Ransomware, Critical Infrastructure and COVID-19: Confronting the New Reality of Nation-State Threats

Over the past decade, we have seen just how destructive cyberattacks have become. It seems every time we turn around, there are new methods surfacing that can often make us question our decisions and actions, and how we can continue to improve. But while we have seen nation-state attacks become more advanced, especially attacks using lateral movement such as unsanctioned east-west traffic and increased dwell time, there is also a silver lining. We can often learn more from the organizations that have been successful in circumventing even the most sophisticated cyberattacks. This is true even in cases of ransomware, critical infrastructure and the latest attacks – biotech research and COVID-19 vaccines.

Ransomware is consistently a huge challenge for many industries from financial services to healthcare and others, and the data shows a disturbing trend. A recent survey, The State of Ransomware, by the cybersecurity company, Sophos, reveals that 51% of organizations were hit by ransomware in the last year, and hackers succeeded in encrypting the data in 73% of those attacks. However, only 26% of ransomware victims whose data was encrypted got their data back by paying the ransom. And according to Verizon’s Data Breach studies into industrial espionage attacks against the private sector, the volume of nation-state actors increased from being 12% of the perpetrators of such attacks in 2018, to 23% in the 2019 study and to 38% in the 2020 study. There is no escaping the fact that nation-states are increasingly engaged in hacking.

From what I’ve witnessed as a cybersecurity consultant, nation-states are better at hiding than ever before. State hackers use various sophisticated techniques such as acting through proxy layers, avoiding attribution by manipulating data, and using clever toolkits and other means to mislead forensics. One of the best examples of this is the Wannacry ransomware that wreaked havoc across the world in 2017 and throughout 2018. It used EternalBlue, a cyberattack exploit developed by the United States National Security Agency (NSA). It was leaked by the hacker group, Shadow Brokers in April of 2017, just one month after Microsoft released patches for the vulnerability. Wannacry was especially nasty due to its self-propagating nature, meaning it has the ability to move itself from machine to machine, or network to network, spreading the infection entirely on its own.

When Consequences Turn Deadly

Nation-state actors have become brazen in their attacks, and we see evidence of this in the use of many different methods to carry out attacks that have even resulted in fatalities.

In the past, ransomware-focused criminal organizations would avoid targets where human lives would be at risk. But now, even hospitals are seen as acceptable. In September 2020, a ransomware attack on the German Düsseldorf University Clinic led to a death of a patient. German law enforcement is seeking prosecution of the Russian attackers involved in that attack. The same criminal gang was also responsible for attacking and taking down all 250 facilities of US based UHS healthcare.

Nation-state actors have also targeted critical infrastructure that aims to hurt or even kill citizens of the target countries. From April to July of 2020, Israel’s water supplies were threatened three separate times by nation-state hackers (suspected to be Iran). The industrial controls of Israeli water processing facilities were attacked in an attempt to alter the injection of treatment chemicals to unsafe levels. The attack was so disconcerting, a cyber counterattack was levied against Iran (allegedly initiated by Israel) that disrupted port traffic at the Port of Shahid Rajaee.

These examples are a far cry from the typical nation-state attacks of the past – intelligence, influence, disinformation, propaganda and espionage. If we were once under the impression that investing in cybersecurity was strictly a decision based on the risk of data and financial loss, it’s time to reevaluate. We have entered an age where attacks could truly lead to devastating consequences, certainly to enterprise survival and now even to the safety and lives of people.

The Latest Biotech Hit: COVID-19 Vaccine

In the throes of the COVID-19 epidemic the US, Canada and the United Kingdom all reported attempts by Russian and Chinese state actors to steal, manipulate and even obstruct the development of the COVID-19 vaccine. First warnings of such activity came from a joint CISA/FBI PSA to the vaccine research community in May 2020. By July, the US Department of Justice issued an indictment for two Chinese nationals working for the People’s Republic of China. They were not only charged with attempted theft but attempted destruction of vaccine research held in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, South Korea, Spain, Sweden, and the United Kingdom.

How We Can Win the War With Segmentation

In cybersecurity, we are constantly inundated with stories of failures. Reports of data breaches seem to be much more popular with the media, while safe, secure organizations that are successfully protecting themselves and blocking attacks aren’t considered headline news. However, this is doing the industry and companies across the world a huge disservice. In a way, we are victims of reverse-survivor bias. While it’s important that we continue to stay vigilant and recognize these threats as real, there are many tangible things that companies and government organizations are currently doing to mitigate threats, minimize damages and recover gracefully.

