Guardicore Recognized with 5-Star Rating in 2020 CRN® Partner Program Guide

Cloud and Data Center Security Innovator Receives Honor Third Year in a Row

Boston, Mass. and Tel Aviv, Israel – March 30, 2020Guardicore, a leader in internal data center and cloud security, has received a 5-Star Rating from CRN®, a brand of The Channel Company, in its 2020 Partner Program Guide. The 5-Star rating from CRN denotes Guardicore among elite technology suppliers in the IT channel, providing maximum value and support for solution providers. Guardicore was also recently recognized by CRN as one of the 100 Coolest Cloud Companies for 2020, acknowledging the executive leadership team and the innovative Guardicore Centra Security Platform.

The Channel Company’s research team analyzed each vendor’s partner program to determine the 2020 5-Star ratings. Each was scored based on several factors, including investments in program offerings, partner profitability, partner training, education and support, marketing programs and resources, sales support, and communication. John Ryan Head of Channels for North America at Guardicore commented, “We selectively partner with top notch organizations, who share our mission to provide technical expertise, streamlining our efforts to provide the best results for our partners. The partner program has been designed to focus on what enriches our partners the most; we enable them technically, we feed them qualified opportunities and we consistently support all of their needs.”

The award-winning Guardicore Partner Program was created to meet the unique needs of different partner types, including resellers, consultants, systems integrators, and managed security service providers interested in deploying the Guardicore Centra Security Platform. The program delivers significant benefits to its partners relative to cloud services. Guardicore provides a SaaS-based (cloud) delivery model that enables a cost-effective and highly scalable deployment model. Partners leverage this model to deliver an infrastructure-agnostic approach to security that extends across legacy, bare metal, private virtualized, public cloud and containers. Additionally, partners are able to leverage Guardicore’s cloud capabilities to deliver a wide range of cloud-based managed security services and cloud-centric professional services.
Guardicore’s Centra Security Platform is a comprehensive data center and cloud security solution that delivers the simplest and most intuitive way to apply micro-segmentation controls to reduce attack surface and detect and control breaches within east-west traffic. It provides deep visibility into application dependencies and flows and enforcement of network and individual process level policies to isolate and segment critical applications and infrastructure. Guardicore Centra’s AI-powered segmentation makes asset classification even easier and reduces the time and effort needed to apply a segmentation policy to new or existing applications.

About The Channel Company
The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

About Guardicore
Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

How to Stop Human and Computer Viruses In Their Tracks

Viruses of any type can spread frighteningly quickly. As we are seeing today with COVID-19, the impact that can have is both widespread and frightening. It’s especially difficult to stop the spread of viruses if you don’t already have the right structures and protocols in place.

While computer viruses don’t have life-changing effects, they can certainly have business-altering ones. Not only do they spread in similar ways to human viruses, but they also can be stopped by implementing similar measures to those we are using to halt the spread of coronavirus.

Test To Gain Visibility

Testing those people who evidence symptoms of a virus like COVID-19 gives you insight into the breadth, location, and volume of an outbreak. Similarly, gaining visibility into what is happening in your network environment enables you to manage your assets in general and to understand the what, where, and extent of issues when they occur.

Getting a clear view into what is happening on your network also empowers you to develop a fast and informed response. For instance, with NotPetya (targeted ransomware), those businesses that mapped all their SMB connections before they were compromised had a better chance of responding intelligently once they were under attack.

Quarantine / Segment

The more you can isolate infected people or applications, the faster you will be able to to limit the spread of any virus, including COVID-19. In cybersecurity, the equivalent of quarantine is segmentation.

Without a tool like Guardicore Centra, segmentation can be quite complex. Moreover, it’s difficult to implement once your systems are already infected. That’s where people who have already implemented Centra have the advantage: the better prepared a business is ahead of time, the faster a compromise can be halted.

Protect Vulnerable and Critical Resources

There is no doubt that some resources/people are more vulnerable to viruses’ effects than others. Those who have compromised immunity and the elderly in particular need to be careful.

In the cybersecurity world, the parallel is legacy systems, which can hold unknown vulnerabilities. They therefore need to be carefully protected (for instance, by ringfencing them), and, if possible, removed from any virus exposure.

Moreover, it makes sense to secure your critical resources with better protections as well. In the case of humans, this may include those running a company, medical personnel, or government officials. In the cybersecurity world there are also critical resources protecting your most sensitive data. With the right protocols in place, you can ensure their survival even under the most aggressive attack.

Using Guardicore Centra, you can quickly enforce policies when you need them, for swift protection of vulnerable and critical resources.

Implement Controls

Biological and computer viruses both often use known propagation methods. For example, viruses that attack humans often propagate through person-to-person contact. Therefore, sanitizers, hand washing, and no handshake policies are effective at slowing the spread.

