Centra Celebration

East West traffic at a glance

East West traffic at a glance

The first week of July provides a great opportunity to celebrate.

At GuardiCore we like to celebrate, especially with new releases and product achievements. Several weeks ago we started deploying the latest version of our flagship product Centra, with first controlled upgrades taking place for our SaaS customers. The new Centra 2.0 release 16 is loaded with great and many enhancements, including important Reveal features. For those of you who were unable to review the upgrade or read the entire release notes, here’s a very short list:

We introduced major enhancements to Reveal to better handle large data center scale flow analysis and advanced queries (check this cool video here).

Reveal now includes numerous new filtering methods to allow you to quickly get to what matters most: Detect applications, find anomalies or make sure that only allowed connections are made between servers. Reveal data center process level flows can be filtered by applications, asset names, port numbers, ESX folders, inbound and outbound Internet connections, user-defined labels and more.

Read more

Bait, Wait, Beat Ransomware

Attackers will always find a way to penetrate your perimeter defenses. If you are ‘lucky’ they will only steal the organization’s compute resources. In other cases, they will cause real damage, fast. Ransomware is becoming a big issue for too many organizations.

We’ve lately been approached by many of our users, asking how they can leverage the Centra security platform to fight ransomware. In this post we will talk about how our deception technology helps contain ransomware and minimize the inflicted damage.

Ransomware is dynamic in nature and changes frequently, making traditional security tools ineffective. Signature based solutions simply can’t keep track while more sophisticated heuristics based solutions can often be detected by the malware and evaded.

Read more

Micro-Segmentation, the right way.

Last week we attended the Check Point CPX2016 conference in Chicago. We talked to a lot of interesting people including network administrators, security team members & CISOs, each one with his or her own story and pain points. We’ve had fascinating conversations, about floating data centers, securing law firm applications and the usual woes of developers on security teams (and the other way around).

What’s New with Centra™ 2.0 Build 15

Two weeks ago we released the latest version of our flagship product Centra. For those of you who were unable to review the upgrade yet, here’s a short list of what it came with:

Detect, Protect, Collaborate

With today’s current threats, collaboration is mandatory. GuardiCore believes that it’s important to integrate multiple solutions together; provide protection and at the same time strengthen our customers’ other defences.

Earlier this month we announced that GuardiCore Centra™, our flagship product has been integrated with Check Point vSec Gateway to deliver our joint customers a coordinated solution to effectively respond to active and future data center breaches. We wanted to take this opportunity to explain how this integration works and show how it ties nicely with our greater vision of data center remediation.

Read more

Revealing GuardiCore Reveal™

For the last year or so, we’ve been hard at work building GuardiCore Reveal™, our Data Center Visibility platform. As we’ve officially released it earlier this week, I’m finally allowed to tell you all about it (and, yes, show off a bit!).

Avoiding the Train Wreck Waiting to Happen

In July 2015, following weeks of research, we identified a trend in ransomware attacks. The question we then posed was “Is it a possible scenario that ransomware campaigns become a significant threat to enterprises, and take control over large Data Centers?” You can read more about it in Misha’s blog regarding Data Center Ransomware. Unfortunately, less than a year later, our prophecy is becoming a reality. No, Israel’s power grid wasn’t hacked, but ransomware hit Israel’s Electric Authority.  NoLos Angeles County health department wasn’t closed but it was targeted in ransomware attackYes, other ransomware attacks are able to shut down the network and Data Centers, “forcing the hospital to return to pen and paper for its record-keeping”. Read more

Learning from NSA’s Master Hacker

“The big question you need to think about is if you have an intrusion somewhere in your network, can you then defend against this lateral movement?” – Rob Joyce, Chief of the TAO

Rob Joyce, head of the NSA’s Tailored Access Operations (TAO) elite division, recently spoke to a large audience at the Usenix Enigma security conference in San Francisco.  Joyce talked about TAO’s process for exploiting victim networks. This was the first public talk made by any member of the NSA’s  team which is considered among the best cyber-warfare intelligence gathering organization in the world.

Read more

Illegal Mining, the Cyber Version

Illegal mining is a serious problem in the real world. Lately, it has also become popular with cyber attackers who manage to mine digital currency through untargeted attacks. Untargeted attacks are a common problem, not as attention grabbing as APTs, but still responsible for a large percentage of attacks. In this post, using Guardicore’s Data Center Security Suite, we’ll take a look at yet another type of untargeted attacks, as we first reported with Alex.  Our attacker “galaden666” is a Ukrainian gamer who makes money by mining a new digital currency called Litecoins (a variant of Bitcoins) on compromised servers by stealing their CPU cycles.

To read more about our attacker and how we caught him, click here

Yup, We Can See It Coming

On December 17th, 2015 Juniper issued an advisory indicating that they had discovered unauthorized code in the ScreenOS software that powers their Netscreen firewalls. This advisory covered two distinct issues; a backdoor in the VPN implementation that allows a passive eavesdropper to decrypt traffic and a second backdoor that allows an attacker to bypass authentication in the SSH and Telnet daemons. There are speculations that the backdoor was installed by “State Sponsored” actors.  Shortly after Juniper posted the advisory, an employee of Fox-IT stated that they were able to identify the backdoor password in six hours. (So much for Government efficiency hiding their actions)

To read more, click here