Here are seven ways you can protect your organization from nation-state threats:

  1. Better Vulnerability and Patching Regimen:
    Add vulnerability and patching checks to end users, public facing and data center environments, and should be included and automated wherever possible.They should also be incorporated into devops playbooks as new instances are spun out and/or modified. They should be incorporated into switch/route and other infrastructure devices as well, since we’ve seen a rise in focus here among attackers.
  2. Incorporate Multi-factor Authentication:
    Brute force password cracking is one of the easiest direct assaults seen on end user and application environments, yet it’s easy to enforce the use of strong passwords and to implement two factor authentication.
  3. Privileged Accounts and Expiration Controls:
    These can be easily added to overall enterprise security. New attacks often take advantage of the user they ride in on. Or, they can take advantage of an account that should have been used for a specific, scheduled purpose and subsequently deleted. Even with administrative accounts, one could easily work with reduced privileges – only invoking a higher “sudo” when needed.
  4. Certificate Management and Control:
    Many attackers take advantage of poor certificate management to propagate across an enterprise. By taking better control of certificate management you take away the ability of hackers to fool your workloads into trusting them.
  5. Core Service Controls:
    By better securing DNS, Remote Access, Active Directory and other critical enterprise services you prevent attacks from doing major damage.
  6. Micro-segmentation Practices:
    As Zero Trust discusses, the end of the enterprise edge is nigh. We need to move away from the reliance on perimeter firewalls and edge security and instead shore up our software-based segmentation throughout our enterprise workflow. With software-based segmentation, you replace the complexity of VLANs, firewalls and cloud security groups with a platform agnostic, simplified, fast and granular method to segment across your entire environment. Even when applied sparingly you decrease an attacker’s ability to land and even more to move laterally across the environment.
  7. Better and Redundant Backup and Restore Procedures:
    This is especially important today when ransomware and nation-state attacks are concerned. The ability to restore systems means you avoid costly downtime and restore without paying a ransom.

Setting Expectations: Plan, Practice and Survive

Adding to the seven focus areas, by far the most important indicator of whether you’ll succeed or fail, comes down to whether you’ve set expectations within your enterprise. Staff and executives need to accept that at some point you will be breached. They need to understand that it’s not a matter of if but when. With that in mind, you must also have a well thought out and practiced incident response plan that includes non-technical and executive staff. By doing such, you maximize your ability to respond, remediate and to recover gracefully.

While attackers seem so troublesome, we have everything in our grasp to defend against them. With just a little effort we will indeed survive and flourish.

To learn more about how Guardicore can help, get a free attack surface reduction analysis for your organization.

SUNBURST Backdoor: Unfolding Information on the SolarWinds Attack Campaign

On December 13th, major news outlets began reporting that a highly-sophisticated supply chain attack had targeted and successfully breached two major U.S. agencies, gaining access to internal email traffic.

Emerging details reveal that threat actors behind this attack campaign gained access to these agencies and other organizations across different verticals and geographies by executing a supply chain attack trojanizing SolarWinds Orion business software updates and using them to distribute malware. The SolarWinds attack campaign post-breach activity has included lateral movement within networks and instances of successful data exfiltration.

FireEye, currently tracking the campaign closely, summarized details about the malware, SUNBURST, in a recent, comprehensive post:

“After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. The malware masquerades its network traffic as the Orion Improvement Program (OIP) protocol and stores reconnaissance results within legitimate plugin configuration files allowing it to blend in with legitimate SolarWinds activity. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers.”

Who is impacted by the SolarWinds attack campaign?

While the threat actors have only targeted a portion of the customer base so far, this backdoor gives them potential access to every organization using the vulnerable Solarwinds products. Organizations using any product from the list below should assume network compromise and activate their incident response plans promptly if they have not already.

A known list of affected versions:

  • Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, or with 2020.2 HF 1, including:
  • Application Centric Monitor (ACM)
  • Database Performance Analyzer Integration Module (DPAIM)
  • Enterprise Operations Console (EOC)
  • High Availability (HA)
  • IP Address Manager (IPAM)
  • Log Analyzer (LA)
  • Network Automation Manager (NAM)
  • Network Configuration Manager (NCM)
  • Network Operations Manager (NOM)
  • Network Performance Monitor (NPM)
  • NetFlow Traffic Analyzer (NTA)
  • Server & Application Monitor (SAM)
  • Server Configuration Monitor (SCM)
  • Storage Resource Monitor (SCM)
  • User Device Tracker (UDT)
  • Virtualization Manager (VMAN)
  • VoIP & Network Quality Manager (VNQM)
  • Web Performance Monitor (WPM)

SolarWinds continues to update the list of affected products. It’s recommended that you verify as soon as possible what software versions you have installed (instructions can be found on the SolarWinds website).

Mitigation Recommendations

New threat and mitigation information continues to emerge. However, we have notified all customers with known instances of Solarwinds Orion software installed on network areas with Guardicore Centra coverage, giving them the following recommendations:

  1. Update your affected software based on the latest SolarWinds recommendations
  2. Until a hotfix is installed, we recommend you immediately limit SolarWinds servers’ communication to and from the internet using a Centra policy Override block rule.
  3. Ring-fence all servers running SolarWinds.
  4. Search the indicators of compromise provided by FireEye in your network to identify possible threat activity. This can be done with Guardicore Insight (available from Guaridocre Centra v35 release).

Reducing attack surface and preventing unauthorized lateral movement can significantly reduce the impact of similar attack campaigns on your organization in the future. To learn more about your risk reduction potential, request an attack surface analysis today.

