Your Business Is Evolving, 9 Keys to Secure Your Hybrid Cloud Environment

This is part 2 of a 2-part series examining how security requirements have changed for an evolving IT infrastructure.

In part I of this blog series, we discussed the changes in the way businesses and IT teams are executing and how security practitioners are being presented with a unique opportunity to align their tools and strategies with the direction the business is going.  In this post, we’ll review some of the strategies and tools that can be used to help secure your hybrid cloud environment and keep pace with the DevOps model.

Read more

Micro-Segmented Data Center Security

Guest blog by Edward Amoroso, Founder and CEO of TAG Cyber – he summarizes a recent discussion with GuardiCore on their approach to securing the modern data center.

I recently discovered Matt Butcher’s awesome Illustrated Children’s Guide to Kubernetes. Available in book, video, and blog form (https://deis.com/blog/2016/kubernetes-illustrated-guide/), the cartoon narrative starring a PHP app named Phippy is exactly what good cyber technology writing should be: Fun, simple, and informative. Even if you have no interest in Docker container orchestration, check out Matt’s work. You’ll like it.
Read more

Complying with the SWIFT Security Controls Framework May Be Harder Than You Think

In my previous blog I briefly explained the new SWIFT regulations framework that will come into force on January 1st, 2018. In this blog I will focus on what is required to meet the first SWIFT requirement: “Restrict Internet Access & Protect Critical Systems from General IT Environment”. I will also explain how GuardiCore can help in complying with these requirements faster, simpler and in a more robust and maintainable way.

Read more

Beware of SWIFT Customer Security Controls Framework

In March 2017 SWIFT published its new Customer Security Controls Framework to the community. This is the first time SWIFT is publishing such security guidance and they announced that they will start auditing compliance with those requirements from January 2018, leaving SWIFT users (roughly any financial institution in the world) only a few months to take action. Organizations that are are found to be non-compliant will be published in a specific directory letting all other users of SWIFT to know that this counterpart maybe not safe to do business with. In practice this means that any respectable financial institution will have to do the effort to comply with the new regulations.

Read more

Your Business Is Evolving, Don’t Let Your Security Strategy Be Left Behind

The way businesses and IT teams are executing today has dramatically changed and will only continue to do so.   More and more organizations are embracing DevOps, Infrastructure as a Service (IaaS) and application-centric practices.  The goal of these changes is to enable IT teams to dramatically accelerate and more effectively adapt and respond to their organization’s business needs.

Read more

Highlights from Black Hat & DEFCON

I spent the last week at the “Hacker Summer Camp” of Black Hat and DEFCON. Besides meeting people and enjoying the dual craziness of the DEFCON crowd and the Black Hat business hall, we also gave a well received lecture – Escalating Insider Threats using VMWare’s API. Ofri Ziv, Head of GuardiCore labs, presented a […]

Escalating Insider Threats Using VMware’s API

Overview VMware vSphere is the most widely used virtualization platform for on-premises data centers. Similarly to other virtualization platforms, it basically relies on host servers running guest machines. These hosts and guest machines can be managed using administration interfaces such as vSphere API and VIX API. The GuardiCore Labs team has discovered a vulnerability in […]

Top 5 Things to See and Do During Black Hat 2017

From the horrors of ransomware, panic over election hacking, stolen emails to very interesting things like WannaCry andPetya/NotPetya/Nyetya/Goldeneye, it’s been a red-letter year in the world of cybersecurity. At Black Hat 2016 we introduced the Infection Monkey, free, open source pen test tool to educate the world on lateral movement.  Lateral movement is how hackers […]