Similarly, for NotPetya attacks, for instance, SMBs were the propagation paths and restricting SMB access to a bare minimum helped a lot. That’s why it’s key to be able to speedily apply the right type of policy at the right time, anywhere it’s needed. This will provide strong protections against current vulnerabilities as well as future attacks.

Use Common Sense

There really is nothing shocking about any of this advice. Most of it is common sense. Yet not every business (or person) follows these steps, and that’s when we all pay a price.

That said, if you apply these basic steps even when a virus isn’t active, you will be prepared to handle issues when they arise. Even during critical events, you will be prepared to swiftly deploy policies anywhere and keep your business – and communities – safe and running smoothly.

How To Protect Your Systems Against Critical SMB Vulnerabilities (CVE-2020-0796)

Microsoft has issued its latest set of cumulative updates for Windows for the month of March. There are a total of 117 vulnerabilities, 25 of which are rated critical.

One particular vulnerability stands out from the crowd: CVE-2020-0796. This is a critical vulnerability in the Server Message Block (SMB) protocol in new versions of Windows operating systems. This SMB vulnerability could cause a wide range of wormable attacks and potentially a new Eternal Blue. Without going into the gory details, a flaw in the new SMBv3 compression mechanism potentially allows an attacker to take down or take over a Windows system.

Potentially affected operating systems include:

  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)

Advisories on this CVE suggest patching your systems (which you should be doing regardless) as well as “Block TCP port 445 at the enterprise perimeter firewall,” which should be the case in any network. If you can’t patch your Windows system, you can manually disable the SMBv3 compression feature. That is the root of all evil in this case.

A powershell command to disable SMBv3 compression is:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Why Are SMB Vulnerabilities Problematic?

SMB vulnerabilities are not more common than any other Windows vulnerability. The SMB protocol is amazingly useful, but also one of the easiest ways to move laterally in an organization’s data center. All an attacker needs to do is gain access to one system in order to spread across the whole data center. In fact, the WannaCry campaign and EternalBlue vulnerability are great examples of how an SMB vulnerability can have a wide and crippling impact on organizations worldwide.

The question that many ask is, “How do SMB vulnerabilities still happen if we patch and deny all the SMB traffic from external networks?” Moving from theory to reality, we know that not 100% of hosts get patches. In fact, most companies are still struggling with this basic task today. In addition, networks are complex animals that can’t simply be wrangled by placing a box in an arbitrary location.

Moreover, the main reason for widespread damage in most SMB-related incidents we’ve encountered is the fact that hosts within the network can freely move laterally on any port (and specifically on 445 AKA SMB). There is no real justification for allowing this type of behavior inside the network. SMB inside the network should usually only be allowed to communicate with the DC and, in some cases, dedicated file share and backup services. In most cases, servers shouldn’t be communicating with one another over SMB.

So why not just deny the SMB traffic? The answer is that it’s hard for organizations that rely on legacy technologies like gateway firewalls. These tools only enforce traffic going between network zones, not what’s inside.

How Can SMB Vulnerabilities Be Stopped?

One of the first things we recommend to our customers is to improve their network hygiene by implementing basic best practices policies. For example, you can allow only DC, backup, and files SMB traffic. The rest of the traffic should be blocked, regardless of VLANS or network topology. More explicitly, you should deny lateral SMB traffic.

Guardicore Centra helps prevent SMB vulnerabilities by providing a simple and fast way to create and apply policies across the network. These policies allow only legitimate SMB traffic, while blocking the rest of the lateral movement between the hosts.

For example, see how this screenshot demonstrates how only legitimate SMB traffic is allowed within the network:

And here, Centra blocks the rest of the 445 traffic:

Conclusion

A simple common protocol like SMB can pose a great risk to the datacenter. However the risk of SMB vulnerabilities can be easily mitigated with three rules. Simply apply segmentation policies using a tool like Guardicore Centra to prevent lateral SMB traffic inside the datacenter.

Contact us to learn how to reduce your attack surface and prevent lateral movement with fast and simple segmentation that works everywhere.

Additional Resources

  1. Preventing SMB traffic from lateral connections and entering or leaving the network
  2. CVE-2020-0796

Secure and Cost-Efficient Work-From-Home at Scale

The outbreak of the coronavirus has created a new reality of work-from-home at scale. To cope with this, companies are required to quickly provide open access to a sizeable number of people holding varying roles and different access requirements. 

Learn More About User Identity Access Management

The result is an increased attack surface for the companies and greater risk to their business-critical applications. Protecting access to these applications can help reduce attack surface, prevent potential breaches from escalating and stop lateral movement early on.  And user identity access management can provide a fine-grained policy, identifying and enforcing exactly which users can access which applications. 

