centra update guardicore ransomware hunt

New Updates to Guardicore Centra Boost Zero Trust Posture and Enhance Ransomware Protection

Share on facebook
Share on twitter
Share on linkedin

Guardicore Centra is a simple to use, fast to deploy Zero Trust segmentation solution that stops attackers from moving across your network by delivering granular enforcement, intuitive policy creation engine and breach detection capabilities. Guardicore recently introduced into its 40th major release capabilities that radically enhance its visualization, zero trust segmentation and ransomware mitigation capabilities.

Here are some of the highlights:

Enhanced Zero Trust offering

In addition to maintaining a leadership position in network and workload zero trust security, Guardicore is continually extending the network security fabric to devices in OT, IoT and additional environments, providing access management along with context of the device with no agent install required.

Extending Guardicore’s policy model to IoT & OT

The ideal way of getting visibility and enforcing policy is to use a host-based agent to report communications for each workload. However, there are cases where an agent cannot be installed such as in OT environments, IoT devices, legacy mainframes, medical devices etc.

iot ot internet of things cloud

To address this growing need for protecting IoT and OT environments, Guardicore has extended its policy model to include enforcement for devices where agents can not be installed, by integrating with 3rd party solutions. In addition, we have extended our orchestration capabilities and integrated with specialized CMDB and device identification solutions such as Armis and ORDR. 

Guardicore’s Collector now supports NetFlow, sFlow and IPFIX to deal with devices that can not take a software agent. Network administrators can configure their switches and flow aggregators like Gigamon, IXIA and many others to share telemetry and flow data using this Collector.  Security policies can then be created and converted into ACLs that switches understand natively and easily applied to these switches.

guardicore centra zero trust
Providing visibility and enforcement to OT & IoT environments

Enhancing ransomware protection

A successful ransomware attack can be devastating to any business. A Forrester report ‘’New Tech: Microsegmentation, Q3 2021’, published September 8 of this month, noted that “microsegmentation will slow down the propagation of future ransomware”. Several years ago, Guardicore pioneered the identity-based microsegmentation solution category and now has even more capabilities to ensure the fastest and simplest deployment of anti-ransomware strategies. 

Prevent initial infection at the edge

We recently introduced the DNS Security feature to provide immediate protection against ransomware. With DNS Security, any user’s DNS request is inspected and compared against a list of known malicious domains, including phishing and malware sites, CnC servers and more. In case of a match, the connection to the domain is blocked at the source. Blocking the connection at the source helps us break the ransomware killchain before it is able to infect the machine or move laterally across the network.

How to use: You can curate Block lists, use your own feeds, OR subscribe to Guardicore’s feed. 

Major use cases include: Organizations can block DNS requests to known malicious domains to prevent users from visiting dangerous sites or to stop malware from communicating with its CnC operator.

DNS Security benefits SOC teams. Monitoring your DNS traffic can be a rich source of data to your SOC team. Any blocked DNS is logged to Centra and can then be further analyzed.

guardicore centra
Centra’s Network Log showing a blocked DNS site by both IP and domain name

AI labeling for rapid network mapping

Our enhanced AI-based labeling capability provides administrators with label suggestions customized to the asset’s applications and roles. This capability is based on advanced algorithms that analyze asset traffic and meta data that is collected from the deployed applications and assign the labels that are most critical to your environment needs.

Managed threat hunting services

With today’s dynamic threat environment, threat hunting is becoming increasingly important for any company wishing to stay ahead of threats and swiftly respond to potential attacks. Guardicore Hunt, a new managed threat hunting service offering from Guardicore Labs, can help you detect threats that go undetected by standard defense solutions and better protect your organization. Read more about our Guardicore Hunt services. 

Here’s how the Guardicore Hunt team works:

guardicore hunt threat hunting

Ransomware response and recovery templates

Introduced 8 months ago, Guardcore’s ransomware recovery and response templates allow users to ring-fence critical applications, backups, file servers and databases, including all the necessary labels and rules required to achieve this.

ransomware template guardicore

Summary

These new improvements to Guardicore Centra make it the fastest and simplest solution to protect against ransomware and meet the needs of zero trust segmentation. The addition of agentless visibility and enforcement enables businesses to progress their zero trust initiatives to assets that would otherwise be left vulnerable. The addition of DNS security means a drastic reduction in the likelihood of threat actors being able to gain an initial foothold. Leveraging AI for labeling makes for a rapid path to segmentation, the most effective way to reduce the ability of adversaries to move laterally and ransomware to propagate. Finally, with the Guardicore Hunt, businesses can close the talent gap for the overwhelming number of businesses with an immediate need of expert threat hunters to root out existing threats and reduce the likelihood of future breaches. Learn more on how Guardicore helps businesses prevent and mitigate ransomware: https://www.guardicore.com/solutions/ransomware-prevention/.

From Guardicore's
Resource Center

Managed threat hunting delivered by Guardicore Labs
Synchronize and automate security across your entire network.
 

Subscribe To Our Newsletter

No spam, we promise. We’re only going to send you insights on how to reduce risk in your data center and clouds.

See Centra in Action

Reduce your attack surface and prevent lateral movement with fast and simple segmentation that works everywhere.

See Guardicore Centra in Action

Schedule a demo customized to your specific security needs