Can you reduce your attack surface to zero?


As network changes take place faster and faster, attack surfaces grow at a corresponding pace, increasing business vulnerability.

It’s critical to:

  • Articulate the risks brought on by a large attack surface.
  • Visualize how radically software-based segmentation can reduce your attack surface.
  • Quantify the risk reduction so others across the business can understand the value of taking action.

But can you reduce your attack surface to zero? And what exactly are we talking about here when we reference the attack surface?

What is an application attack surface?

Application attack surfaces are the communications not restricted between endpoints in the network and an open port on one of the servers of the application in review. The bigger the attack surface, the more vulnerable your environment is. For example, a successful ransomware attack starts from an attacker leveraging the ability to (a): penetrate the network by leveraging non-monitored communication paths1 and (b): move laterally, targeting critical data or high privileged services and propagating ransomware across entire networks, before encrypting all they can (including your backups).

Reducing the attack surface by exposing only needed services/ports to the smallest group of clients is essential to stopping this type of attack from penetrating your network. A well micro-segmented network will prevent the attackers from moving laterally within the network, gaining growing control over more assets.

So, can you reduce your attack surface to zero?

Given all the issues that can be brought on by having a broad attack surface, it seems like the answer would be to shut the attack surface down. Wouldn’t it be awesome if you could completely eliminate your attack surface – reduce it to a big, fat zero?

Unfortunately, you can’t really reduce your attack surface to zero – unless you can:

  • Disconnect all communication paths between the internet and all of the servers in your network (including IoT devices).
  • Prevent anyone with access to your organization’s IT infrastructure (including network systems, laptops, virtual environments, databases, business applications, etc.) from uploading, downloading, opening emails, clicking on links, connecting their own devices, or making any changes to set configurations.
  • Hire only people who make zero mistakes, 100% of the time.

Assuming connectivity with the outside world is required and human errors are here to stay, how can you realistically protect your critical applications to ensure business continuity and growth? The answer is to reduce the attack surface to a minimum using software-based segmentation. Make sure the only open communication paths between an application’s servers/processes and other applications, users, or internet sources are allowed and monitored by your set policy.

Software-based segmentation brings instant visibility for attack surface reduction

Learn how Guardicore can help

How do I prove the value of attack surface reduction to management?

Even if you know the benefits of using software-based segmentation to reduce your attack surface, demonstrating the risk reduction value of segmentation to management can be a challenge. That’s where Guardicore’s Risk Reduction Assessment Report comes in.

The report enables security teams to visualize and understand their applications’ attack surface by seeing which other assets can communicate with the application’s servers. The report then provides a view of what the attack surface looks like once unnecessary communication paths are closed and the attack surface has been minimized.

The personalized report is based on a zero-impact process that enables Guardicore to analyze your own applications. There is no required software installation and we are at no point connected to your environment. The report is based on netstat type data we receive from the organization we work with on the report. The business requesting the report chooses which application and servers to collect data from.

There are a few ways to collect us the data:

  • Open-source data collector script
  • A Netflow file
  • A PCAP file containing packet network data
  • Guardicore agents (as part of a PoC process)

The result is a document that visually demonstrates:

  • The way software-based segmentation reduces the risks of a flat network.
  • The quantified value of segmentation in your own business environment.
  • The logic behind the generation of the graphs and numbers in the report.

How do I get a personalized report analyzing my business applications’ risk reduction potential?

Ready to try the Risk Reduction Assessment Report out for yourself? Sign up today to find out how much you can reduce your attack surface using Guardicore’s software-based segmentation solution.

Get Your Attack Surface Reduction Report

MEASURE RISK REDUCTION RESULTS

How does Guardicore Centra help reduce the accessibility of the attack surface?

Guardicore Centra’s software-based segmentation enables enterprises to reap the benefits of risk reduction while supporting agile DevOps and rapid application deployment. The solution delivers optimal security at a faster speed with greater security efficacy.

Guardicore’s micro-segmentation is performed at the workload level rather than at the infrastructure level. Therefore, it can be implemented consistently throughout a hybrid cloud infrastructure and it adapts seamlessly as environments change or workloads relocate.

Micro-segmentation lets security teams create granular policies that segment applications from one another and/or segment tiers within an application. As a result, companies can accomplish such goals as:

  • Slow or block attackers’ efforts to move laterally.
  • Create a security boundary around assets with compliance or regulatory requirements.
  • Enforce corporate security policies and best practices throughout the infrastructure.
  • Apply Zero Trust principles throughout the infrastructure, even as the business extends from the data center to one or more cloud platforms.