How Technological Innovation Has Changed Security As We Know It

Technological innovation has changed security as we know it. We live in a fast-paced, digital world, and agile enterprises have embraced the rapid delivery of new technology and digital services as a means to stay competitive. At the center of this transformation is a DevOps model and the move to cloud computing for faster and more efficient delivery of digital services. This transformation has made the pace at which security was delivered in the last 20 years irrelevant. Subsequently, this change makes organizations choose between agility and security. 

I see many organizations who’s pace of innovation is significantly hurt by the legacy firewalls they rely upon for security and compliance. Their DevOps race cars are shackled to old school network security appliances. Sadly, the legacy firewalls are also not very effective in stopping modern threats. So organizations are often both exposed and slow as a result of relying on legacy firewall appliances for security.

Technological innovation and firewall facts

To gain a deeper understanding of our observations, Guardicore sponsored a research project with the Ponemon institute. We surveyed over 600 security professionals in the United States about how they use legacy firewalls in their organizations. One of the most obvious trends we saw was that legacy firewalls are ineffective in protecting applications and data in the cloud. Another big finding was that legacy firewalls kill flexibility and speed. Both of these are clearly detrimental to businesses.

Allow me to explain further. As organizations flock to cloud and hybrid infrastructures, applications often migrate among different environments, increasing inter-segment traffic. The rapid proliferation of applications is creating an ever-larger attack surface for hackers to target. These services bypassed the stateful firewalls on the perimeter as they delivered information and files directly to the end user. 

As for why this is happening, the answer is that legacy firewalls simply haven’t kept up with today’s world. In fact, the last true innovation in firewall appliances was a good 15 years ago, and the IT landscape has profoundly changed since then.

Legacy firewalls are out; software-based segmentation is in

Digital transformation has presented the world of business  with many exciting opportunities. At the same time, it has pushed legacy firewalls way past their originally intended purpose. 

As the first line of defense against outside intrusion, legacy firewalls have been, without question, a boon to the evolution of the internet. However, as data breaches proliferated, organizations quickly realized they couldn’t just protect against outside threats. After all, what would happen once someone got past perimeter defences? Clearly they had to do something to mitigate threats inside their networks and data centers as well. 

This led to the concept of segmentation — the creation of restricted “zones” for groups of applications in the network environment. Network and data center segmentation has typically taken the form of virtual local area networks or VLANs, partitioned and secured by the same firewall technology that enforces north-south traffic at the perimeter. However, as technologies continue to evolve, these methods have become lengthy, costly, and complex. 

Here’s how VLANs work (or don’t)

If you’ve been using VLANs up until now, you’ll know how ineffective they are when it comes to protecting legacy systems. VLANs usually place all legacy systems into one segment. What does that mean? A single breach puts them all of the segments in the line of fire. Yeah – it’s not good.

VLANs rely on firewall rules that are difficult to maintain and do not leverage sufficient automation. This often results in organizations accepting loose policy that leaves your environment open to risk. Without visibility, your security teams can’t enforce tight policy and flows, not only among the legacy systems themselves, but also between the legacy systems and the rest of a modern infrastructure.

It’s time to rethink firewalls

I’m excited to share that here at Guardicore, we are revolutionizing the segmentation field by delivering distributed firewall controls that are completely decoupled from the underlying infrastructure. This modern-day approach removes the most significant obstacles to security efficiency: slow implementation and severe operational impact.

As Buckminster Fuller once said, “We are called to be architects of the future, not its victims.” 

The industry changes we have witnessed over the past three decades are precisely why we founded Guardicore. We ourselves come from a background where we have experienced the same challenges you are experiencing, and we are thrilled to embrace and share the innovations of the future. We continue to hold the vision and the goal of reinventing enterprise security to place greater emphasis on security beyond the traditional network perimeter. This makes our organizations and ultimately, all of us, safer. 

Now is the time to embrace better alternatives to legacy firewalls. Together, let’s enable rapid innovation and digital transformation while also protecting those digital assets that matter most. 

To learn more about the findings in this report and our solution, please download our free ebook, “Rethink Your Firewalls to Meet the Needs of Digital Transformation”. We look forward to sharing this journey to success together. Here’s to technological innovation – and the successful security that supports it!


PLEASE_READ_ME: The Opportunistic Ransomware Devastating MySQL Servers

Guardicore Labs uncovers a sophisticated, multifunctional P2P botnet written in Golang and targeting SSH servers.

The dangers of firewall misconfigurations – and how to avoid them

According to Gartner, “through 2023, at least 99% of cloud security failures will be the customer’s fault.” Firewall issues are one of the top reasons why this is the case.
The extreme pace of change and increasingly swift adoption of hybrid cloud has network security struggling to keep up. Many enterprises are attempting to protect themselves with network firewalls, putting themselves at increasing risk of configuration errors and policy gaps. In fact, Gartner says:

“Through 2023, 99% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws.”

What are the most common causes of firewall misconfigurations?

Network firewalls are not easy to update. Keeping rules up to date when environments and applications are dynamic and complex is almost impossible.

Because of this challenge, firewall policy is often behind the current status of your applications and data. This means you are increasing risk in your data center until you manage to manually set the rules. Moreover, those rules may well become obsolete again almost immediately, so you can never truly stem the issue of growing risk.

