Guardicore - Detect, Protect, Collaborate

Detect, Protect, Collaborate

With today’s current threats, collaboration is mandatory. Guardicore believes that it’s important to integrate multiple solutions together; provide protection and at the same time strengthen our customers’ other defences.

Earlier this month we announced that Guardicore Centra™, our flagship product has been integrated with Check Point vSec Gateway to deliver our joint customers a coordinated solution to effectively respond to active and future data center breaches. We wanted to take this opportunity to explain how this integration works and show how it ties nicely with our greater vision of data center remediation.

Centra™ observes different security incidents across the data center, collected by its deception and visibility engines. The security intelligence generated from these incidents is transformed into indicators of compromise (IoCs) that are fed into other security components.

“Integrating Check Point vSec Virtual Gateways with IOCs generated by Guardicore enhances our comprehensive security platform. Now, our customers can quickly detect breaches and block future attacks by securing virtual machines (VMs) and applications”

Alon Kantor, Vice President, business development, Check Point

Centra™ exports over 10 types of IoCs tailored to the threats detected in your operating environment. Our IoCs are not generic by any means but rather matching threats detected in your environment. So, for instance, Network IoCs exported to Check Point helped starve a trojan found in a data center by blocking its specific C&C domains and IPs in real time at the perimeter.

The drawing below demonstrates the IoCs data flow: here is a specific incident analyzed by the Guardicore Semantic Analysis Engine. Based on the attacker operations (e.g. network activity, tools, persistency techniques etc.), the engine generates customized IoCs in the STIX™ format and exports them to different consumers, including Check Point vSec Gateway, SIEM server and Guardicore Mitigation Engine.

IOC
A schematic security intelligence flow

A partial list of IoC types Guardicore exports includes:

  • Network – IP or domain name of an attacker, C&C server, log server, etc.
  • VM – Compromised VM names in the data center
  • File – Malicious file SHA-256 used in current attacks across the data center
  • Service – Malicious operating system services created by attackers
  • User – User accounts added by attackers

So how do we integrate? We export our network IoCs directly to Check Point’s security management server over a secure channel, keeping their policy up-to-date with relevant information about the threats affecting the customer’s data center. After uploading our latest IoCs to the Check Point security gateway, its policy is updated automatically.

Providing data center remediation. Our advanced breach detection technology is an important first step in a much larger data center security vision. Our solution not only detects attackers but also responds to the breaches and remediates the data center in real time. A dropper, detected by Centra™, which installed a malicious malware will automatically be removed from the data center along with its peripherals, including every file and persistency method it used. Our mitigation engine will search for the specific attack IoCs across the data center and have it cleaned from any infected disk, service list, registry, etc.


Sharing Guardicore’s intelligence with security products around us is a natural step to achieve this vision. Sounds interesting? If you think we can compliment your security offering, email me at ofri@guardicore.com.

From Guardicore's
Resource Center

Using the Mitre ATT&CK framework, this webinar will dive into the adversarial techniques that precede and follow the deployment of ransomware itself.
After several unwieldy firewall control deployments, the team learned about the Guardicore Centra Security Platform and began internal discussions about the benefits and possibilities of next-generation segmentation.
 

Subscribe To Our Newsletter

No spam, we promise. We’re only going to send you insights on how to reduce risk in your data center and clouds.

See Centra in Action

Reduce your attack surface and prevent lateral movement with fast and simple segmentation that works everywhere.

See Guardicore Centra in Action

Schedule a demo customized to your specific security needs