This focus on preventing lateral movement through in-depth governance of applications and flows reduces the available attack surface even as IT infrastructure grows and diversifies.

What can I do to kickstart my program?

Now that you understand the importance of reducing the accessibility of the attack surface, here are a few things you can do get started:

  1. Read more about attack surface reduction: Download the paper about how to demonstrate the importance of minimizing the attack surface.
  2. Get the attack surface reduction report: Sign up for your personalized report today.
  3. Receive a Guardicore demo: See how Guardicore’s software-based segmentation solution, Guardicore Centra, can help you today.

1 For example by using weak points such as internet-facing servers and remote-desktop logins or people unintentionally downloading malicious payloads

Guardicore Named One of 2020 Best Small and Medium Workplaces by Great Place to Work™ and FORTUNE

BOSTON and TEL AVIV, Israel, October 16, 2020 Guardicore, the segmentation company disrupting the legacy firewall market, today announced it was named one of the 2020 Best Small and Medium Workplaces by Great Place to Work™ and FORTUNE. The ranking is based on confidential survey feedback representing more than 189,000 employees working at small- and medium-sized businesses in the United States.

“At Guardicore, we pride ourselves on being a global team of innovators passionate about security, and hungry to make an impact,” said Pavel Gurvich, Co-Founder and CEO, Guardicore. “We’re changing the way organizations protect their data centers and clouds from advanced threats – and that starts with our people. Our culture is full of innovation, creativity and agility — and we are thrilled to be recognized on this year’s Best Workplaces list by Great Place to Work™ and FORTUNE.”

Guardicore is a segmentation company that provides its customers with a faster, more cost-effective alternative to traditional firewalls. The company has 5.0 star reviews on Glassdoor, due to its open and transparent communication style, opportunities for career growth, and competitive salaries. Some company perks include a robust benefits package, annual company kick-offs for all employees, and dog-friendly work environment — all which lead to the company’s high retention rates. 

“Best Workplaces like Guardicore have built dynamic, flexible, and transparent workplaces founded on trust,” said Michael C. Bush, CEO of Great Place to Work. “This gives companies on this list a powerful opportunity not just to do well for their people, but also to do well for their businesses.”

Great Place to Work, a global people analytics and company culture research firm, evaluated more than 60 elements of team members’ experience on the job. These included the extent to which employees trust leaders, the respect with which people are treated, the fairness of workplace decisions, and how much camaraderie there is among the team.  

The Best Small Workplaces and Best Medium Workplaces lists are part of a series of rankings by Great Place to Work and FORTUNE based on employee feedback from Great Place to Work-Certified™ organizations. 

To learn more about available career opportunities at Guardicore, please visit: https://www.guardicore.com/company/careers/ 


About Guardicore:
Guardicore is the segmentation company disrupting the legacy firewall market. Our software-only approach is decoupled from the physical network, providing a faster alternative to firewalls. Built for the agile enterprise, Guardicore offers greater security and visibility in the cloud, data-center and endpoint. For more information, please visit www.guardicore.com or go to Twitter or LinkedIn.


About the Best Small & Medium Workplaces
To determine the 2020 Best Small Workplaces list and the 2020 Best Medium Workplaces list, Great Place to Work® gathered and analyzed confidential survey feedback representing more than 189,000 employees working in small- and medium-sized businesses in the United States.  Employees responded to over 60 survey questions describing the extent to which their organization creates a great place to work For All™. 

Eighty-five percent of the evaluation is based on what employees say about their experiences of trust and reaching their full human potential as part of their organization, no matter who they are or what they do. Great Place to Work analyzes these experiences relative to each organization’s size, workforce make up, and what’s typical relative to their peers in the industry.  

The remaining 15 percent of the rank is based on assessing how consistent employees’ daily experiences of innovation, the company’s values, and their leaders’ effectiveness are.

To learn more about Great Place to Work-Certification and recognition on Best Workplaces lists published with Fortune, visit Greatplacetowork.com

About Great Place to Work
Great Place to Work® is the global authority on workplace culture. They help organizations quantify their culture and produce better business results by creating a high-trust work experience for all employees. Emprising®, their culture management platform, empowers leaders with the surveys, real-time reporting, and insights they need to make data-driven people decisions. They recognize Great Place to Work-Certified companies and the Best Workplacesin the U.S. and more than 60 countries, including the 100 Best Companies to Work For® list published annually in Fortune.

Learn more at greatplacetowork.com and join the community on LinkedIn, Twitter, and Instagram.

Media Contact:
Maryellen Sartori
Guardicore@famapr.com
617-986-5035

WarezTheRemote: Turning Remotes into Listening Devices

Guardicore Labs uncovers a sophisticated, multifunctional P2P botnet written in Golang and targeting SSH servers.

