Guardicore at RSA: AI-Powered Segmentation, Cloud Native Security

Guardicore’s mission has always been about helping our users protect their critical assets everywhere. This week we’re announcing two new capabilities in our Centra Security Platform that further deliver on that mission: Support for cloud-native resources and AI-powered segmentation. Both capabilities are designed to help security architects segment their assets faster and protect their PaaS resources.

AI-Powered Segmentation 

Centra’s AI-powered segmentation reduces the time it takes to create a segmentation policy for a new or existing application by making it easier to label assets and create the matching rules for them. While we have always been providing an intuitive and simplified segmentation workflow, with our upcoming Centra 5.0 release we’re leveraging AI to automate and further simplify this process. 

Powered by Real Data 

Our AI-based algorithm is capable of ‘learning’ tens of thousands of applications and millions of flows, allowing us to provide: 1) tailored policy templates based on the customer’s assets and 2) automatic labels tailored to the customer’s environment. Automatic labeling is done by an analysis of an asset’s network flows. The fact that our network flows have context up to the process level allows us to provide accurate suggestions.

Introducing Guardicore Centra Policy Store

Guardicore Centra Policy Store

Our Policy Store offers out-of-the-box policy segmentation templates for known ‘household’ applications along with templates for common segmentation use cases. A partial list of household apps include Active Directory, Exchange, Splunk and even Windows operating systems. Common use cases currently include ringfencing, environment segmentation, whitelisting outbound flows etc.

To make it even simpler, we provide recommendations on which applications to segment first, based on our ability to ‘learn’ your environment. Our vision is to create a community around our Policy Store. By providing a flexible policy mechanism we’re hoping customers will upload their own templates to extend the power of the collective cloud. We’ve heard some great ideas for this community in RSA from people who are eager to start building and sharing their own templates. We’re looking forward to seeing the creative stuff our users come up with!

Automatic Labeling Suggestions

Guardicore Centra automatically discovers, scopes and provides recommendations for how to label an application which is typically the trickiest part of any segmentation project. Our auto labeling is based on network flows analysis down to the process level.

Guardicore Centra Auto-Labeling

Automatic Policy Recommendations

Recommendations for segmentation rules are provided based on known application behavior and a predefined set of policy templates for common applications. For example, for Active Directory users, Guardicore Centra will detect your Active Directory servers and then provide a predefined set of rules for securing them, requiring minimal intervention on your side.

Guardicore Centra Policy Rules Dashboard

Security for Cloud-Native Applications

Building on our broad security coverage across hybrid data center environments, we’re adding protection for cloud-native applications, including serverless computing and Platform as a Service (PaaS). This enables security teams to remove major blindspots in their environments and achieve the same deep level of visibility and control into their cloud-native applications with the Guardicore Centra Security Platform.

The Ever-Changing Datacenter Landscape Requires Security to Adapt

Cloud-native is rapidly becoming the new standard for quickly building and scaling new business applications and optimizing existing ones. Until now, providing adequate protection of PaaS services such as AWS S3, Azure SQL, and GCP Cloud Run has required standalone security tools to gain visibility into these resources and understand access patterns.  Guardicore has greatly simplified this by integrating cloud-native support into its Centra Security Platform, eliminating the need for processing data from multiple disparate resources. 

Superior Cloud-Native Visibility & Access Control

The Guardicore Centra Security Platform enables IT security teams to visualize access to PaaS services, providing a visual map of all interactions between those services, including end-to-end application flows.

Visualizing Session Flow across Cloud Native Resources

Under the Hood

We use multiple data collection methods for cloud-native applications, including cloud APIs, Guardicore agents, and code instrumentation mechanisms for serverless functions. This allows us to turn a collection of disparate logs into a single comprehensible map. We provide a single pane of glass to visualize all cloud resources in use, providing a way to apply a single access policy.

From Cloud Logs to Guardicore Centra Map

From Network Flows to Application Flows

We are able to provide our Centra customers the ability to map their cloud-native resources from the same console they’re using to manage other environments. Instead of trying to make sense of multiple cloud logs, our customers get a single map of their cloud application flows that is easy to understand and manage.

Connect with Us

We’ve gotten some great feedback from RSA visitors and are extremely excited to add these groundbreaking capabilities to make segmentation even easier and relevant to everyone. These features are in early availability for select customers today. If you have thoughts or feedback or if you want to see a demo, talk to us. 

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA ImageChange Image

‹ Back to Guardicore Blog