Remote Work – Security and Economic Challenges

Remote work introduces new identity assurance challenges. Companies need to make sure employees access only what they’re authorized to access. 

Aligned with the zero trust least privilege access principle, employees should only be able to access applications they need for their daily activities based on their role. This means, for example, ensuring that the SPLUNK teams connect to the SPLUNK servers only, while the Accounting teams connect only to their respective Accounting servers.

Cost is another key consideration. To handle the increased volume of remote workers, companies need to deploy more resources and increase the amount of servers used for VDI and Terminal Servers environments.

Strong User Identity Access Solution Leads to Cost Savings

To provide secure, least privilege access to users, security and network policies should be adapted to match user role and access permissions. 

Application segmentation is commonly used to make sure that users access only the applications they’re authorized to access and no more. Coupled with user identity access management, a solutions of the type Guardicore offers, it allows setting user-specific segmentation policies for each user connecting through VDI, terminal server or jumpbox. This way, each user on these shared resources is only able to access applications specific to his/her role.

This allows organizations to consolidate the use of their VDI or terminal servers while gaining significant savings, requiring no change to the infrastructure or downtime.

To allow each group of users (HR team, Billing team, etc.) access to their own application, Guardicore enforces a different network policy for each user based on their Active Directory group memberships. For example, when connecting remotely, HR team members will only be able to access HR servers and Billing team members will only be able to access their Billing servers. 

One Terminal Server, Different Access Policies

 

Cost reduction is another key benefit of using this user-based segmentation. 

Instead of a dedicated terminal server or VDI cluster per each user group, often required with traditional segmentation solutions, companies can consolidate the use of these servers for several groups of users, each with their own access policy. This way HR teams can only access HR servers, Billing teams can only access Billing servers etc’, while sharing the same infrastructure. 

 

Consolidated Use of Terminal Servers for Cost Reductions

“One of our Advisory Board customers told us that last year, they were able to cut costs on terminal servers by nearly 60 percent using Guardicore’s solution” said Lior Neudorfer, VP Product for Guardicore. “There was no longer a need for separate terminal servers for each client or contractor, which resulted in significant savings.”

Protect Your Critical Applications In Your Remote Workforce

If you would like to speak with one of our security experts about how to manage your application protection during times of change in your organization’s remote workforce, please contact us.

Learn More About User Identity Access Management

Guardicore Expands International Presence

Leader in Data Center and Cloud Security Extends Global Reach with Operations in India; Cybersecurity Industry Veteran Pratik Sharma to Lead Guardicore India

Tel Aviv, Israel – March 9, 2020Guardicore, a leader in internal data center and cloud security, today announced the expansion of global operations, with the establishment of Guardicore Pvt. Ltd. in Mumbai, India. Guardicore India will be headed by Regional Director Pratik Raj Sharma, a cybersecurity industry veteran and former Regional Sales Director, Check Point, West India. 

 

“With a growing global customer base which includes some of the largest companies in North America, Europe and Latin America, and a significant portion of top financial institutions around the world, including Banco Santander, we see India as a major focus market,”said Dror Salee, Co-Founder and Vice President, Asia Pacific at Guardicore. “We have evidence there is a great need for easy to use, flexible and scalable micro-segmentation solutions in data centers across India’s large and fast-growing economy. We are already engaged with some of India’s largest companies and will be hiring local pre-sales, customer success and professional services engineers to support rapid growth in the country.”

 

Establishing a market presence in India, Guardicore further expands its global footprint to address increased market demand for its comprehensive data center and cloud security solution  Guardicore Centra, delivering the simplest way to apply micro-segmentation controls that reduce attack surface and detect and control breaches within complex internal corporate networks. Guardicore will support this expanded international presence with a dedicated team based in Mumbai, addressing customer demand through a high-value global channel partner program aimed at delivering award-winning cloud security to customers throughout Asia Pacific.

 

Pratik Sharma Heads up Guardicore India Pvt. Ltd.

Based in Mumbai, Guardicore India Pvt. Ltd. Regional Director Pratik Raj Sharma will lead Guardicore India, providing strategic direction, and leading the development and expansion of new business opportunities. Pratik is a security industry veteran with more than 18 years of experience. Pratik had been with Check Point Software for over 11 years, holding positions of Security Consultant, System Engineering Director India and SAARC, and most recently Regional Sales Director for Check Point, West India. Pratik has a proven record of facilitating long term business relationships with both customers and industry luminaries.  His market and technology experience and expertise are assets that will complement and enhance Guardicore’s ability to meet the data center and cloud security needs of large companies in India’s growing economy. 


About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.