Guardicore Supports The New Data Center Architecture with NVIDIA BlueField-2 DPUs

We saw the early signs about two years ago: while everyone was talking about cloud migration and moving faster to the cloud, there were enterprises that increased their investments in the on-premises data center, and they continue to do so even in this current era.

Over the past months since the COVID-19 pandemic first entered our lives and work from home transitioned from being a tentative reality to a necessity, organizations are moving faster to the cloud, but there are still a lot of applications and workloads that must remain on premises. We write a lot about critical applications that still run on legacy Unix, old Windows operating systems, ancient Linux and other veteran OS that cannot be migrated to the cloud but while many may have assumed that soon enough enterprises will manage to migrate all workloads to the cloud, that is not the case.

As enterprises are embracing new technologies and cloud computing microservices architectures, there’s a shift inside the data center. Not every application can be migrated, and some applications explicitly should not be moved to the cloud. Some of the reasons are clear: there’s more need for speed, higher throughput, and lower latency. Some aspects are less visible: like how containers and container operating systems are installed and deployed, and overall cost of running highly complicated applications in the cloud. As an example, there are a growing number of instances of Kubernetes being deployed on bare-metal servers due to better performance and lower latency and reliance on hardware accelerators.

Coupled with more requirements for using AI and other machine learning algorithms, these developments are leading to faster adaptation of new hardware and software infrastructure like NVIDIA GPU accelerated computing at the edge, faster connectivity, bigger pipes and overall, faster, simplified and more agile computing.

The modern application runs inside the data center and within the edge. It has extensions to the cloud and must operate as a well-defined single unit under new architecture.

While networking architects were busy redesigning the data center, the security architects realized that the firewall as we know it is no longer adequate to protect the modern data center, and new technologies are necessary to enable the required level of security and risk mitigation. There are many limitations that prevent traditional firewalls and even newer firewall-as-a-service solutions from addressing their needs.

First and most obvious, firewalls can protect only the traffic that they can inspect. This means mostly North-South traffic. Now, imagine that you have hundreds or more servers running at 10, 40, 100 and even 200 Gbps. How can your firewall support that amount of traffic? TOR architecture to steer and redirect traffic is not relevant for this new design and can’t be used. Moreover, the existing policy management paradigms built for static designs are not suitable for this new architecture that supports a dynamic and fast-changing application environment.

There are many other limitations, each of which frankly deserves a blog of its own. But in the interim, we all should accept the fact that some aspects of the firewall market and some of its current deployment scenarios are about to change dramatically. The winds of change have begun to blow.

In contrast, software-defined segmentation allows companies to apply workload and process-level security controls to data center and cloud assets that have an explicit business purpose for communicating with each other. It is extremely effective at detecting and blocking lateral movement in data center, cloud, and hybrid-cloud environments.

And then DPUs and SmartNICs were invented.

Data processing units (or DPUs) are changing how and where data center security is performed. DPU-based SmartNICs fuel the new architectural redesign. It started with hyperscalers, large service providers and tier-1 cloud service providers (CSPs) that discovered the benefits of having a managed device that can free up expensive CPU cycles. They all like how SmartNICs are providing added-value services beyond core networking functionality. As a reminder here are some of its capabilities:

  • Offloading network functions
  • Providing security-related processing
  • Tcp offloading to dedicated engines that free up CPU cores
  • Improving networking performance
  • Providing cryptography capabilities like faster encryption

And there are even more security services like workload isolation, secure boot and protecting customers workloads from other tenants.

Partnering with NVIDIA, Guardicore pioneered the concept of using SmartNICs for micro-segmentation to enable the best of both worlds: accelerating performance and functionality while providing secure segmentation capabilities for the new data center.

Using Guardicore with NVIDIA BlueField-2 DPU will allow enterprise customers to embrace the new and cover the old with software-defined segmentation for hardware, providing a faster, more granular way for enterprises to protect their critical assets. Projects that in the past may have spanned many years can now be done in a matter of a few weeks with this new approach, quickly reducing risk and validating compliance.

Guardicore is working with NVIDIA to provide a solution that, just like your DevOps practices, is decoupled from any particular infrastructure, and is both automatable and auto-scalable. On top of this, it provides equal visibility and control across the board in a granular way, so that speed and innovation can thrive, with security an equal partner in the triangle of success.

We are also working with NVIDIA on new BlueField-2 DPU integrations to support the new data center architecture. Doing so with this integration we enable enterprise customers to accelerate their application, innovate faster and deliver competitive solutions to the market.