Monkey See, Centra Do: How to Assess Your Zero Trust Status and Mitigate

Monkey emulates malicious user activity; Centra blocks with user identity policies

Zero Trust is a top concern for many companies in recent years but how do you get started with Zero Trust? How do you know what your Zero Trust status is and then act upon it? At Guardicore we wanted to help you assess your Zero Trust status and allow you to easily mitigate gaps. We do this by combining our Breach and Attack Simulation tool – the Guardicore Infection Monkey – with our flagship product Guardicore Centra that provides advanced firewall and segmentation capabilities.

With its newly added Zero Trust assessment capabilities, The Infection Monkey now tests networks against the Forrester ZTX (Zero Trust eXtended) framework and provides a Zero Trust Status Report with actionable data and recommendations to help you make Zero Trust decisions. Centra is then able to address some of the main issues raised by the Monkey’s report, mostly around data, networks, people and visibility components. In this post, we’ll walk you through the testing and mitigation of the ZTX People component.

How do the Guardicore Infection Monkey and Centra Work Together? 

 The idea is simple: We let the Infection Monkey scan your network and generate a Zero Trust Status Report indicating the areas that leave your company vulnerable to risk. Using Centra’s policy engine we suggest segmentation rules that mitigate the problems the Monkey has alerted on in its report. We then run the Infection Monkey again to verify that Centra has addressed the gaps indicated at the Monkey’s previous report.

Here’s the flow with the People component:

Monkey Centra ZT Workflow

“Monkey See” – and generates a report

Here is the Infection Monkey Zero Trust Status Report after it has scanned a sample network. To test the People component, the Monkey tried and successfully managed to create a new user that communicated with the internet. This means that the network’s policies were too permissive. Looks like everyone was able to go out to the Internet uninterruptedly here ????

Zero Trust Venn diagram with the People pillar marked in red

The failed test is indicated in red: 

Clicking the Events section in the Report provides more details:

Detailed Event log about the People test

“Centra Do” – and creates security policy 

Using Guardicore Centra’s user-based policies it is possible to control user access to datacenter and cloud resources. We do this by integrating with Active Directory security groups. Based on user memberships in those security groups, we allow users different access to different resources. This way users only access what they are entitled to. For example, this can help allow just the Billing users in your environment to access Billing resources and just the HR users to access their HR resources. See this video to learn more about Centra’s user-based rules. 

To mitigate the issue raised by the Monkey, we created 2 user-based rules in Centra. One that allows only the Developers user group to access the Internet and one that blocks all other users. Naturally, this can be applied to any other group of users.  

Centra segmentation rules that alert on unauthorized communication

Replaying the Scenario 

We ran the Monkey again after applying Centra’s user-based rules and this time the Monkey’s Zero Trust Status Report showed no security issues in the People component:  

Zero Trust Venn diagram with all pillars coloured green

Guardicore Centra Reveal map shows the unsanctioned user is now blocked when trying to access the Internet:

Centra’s Reveal map showing the blocked communication attempt

The log shows how the new user that previously managed to access the Internet is now blocked. 

How to Get Guardicore Infection Monkey and Centra Working Together In Your Environment

If you’d like to see how the Infection Monkey and Centra work together, contact us to Get a Demo. To download the Infection Monkey for Zero Trust, click here. If you would like to learn more about Centra and/or the Infection Monkey capabilities, Contact Us

From Guardicore's
Resource Center

Managed threat hunting delivered by Guardicore Labs
Synchronize and automate security across your entire network.

Subscribe To Our Newsletter

No spam, we promise. We’re only going to send you insights on how to reduce risk in your data center and clouds.

See Centra in Action

Reduce your attack surface and prevent lateral movement with fast and simple segmentation that works everywhere.

See Guardicore Centra in Action

Schedule a demo customized to your specific security needs