At the same time, companies have to deal with compliance mandates and governance, which are just as strict on the cloud environments as on-premises environments. While the increased agility of a hybrid cloud ecosystem is helpful for streamlining business processes, the speed of change has caused many organizations to fall badly short of compliance requirements.

It’s especially difficult to get full visibility into hybrid cloud environments – and without visibility, you can easily fall prey to blind spots resulting from misconfigurations. Take the Capital One breach, for example, where hackers could exfiltrate “data through a ‘misconfiguration’ of a firewall on a web application. That allowed the hacker to communicate with the server where Capital One was storing its information and, eventually, obtain customer files.” The result was the loss of the personal data of more than 100 million people, including tens of millions of credit card applications.

What are the most common firewall misconfigurations?

Wondering what some of the most common firewall misconfigurations are? Here are the ones that we see time and again:

  • EC2 instances: Configuring security groups incorrectly can lead to unnecessary risk. AWS itself reports that “Among the most egregious were AWS Security Groups configured to leave SSH wide open to the Internet in 73 percent of the companies analysed.” Any approach that relies on IP addresses that constantly change is going to be error-prone.
  • VPC access: Of course, your business doesn’t want anyone on the internet to be able to access your VPCs. That said, this is a common mistake. Many businesses use ACLs to manage the problem, but it can be time-consuming and leave blind spots.
  • Services permissions: It often happens that unnecessary services are left running on the firewall, opening up enterprises to risk and broadening the attack surface. When devices are configured from the start with the principle of zero-trust and least privilege, this removes that risk. It also ensures that devices can only do the specific function you need them for.
  • Inconsistent authentication: Enterprises often have networks that work across multiple geographies and locations, as well as different environments. Consistent authentication across these different places is a cornerstone of good firewall hygiene. If some requirements are weaker than others, the misalignment creates vulnerable areas of the enterprise that can be leveraged like an unlocked door. The result is that your business will be open to attacks.

What’s the best firewall alternative?

Because of all the issues mentioned above, many businesses have decided that it’s time to look for a firewall alternative. Modern organizations need a security solution that is faster, easier to manage, less error-prone, and more conducive to today’s hybrid cloud and complex environments. That’s where a software-defined micro-segmentation solution like Guardicore Centra comes in.

“With Guardicore, we were not only able to secure 45 applications without interruption in just 6 weeks, we also got a more agile, cost-effective, and secure solution than our legacy firewall provider.”

— David E. Stennett, Sr. Infrastructure Engineer, The HoneyBaked Ham Company

honeybaked ham

Read the full story

Whereas network firewalls can be a hurdle to speed and agility, software-defined segmentation is an enabler. The overlay approach to micro-segmentation does not rely on IP addresses, and is therefore completely decoupled from the underlying infrastructure. This structure allows policies to follow the workload, no matter what environment you are using. Therefore, security can move at the speed of innovation – and lower costs at the same time.

This fast pace is bolstered by automation. And, of course, automation slashes the rate of manual changes and updates – and therefore misconfigurations and errors. Automation supports real-time risk mitigation, even across multi-vendor security environments.

How can you gain visibility into firewall misconfigurations?

Understanding firewall misconfigurations starts with mapping connections, because you can’t protect what you can’t see (or don’t even know exists). In addition to providing stronger, faster security, using a solution like Guardicore Centra enables you to gain granular insights into your communications and connections. That way you can see misconfigurations at a glance, identify unusual behavior, solve open ports or broad permissions, and tackle issues such as inconsistent authentication procedures.

Moreover, Guardicore Centra goes beyond visibility to provide the security that you need to support a Zero Trust-based framework. Specifically, Guardicore covers the main pillars of Zero Trust by securing:

  • People with user-based policies.
  • Endpoints through security policies and enforcing compliance using OSQuery.
  • Workloads in any environment by providing policies that follow the workload and are not tethered to a specific infrastructure.
  • Networks and devices by securing device access to the data center.

Why do you need software-based segmentation vs native cloud controls?

For those of you who rely on the built-in firewall capabilities of cloud providers – hopefully by now you know that software-based segmentation does much more to secure business environments than can be achieved by native cloud controls alone.

Native cloud controls are outside of the visibility and control of network security teams. Those teams need visibility in order to manage connectivity for business-critical applications or micro-segmentation projects. Perhaps this is why Gartner acknowledges that, “Agent-based micro-segmentation has become the standard for micro-segmentation platforms.”

How do you dynamically scale security while avoiding misconfigurations?

Once you’ve mapped out connections, you’re well placed to create consistent policies that follow the workload. You can then avoid playing continuous catchup with network firewalls that simply weren’t built for dynamic, auto-scaling environments or DevOps pipelines and agility. If, by chance, you should miss a misconfiguration, a strong micro-segmentation approach enables you to isolate critical assets and data so that a potential breach can be contained and mitigated, fast.

Leave legacy firewalls behind and lower risk in your own environment

Chances are good that you already have firewall misconfigurations that are opening you up to unnecessary risk. Hybrid cloud environments have added another layer of complexity to today’s data centers, creating even more opportunities for firewall misconfigurations.

