Hybrid Cloud Security on Your Terms

Mellanox and Guardicore Deliver Agentless and High-Performance Micro-segmentation for Securing Hybrid Cloud Environments

This article was created and published in partnership with Itay Ozery, Director of Product Marketing at Mellanox Technologies

The face of the enterprise datacenter has changed dramatically in recent years. Business-critical applications, data confidentiality and the advent of digital products and services are among the driving forces behind today’s emerging data-center architectures. Sometimes it is easy to think about this change as transformation from 10G to 25G, 40G and 100G but actually it is more than that.


The face of the enterprise datacenter has changed dramatically in recent years. Business-critical applications, data confidentiality and the advent of digital products and services are among the driving forces behind today’s emerging data-center architectures. Sometimes it is easy to think about this change as transformation from 10G to 25G, 40G and 100G but actually it is more than that.

Although public cloud adoption is progressing rapidly, public offerings have not taken over a big piece of the enterprise pie. A recent Gartner research report indicates that less than 20% of total IT expenditure was allocated to public clouds in 2019. Bank of America’s CEO stated in late 2019 that the financial services corporation had saved $2 Billion per year by building its own cloud infrastructure. Aside from the dominant cost factors, some workloads must remain on-premise, due to regulatory and/or compliance reasons, while other legacy applications cannot be migrated to the cloud due to their nature/design. Breaking it all down, the prevailing approach of most enterprise leaders today, and most likely in the years to come is a hybrid-cloud strategy that typically involves a multi-tiered IT environment comprising both on-premises datacenter(s) and cloud service provider(s).

While hybrid clouds provide a cost-effective and agile solution, they also expose organizations to a cyber threat landscape that is broad and continuously changing, fast beyond what the guards can respond to with traditional security tools. Thus, a holistic approach is needed for enterprises to enhance their security postures and achieve robust and complete protection. Only solutions that protect all types of workloads, at any speed and against both current and future threats, can deliver the highest levels of security, integrity and reliability in the hybrid cloud era.

Micro-segmentation Emerges to Secure Hybrid Clouds

Micro-segmentation is an emerging datacenter and cloud security best practice that enables enforcement of fine-grained security policies for any network in a multi-, hybrid cloud environment. It provides many advantages over the traditional approaches of using VLANs for network segmentation and firewalls for application separation. Micro-segmentation uses software-defined controls, running on each node to provide individual workload isolation and protection reducing risks and simplifying security management. These advantages are key as enterprises adopt a hybrid cloud approach consisting of cloud services from one or multiple vendors while maintaining their own datacenters. The rise of cloud-native applications where microservices architectures and containers create new communication frameworks reinforce the need for elastic micro-segmentation implementation. Guardicore, a leader in the internal datacenter and cloud security realm , offers Centra, a comprehensive hybrid cloud security solution that delivers the simplest and most intuitive way to apply micro-segmentation controls to reduce the attack surface and detect and control breaches within east-west traffic.

Our network visualization providing flow and application-level monitoring, is both the basis for resilient micro-segmentation, and achievable through a variety of agent- and network-based techniques. However, there could be use cases when deploying agents is neither possible nor desired due to the nature of the application, identity of the workload owner and even intercompany organization challenges. Some application environments, like in high-frequency trading, are optimized for high-performance, low-latency transactions. In such use cases, even a minimal 3% impact renders the use of agents inefficient and thus, cannot be tolerated. Other businesses with a track record of failed agent deployment may be reluctant to try a different one. The result is a lack of visibility, which leaves enterprises with infrastructure silos where security policy enforcement cannot be applied.

So, here’s an idea: what if we could leverage the intelligent I/O processing units (IPU) from Mellanox to gain visibility into every workload, and enforce micro-segmentation without installing agents, impact performance or increase network latency?

Software-Defined Micro-segmentation Meets Hardware-Defined Isolation and Acceleration

The combination of Mellanox’s BlueField IPU-based SmartNICs with Guardicore Centra Security Platform creates a unique value proposition: No need to install agents on servers. No impact on server/application performance. A software-defined, hardware-native security policy enforcement at wire speed, fully isolated from the workload itself. The joint solution is ideally positioned to those environments in which deploying agents is not permitted:

  • HFT, latency-sensitive applications
  • Bare-metal clouds
  • Mainframe
  • Network-attached storage

Summary

We are excited to partner with Mellanox to deliver an agentless and high-performance micro-segmentation solution for hybrid cloud environments. This solution offering is the result of best-of-breed silicon capabilities, software IP and amazing engineering teams at our companies and is the first out of many innovative cyber security solutions we bring to market – stay tuned for more in 2020 and beyond!

Mellanox will be presenting our joint solution at the upcoming RSA Conference, February 24-27 in San Francisco, CA (North Hall #4525)

Guardicore’s booth is located few meters away – North Hall #4324

Learn more about agentless, high-performance micro-segmentation for securing hybrid cloud environments:

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA ImageChange Image

‹ Back to Guardicore Blog