provide an abstraction layer. Using this layer, enterprises can work across all systems, from legacy to future-focused, without impediment. It’s streamlining that has become essential in today’s enterprises which have everything from legacy, end of life operating systems and platforms, to modern virtualized environments, clouds and containers.

Secondly, DevOps and Cloud best practices utilize automated provisioning, management and autoscaling of workloads, allowing them to work faster and smarter. These are implemented through playbooks, scripts like Chef, Puppet and Ansible to name a few.

Sounds Great, but not for Traditional Segmentation Tools

These new best practices allow enterprises to push out new features quickly, remain competitive, and act at the speed of today’s fast-paced world. However, securing these by traditional security methods is all but impossible.

Historically, organizations would use firewalls, VLANs and ACLs for on-premises systems, and then virtualized firewalls and Security Groups in their cloud environments. Without an established external perimeter, with so many advanced cyberattacks, and with dynamic change happening all the time, these have now become yesterday’s solution. Here are just some of the problems:

  • Complex to manage: Having multiple systems just isn’t realistic. Using Firewalls, VLANs and ACLs on-premises and security groups in the cloud for example means that you have multiple systems to manage, which add to management complexity, are resource intensive and do not provide the seamless visibility required. The rule-sets vary, and can even contradict one another, and you don’t know if you have gaps that could leave you open to unnecessary risk.
  • Increased maintenance: Changes for these systems need to be carried out manually, and nothing less than automation is enough for today’s complex IT environments. You may have tens of thousands of servers or communication flows to handle, and it’s impossible to do this with the human touch.
  • Low visibility: For strong security, your business needs to be able to see down to process level, include user/identity and domain name information across all systems and assets. With a lack of basic visibility, your IT teams cannot understand application and user workflows or behavior. Any simple change could cause an outage or a problem that slows down business as usual.
  • Platform-specific: For example, VLANs do not work on the cloud, or Security Groups won’t help on-premises. To ensure you have wide coverage, you need a security solution that can visualize and control everything, from the most legacy infrastructure or bare metal servers all the way through to clouds, containers and serverless computing.
  • Coarse controls: The most common traditional segmentation tools are port and IP-based, despite today’s attackers going after processes, users or workloads for their attacks. Firewalls are innately perimeter controls, so cannot be placed between most traffic points. While companies attempt to fix this by re-engineering traffic flows, this is a huge effort that can become a serious bottleneck.

Introducing Software-Defined Segmentation: An Approach That Works with DevOps From the Start

With these challenges in mind, there are security solutions that take advantage of DevOps and cloud best practices, and allow us to build an abstraction layer that simplifies visibility and control across our environment in a seamless, streamlined fashion. One that allows us to take advantage of DevOps and cloud automation to gain speed as well.

Software-defined segmentation is built to address the challenges of traditional tools for the hybrid cloud and modern data center from the start. Just like with cloud or DevOps processes, the visibility and policy management is decoupled from the underlying platforms, working on an abstraction layer across all environments and operating systems. On one unique platform, organizations can gain deep visibility and control over their entire IT ecosystem, from legacy systems through to the most future-focused technology. The insight you receive is far more granular than with any traditional segmentation tools, allowing you to see at a glance the dependencies among applications, users, and workloads, making it simple to define and enforce the right policy for your business needs. These policies can be enforced by process, user identity, and FQDN, rather than relying on port and IP that will do little to thwart today’s advanced threats.

Software-defined segmentation follows the DevOps mindset in more ways than one. It incorporates the same techniques for efficiency, innovation and speed, such as automated provisioning, management, and autoscaling. Developers can continue to embrace a ‘done once, done right’ attitude, using playbooks and scripts such as Chef, Puppet and Ansible to speed up the process from end to end, and automate faster, rather than rely on manual moves, changes, adds or deletes.

Embrace the New, but Cover the Old

Software-defined segmentation is a new age for cybersecurity, providing a faster, more granular way for enterprises to protect their critical assets. Projects that in the past may have spanned many years can now be done in a matter of a few weeks with this new approach, quickly reducing risk and validating compliance.

If your segmentation solution is stuck in the past, you’re leaving yourself open to risk, making it far easier for hackers to launch an attack, and you’re unlikely to be living up to the necessary compliance mandates for your industry.

Instead, think about a new approach that, just like your DevOps practices, is decoupled from any particular infrastructure, and is both automatable and auto-scalable. On top of this, make sure that it provides equal visibility and control across the board in a granular way, so that speed and innovation can thrive, with security an equal partner in the triangle of success.

Securing modern data centers and clouds needs a whole new approach to segmentation. To learn more about it, check out our white paper.

Download now

What’s New in Guardicore Centra Release 31

With release 31 we’re continuing to expand our firewall capabilities while making it even simpler for you to build and enforce a segmentation policy.

We’re doing this with features such as identity and FQDN policies. With Identity-based policies, security administrators can set granular, per-user access policies to applications. Domain name (FQDN) rules allow you to set policies based on the target domain name and save time and hassle on typing lists of ever-changing IP addresses. We’ve also integrated a first of its kind Threat Intelligence Firewall that automatically feeds into Centra daily updated blacklists of known bad actors to create rules that alert and block these communications.

In this release we are also shipping many customer requested features that were evaluated on the merit of improving operational efficiency, reducing policy creation time and taking Guardicore usability to higher levels.

Here are some of the highlights of the version:

User-based Rules

One key feature introduced in v31 is user-based rules. With this new firewall capability, customers can create rules based on Active Directory user groups to provide granular per-user access to applications. This allows you to control user access to data center and cloud resources. By linking your Active Directory to Centra, Centra is able to retrieve user information. Based on user membership in those Active Directory security groups, we allow users different access to different resources. This way you can make sure that users only access what they are entitled to. For example, this can help allow just the Billing users in your environment to access Billing resources and just the HR users to access their HR resources. No additional infrastructure is required.

FQDN Rules

You can now create policies that allow access to a specific domain by its domain name rather than its IP addresses. For example, when you want to allow a server to access windowsupdate.com, instead of typing its IP or its IP lists, you can simply refer to it by its domain name. For example, when you want to allow a server to only access github.com, instead of typing its IP or its IP derivatives (dev.github.com, community.github.com, etc.) you can simply refer to it by its domain name – github.com or *.github.com. Select *.github.com to support wildcards. The ability to type a domain name saves the time and hassle of collecting all the possible IPs and keeping track of their validity.

Threat Intelligence Firewall

Guardicore is offering a threat intelligence-based firewall to Centra SaaS users. This feature uses Guardicore’s threat intelligence sensors, distributed across major cloud providers worldwide, to create blacklists of verified malicious IP addresses. Updated daily, these IP blacklists are automatically fed into Centra to create rules to alert and block communications via malicious IP labels: top attackers, top scanners, and top CnC. To get this feature, contact Guardicore Customer Success at support@guardicore.com.

Extended support for legacy systems

Since most of our customer environments include end of life Unix, Windows and Linux that can no longer be patched and therefore pose a risk to the organization, Guardicore has expanded its operating system coverage for those legacy systems and applications. With version 31, the Guardicore Agent supports more legacy operating systems such as Redhat, Oracle and Centos 5, and has also extended its support to AIX which is a proprietary UNIX operating system commonly used by enterprise customers. Now we have the ability to extend our policy coverage to these OSes and reduce the risk they may pose.

While we listed the features that seem to be the most important, there are many more enhancements. Fthe full list of enhancements and capabilities, see the release notes that can be accessed from our customer portal.

January 2020’s Patch Tuesday

Guardicore Labs extracts what you need to know regarding the January 2020 Patch Tuesday and data centers.