Guardicore Centra is one tool that covers any environment and provides superior security capabilities, offering the flexible, fast, and cost-effective protection today’s businesses require. Guardicore enables you to take the challenges of a hybrid data center head on, providing visibility and control where you need it the most.

Ready to find out more about how to reduce risk in your own environment? Sign up today for a free personalized Risk Reduction Assessment Report to find out how much you can shrink your attack surface using Guardicore’s software-based segmentation solution.

Attack Surface Reduction Analysis

Get a no-touch, zero-impact, personalized report that quantifies risk reduction from using software-based segmentation in your own environment

Quantify Your Risk Reduction

Guardicore New Compatibilities with Citrix® Power Enterprises’ Secure Digital Transformation Initiatives

Enhanced Visibility and Granular Security Controls Enable Businesses to Protect Endpoints While Moving to the Cloud

Boston, Mass. and Tel Aviv, Israel – November 10, 2020 – Guardicore, the segmentation company disrupting the legacy firewall market, today announced additional integrations with Citrix and its flagship Centra segmentation platform that will help enterprises migrate to hybrid or cloud environments safely by securing endpoints, critical data, and business-critical applications. 


Research from Dynatrace shows that 89% of CIOs say digital transformation has accelerated in the last 12 months, and 58% predict it will continue to speed up. The immediate shift to remote work has inspired many businesses to work with Citrix to adopt hybrid, multi-cloud environments to deliver a consistent employee experience and seamless access to the applications and data they need to perform optimally. During this transition, however, businesses must protect vulnerable workers and sensitive information during digital transformation initiatives. 


“Cybercriminals often prey on organizations when their infrastructure is in transition,” said Guardicore VP of Business Development Sharon Besser. “Our architecture allows us to support Citrix customers’ everywhere and especially in hybrid multi-clouds to protect critical applications, endpoints, protect East-West traffic, and reduce risk while modernizing their infrastructure. Businesses that integrate segmentation into their digital transformation not only improve their security posture, they can also complete their project faster.”


Citrix recently selected Microsoft Azure as their preferred cloud platform to move existing on-premises customers. With Guardicore, these businesses can implement a  strategy that provides enhanced visibility and process-level security controls down to the workload for both data center and cloud assets. This gives security leaders the ability to protect endpoints, including those running Windows 10, and IT infrastructure while seamlessly moving data and business apps to the cloud. 


“At the start of the remote work shift, we helped thousands of enterprises accelerate their digital transformation initiatives to support their employees in working from home,” said John Panagulias, Director, Developer and Partner Programs, Citrix. “Guardicore offers our customers not only security, but speed as its segmentation platform allows businesses to protect vital data and applications without disrupting the employee experience.”


Guardicore is a Citrix Ready Partner and has the following compatibilities: 



To learn more about Guardicore Centra platform, please visit the Citrix Ready Marketplace and Guardicore.


About Guardicore

Guardicore is the segmentation company disrupting the legacy firewall market. Our software-only approach is decoupled from the physical network, providing a faster alternative to firewalls. Built for the agile enterprise, Guardicore offers greater security and visibility in the cloud, data-center and endpoint. For more information, please visit optimizeme.online or go to Twitter or LinkedIn.

Migrating to the Cloud Fast and Securely

There are numerous different ways to make your move to the cloud. According to Gartner, the five most common techniques are rehosting, refactoring, revising, rebuilding, or replacing. Yet every one of those options has a few commonalities: you will always need to understand what assets will be involved, how they communicate, and the ways they interact with your broader IT environment.

After helping organizations of all sizes and complexity levels simplify and accelerate their cloud migration projects, Guardicore has identified five simple steps that can streamline those common points. Following these steps helps assure a fast migration while also enabling you to ensure that security and compliance policies extend to the new infrastructure

5 simple steps to a fast and secure cloud migration

Ready for a sneak preview? Check out this short video for the quick overview before diving into the detailed instructions for how to achieve a fast and secure cloud migration.

1. Map application workloads

Typically, 73% of cloud migrations take more than a year to complete1. Even migrating a single application can take as long as four months2. However, with Guardicore, you can drastically speed up the timeline of your project from step one.

Once installed, Guardicore Centra automatically generates a detailed map of activity across all your environments. Process-level activity is correlated with network events, giving you a visual view of all workloads.
You can then drill down for more detail, including granular information on specific assets and processes. This helps you determine what elements you need to consider during your migration, so you can accurately scope your project.

2. Identify service dependencies

Many applications have service dependencies that they rely on to operate, such as DNS, active directory, or update services. These need to be documented and correctly configured as a part of the migration process.

For instance, you may not want your newly migrated cloud application to have access to the on-premises active directory for security or compliance reasons. Therefore, rehosting it or setting up another instance may be a better option for your business.

Guardicore can help you determine what dependencies exist today. Once those dependencies are identified, you can make a proactive and informed decision on how you would like to set up these services before you migrate. In this way you can avoid unplanned delays.

Guardicore provides detailed insights into service and business dependencies

3. Identify business dependences

In addition to ensuring service dependencies are taken care of, other elements in your environment likely require access to the newly migrated asset to keep your business running as usual. One common use case for financial services organizations, for instance, is the need for billing, accounting, and SWIFT applications to communicate with a banking application migrated to the cloud.

In order to ensure that everything continues operating as expected post-migration, Guardicore provides you with the granular visibility you need to understand communication between each relevant element. This includes insights into connections between protocols, ports, and processes.

This visibility lets you plan how to configure for today’s dependencies. It also helps you decide whether or not to make a change moving forward (like creating a cloud instance of an accounting application in order to avoid an on-premises-to-cloud dependency). Moreover, it allows you avoid potential outages that can occur when you decommission on-premises versions of applications after a migration.

4. Migrate your assets to the cloud

Once you’ve gone through the process of mapping assets and thoroughly understanding dependencies, you can confidently begin your cloud migration. During this time, you can also define any segmentation policies needed to further reduce risk and ensure compliance.

Guardicore Risk Reduction Analysis Report

See how micro-segmentation can shrink attack surface up to 99%

Learn about our free, no-touch, zero-impact, personalized report that quantifies risk reduction from using software-based segmentation in your own environment



Because Guardicore presents real-time and historical network data in a centralized platform, it’s easy to spot communication flows that might increase risk or result in non-compliance. You can then limit exchanges between assets as needed.

There is an additional bonus to defining policies before undergoing a cloud migration. Since Guardicore operates independently of the underlying infrastructure, policies follow the workloads. Thus, existing security controls carry over to the cloud. There, they can be fine-tuned for an asset’s new environment, saving even more time.

“The entire segmenting of the Somos infrastructure, applications, and data had been completed when we entered the new environment.”

Alex Amorim – Information Security Manager

5. Check and validate your cloud migration

After you’ve completed your cloud migration, it’s important to do one last thorough check. Now is the time to validate that you have accounted for all dependencies and that the correct security policies are in place.

Once you’ve confirmed everything is as it should be, you can securely shut down any on-premises assets you want to decommission. All that’s left is to toast to a successful migration!

Congratulations on completing your fast and secure cloud migration!

Going through these five steps with Guardicore Centra can drastically simplify and speed up your migration to the cloud. Ready to see that kind of success in action for yourself? Check out this five-minute walkthrough of moving an e-commerce application to the cloud:

New Ponemon Study: Enterprises Eliminating Legacy Firewalls Due to High Costs and Inability to Stop Cyberattacks

60% of Respondents Believe Firewalls are Ineffective in Stopping Cyberattacks Against Applications, Data Centers, and Data in the Cloud; Lack of Flexibility Hinders Digital Transformation Initiatives

Boston, Mass. and Tel Aviv, Israel – October 27, 2020 – According to a new report, more than 60% of organizations believe that legacy firewalls are ineffective in preventing damaging cyberattacks against applications, data centers, and data in the cloud. As a result, 53% of survey respondents are actively looking to replace legacy firewalls with modern security solutions that are more cost effective, provide greater flexibility and can match the speed and agility digital transformation requires.

The “Rethink Firewalls: Security and Agility for the Modern Enterprise” report, conducted by Ponemon on behalf of Guardicore, surveyed more than 600 security professionals in the U.S. to gain insight into how legacy firewalls are used in the modern enterprise. Digital transformation and the rapid adoption of cloud infrastructure has pushed the boundaries of traditional network security tools. The report demonstrates how legacy security technologies – such as network and ‘next-gen’ firewalls – hinder agility and fail to secure data and applications across data centers and cloud environments.

“The findings of the report reflect what many CISOs and security professionals already know – digital transformation has rendered the legacy firewall obsolete,” said Pavel Gurvich, co-founder and CEO, Guardicore. “As organizations adopt cloud, IoT, and DevOps to become more agile, antiquated network security solutions are not only ineffective at stopping attacks on these properties, but actually hinder the desired flexibility and speed they are hoping to attain.”

Rethink Firewalls – Key Study Takeaways

  • Legacy Firewalls are Failing to Enable Zero Trust: Zero Trust has emerged as an effective framework to help modern organizations protect cloud infrastructure, distributed workforces and applications. According to the report, while 49% of respondents have implemented a Zero Trust model of security to some extent, 63% believe their organizations’ legacy firewalls are failing to enable Zero Trust across the enterprise.
  • Firewalls Fail to Stop Attacks, Leave Organizations Vulnerable: Legacy security technologies fail to minimize the attack surface and increasingly leave organizations vulnerable to cyberattacks. 61% of respondents say their organizations’ firewalls could not contain a breach of its data center perimeter, while 64% believe that legacy firewalls are ineffective against modern attacks like ransomware.
  • Legacy Firewalls Hinder Agility, Cost Too Much to Maintain: Organizations increasingly believe that firewalls are damaging to digital transformation, lacking the flexibility and speed required for modern environments. Fifty seven percent of respondents indicate it can take from three weeks to more than a month to change firewall rules to accommodate an update or new application. This is driving firewall attrition, with more than 53% organizations moving away from firewalls due to costs and complexity.

“The findings of the report shows the number one concern of firewall buyers is whether they can actually get next-gen firewalls to work in their environments. As organizations move into the cloud, legacy firewalls do not have the scalability, flexibility or reliability to secure these environments, driving up costs while failing to reduce the attack surface,” said Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute. “As a result, organizations are reaching the conclusion that firewalls are simply not worth the time and effort and they’re actually negatively impacting digital transformation initiatives. This is driving a move toward modern security solutions like micro-segmentation, that can more effectively enforce security at the edge.”

On Oct. 27th at 1 p.m. ET, Guardicore will be hosting a webinar with Guardicore customer David Stennett, Sr. Infrastructure Engineer, The Honey Baked Ham Company, and Larry Ponemon, Ph.D, Chairman and Founder, Ponemon Institute, to discuss the findings and strategies for how organizations can replace legacy firewalls with modern security solutions like micro-segmentation for greater flexibility, control and security of data centers, applications and cloud environments.

To register, please visit: https://go.guardicore.com/guardicore-ponemon-webinar-changing-the-face-of-network-security

To download a copy of the report, please visit: https://www.guardicore.com/resources/rethink-firewalls-security-and-agility-for-the-modern-enterprise/

About Guardicore
Guardicore is the segmentation company disrupting the legacy firewall market. Our software-only approach is decoupled from the physical network, providing a faster alternative to firewalls. Built for the agile enterprise, Guardicore offers greater security and visibility in the cloud, data-center and endpoint. For more information, please visit optimizeme.online or go to Twitter or LinkedIn.

Can you reduce your attack surface to zero?

As network changes take place faster and faster, attack surfaces grow at a corresponding pace, increasing business vulnerability.

It’s critical to:

  • Articulate the risks brought on by a large attack surface.
  • Visualize how radically software-based segmentation can reduce your attack surface.
  • Quantify the risk reduction so others across the business can understand the value of taking action.

But can you reduce your attack surface to zero? And what exactly are we talking about here when we reference the attack surface?

What is an application attack surface?

Application attack surfaces are the communications not restricted between endpoints in the network and an open port on one of the servers of the application in review. The bigger the attack surface, the more vulnerable your environment is. For example, a successful ransomware attack starts from an attacker leveraging the ability to (a): penetrate the network by leveraging non-monitored communication paths1 and (b): move laterally, targeting critical data or high privileged services and propagating ransomware across entire networks, before encrypting all they can (including your backups).

Reducing the attack surface by exposing only needed services/ports to the smallest group of clients is essential to stopping this type of attack from penetrating your network. A well micro-segmented network will prevent the attackers from moving laterally within the network, gaining growing control over more assets. Unfortunately, this is just one possible attack vector – there are others.

So, can you reduce your attack surface to zero?

Given all the issues that can be brought on by having a broad attack surface, it seems like the answer would be to shut the attack surface down.

Unfortunately, you can’t really reduce your attack surface to zero – unless you can:

  • Disconnect all communication paths between the internet and all of the servers in your network (including IoT devices).
  • Prevent anyone with access to your organization’s IT infrastructure (including network systems, laptops, virtual environments, databases, business applications, etc.) from uploading, downloading, opening emails, clicking on links, connecting their own devices, or making any changes to set configurations.
  • Hire only people who make zero mistakes, 100% of the time.

Assuming connectivity with the outside world is required and human errors are here to stay, how can you realistically protect your critical applications to ensure business continuity and growth? The answer is to reduce the attack surface to a minimum using software-based segmentation. Make sure the only open communication paths between an application’s servers/processes and other applications, users, or internet sources are allowed and monitored by your set policy.

Software-based segmentation brings instant visibility for attack surface reduction

Learn how Guardicore can help

How do I prove the value of attack surface reduction to management?

Even if you know the benefits of using software-based segmentation to reduce your attack surface, demonstrating the risk reduction value of segmentation to management can be a challenge. That’s where Guardicore’s Risk Reduction Assessment Report comes in.

The report enables security teams to visualize and understand their applications’ attack surface by seeing which other assets can communicate with the application’s servers. The report then provides a view of what the attack surface looks like once unnecessary communication paths are closed and the attack surface has been minimized.

The personalized report is based on a zero-impact process that enables Guardicore to analyze your own applications. There is no required software installation and we are at no point connected to your environment. The report is based on netstat type data we receive from the organization we work with on the report. The business requesting the report chooses which application and servers to collect data from.

There are a few ways to collect us the data:

  • Open-source data collector script
  • A Netflow file
  • A PCAP file containing packet network data
  • Guardicore agents (as part of a PoC process)

The result is a document that visually demonstrates:

  • The way software-based segmentation reduces the risks of a flat network.
  • The quantified value of segmentation in your own business environment.
  • The logic behind the generation of the graphs and numbers in the report.

How do I get a personalized report analyzing my business applications’ risk reduction potential?

Ready to try the Risk Reduction Assessment Report out for yourself? Sign up today to find out how much you can reduce your attack surface using Guardicore’s software-based segmentation solution.

Get Your Attack Surface Reduction Report


How does Guardicore Centra help reduce the accessibility of the attack surface?

Guardicore Centra’s software-based segmentation enables enterprises to reap the benefits of risk reduction while supporting agile DevOps and rapid application deployment. The solution delivers optimal security at a faster speed with greater security efficacy.

Guardicore’s micro-segmentation is performed at the workload level rather than at the infrastructure level. Therefore, it can be implemented consistently throughout a hybrid cloud infrastructure and it adapts seamlessly as environments change or workloads relocate.

Micro-segmentation lets security teams create granular policies that segment applications from one another and/or segment tiers within an application. As a result, companies can accomplish such goals as:

  • Slow or block attackers’ efforts to move laterally.
  • Create a security boundary around assets with compliance or regulatory requirements.
  • Enforce corporate security policies and best practices throughout the infrastructure.
  • Apply Zero Trust principles throughout the infrastructure, even as the business extends from the data center to one or more cloud platforms.

This focus on preventing lateral movement through in-depth governance of applications and flows reduces the available attack surface even as IT infrastructure grows and diversifies.

What can I do to kickstart my program?

Now that you understand the importance of reducing the accessibility of the attack surface, here are a few things you can do get started:

  1. Read more about attack surface reduction: Download the paper about how to demonstrate the importance of minimizing the attack surface.
  2. Get the attack surface reduction report: Sign up for your personalized report today.
  3. Receive a Guardicore demo: See how Guardicore’s software-based segmentation solution, Guardicore Centra, can help you today.

1 For example by using weak points such as internet-facing servers and remote-desktop logins or people unintentionally downloading malicious payloads

Guardicore Named One of 2020 Best Small and Medium Workplaces by Great Place to Work™ and FORTUNE

BOSTON and TEL AVIV, Israel, October 16, 2020 Guardicore, the segmentation company disrupting the legacy firewall market, today announced it was named one of the 2020 Best Small and Medium Workplaces by Great Place to Work™ and FORTUNE. The ranking is based on confidential survey feedback representing more than 189,000 employees working at small- and medium-sized businesses in the United States.

“At Guardicore, we pride ourselves on being a global team of innovators passionate about security, and hungry to make an impact,” said Pavel Gurvich, Co-Founder and CEO, Guardicore. “We’re changing the way organizations protect their data centers and clouds from advanced threats – and that starts with our people. Our culture is full of innovation, creativity and agility — and we are thrilled to be recognized on this year’s Best Workplaces list by Great Place to Work™ and FORTUNE.”

Guardicore is a segmentation company that provides its customers with a faster, more cost-effective alternative to traditional firewalls. The company has 5.0 star reviews on Glassdoor, due to its open and transparent communication style, opportunities for career growth, and competitive salaries. Some company perks include a robust benefits package, annual company kick-offs for all employees, and dog-friendly work environment — all which lead to the company’s high retention rates. 

“Best Workplaces like Guardicore have built dynamic, flexible, and transparent workplaces founded on trust,” said Michael C. Bush, CEO of Great Place to Work. “This gives companies on this list a powerful opportunity not just to do well for their people, but also to do well for their businesses.”

Great Place to Work, a global people analytics and company culture research firm, evaluated more than 60 elements of team members’ experience on the job. These included the extent to which employees trust leaders, the respect with which people are treated, the fairness of workplace decisions, and how much camaraderie there is among the team.  

The Best Small Workplaces and Best Medium Workplaces lists are part of a series of rankings by Great Place to Work and FORTUNE based on employee feedback from Great Place to Work-Certified™ organizations. 

To learn more about available career opportunities at Guardicore, please visit: https://www.guardicore.com/company/careers/ 

About Guardicore:
Guardicore is the segmentation company disrupting the legacy firewall market. Our software-only approach is decoupled from the physical network, providing a faster alternative to firewalls. Built for the agile enterprise, Guardicore offers greater security and visibility in the cloud, data-center and endpoint. For more information, please visit optimizeme.online or go to Twitter or LinkedIn.

About the Best Small & Medium Workplaces
To determine the 2020 Best Small Workplaces list and the 2020 Best Medium Workplaces list, Great Place to Work® gathered and analyzed confidential survey feedback representing more than 189,000 employees working in small- and medium-sized businesses in the United States.  Employees responded to over 60 survey questions describing the extent to which their organization creates a great place to work For All™. 

Eighty-five percent of the evaluation is based on what employees say about their experiences of trust and reaching their full human potential as part of their organization, no matter who they are or what they do. Great Place to Work analyzes these experiences relative to each organization’s size, workforce make up, and what’s typical relative to their peers in the industry.  

The remaining 15 percent of the rank is based on assessing how consistent employees’ daily experiences of innovation, the company’s values, and their leaders’ effectiveness are.

To learn more about Great Place to Work-Certification and recognition on Best Workplaces lists published with Fortune, visit Greatplacetowork.com

About Great Place to Work
Great Place to Work® is the global authority on workplace culture. They help organizations quantify their culture and produce better business results by creating a high-trust work experience for all employees. Emprising®, their culture management platform, empowers leaders with the surveys, real-time reporting, and insights they need to make data-driven people decisions. They recognize Great Place to Work-Certified companies and the Best Workplacesin the U.S. and more than 60 countries, including the 100 Best Companies to Work For® list published annually in Fortune.

Learn more at greatplacetowork.com and join the community on LinkedIn, Twitter, and Instagram.

Media Contact:
Maryellen Sartori