What’s New with Centra™ 2.0 Build 15

Two weeks ago we released the latest version of our flagship product Centra. For those of you who were unable to review the upgrade yet, here’s a short list of what it came with:

Detect, Protect, Collaborate

With today’s current threats, collaboration is mandatory. GuardiCore believes that it’s important to integrate multiple solutions together; provide protection and at the same time strengthen our customers’ other defences.

Earlier this month we announced that GuardiCore Centra™, our flagship product has been integrated with Check Point vSec Gateway to deliver our joint customers a coordinated solution to effectively respond to active and future data center breaches. We wanted to take this opportunity to explain how this integration works and show how it ties nicely with our greater vision of data center remediation.

Read more

Revealing GuardiCore Reveal™

For the last year or so, we’ve been hard at work building GuardiCore Reveal™, our Data Center Visibility platform. As we’ve officially released it earlier this week, I’m finally allowed to tell you all about it (and, yes, show off a bit!).

Avoiding the Train Wreck Waiting to Happen

In July 2015, following weeks of research, we identified a trend in ransomware attacks. The question we then posed was “Is it a possible scenario that ransomware campaigns become a significant threat to enterprises, and take control over large Data Centers?” You can read more about it in Misha’s blog regarding Data Center Ransomware. Unfortunately, less than a year later, our prophecy is becoming a reality. No, Israel’s power grid wasn’t hacked, but ransomware hit Israel’s Electric Authority.  NoLos Angeles County health department wasn’t closed but it was targeted in ransomware attackYes, other ransomware attacks are able to shut down the network and Data Centers, “forcing the hospital to return to pen and paper for its record-keeping”. Read more

Learning from NSA’s Master Hacker

“The big question you need to think about is if you have an intrusion somewhere in your network, can you then defend against this lateral movement?” – Rob Joyce, Chief of the TAO

Rob Joyce, head of the NSA’s Tailored Access Operations (TAO) elite division, recently spoke to a large audience at the Usenix Enigma security conference in San Francisco.  Joyce talked about TAO’s process for exploiting victim networks. This was the first public talk made by any member of the NSA’s  team which is considered among the best cyber-warfare intelligence gathering organization in the world.

Read more

Illegal Mining, the Cyber Version

Illegal mining is a serious problem in the real world. Lately, it has also become popular with cyber attackers who manage to mine digital currency through untargeted attacks. Untargeted attacks are a common problem, not as attention grabbing as APTs, but still responsible for a large percentage of attacks. In this post, using Guardicore’s Data Center Security Suite, we’ll take a look at yet another type of untargeted attacks, as we first reported with Alex.  Our attacker “galaden666” is a Ukrainian gamer who makes money by mining a new digital currency called Litecoins (a variant of Bitcoins) on compromised servers by stealing their CPU cycles.

To read more about our attacker and how we caught him, click here

Yup, We Can See It Coming

On December 17th, 2015 Juniper issued an advisory indicating that they had discovered unauthorized code in the ScreenOS software that powers their Netscreen firewalls. This advisory covered two distinct issues; a backdoor in the VPN implementation that allows a passive eavesdropper to decrypt traffic and a second backdoor that allows an attacker to bypass authentication in the SSH and Telnet daemons. There are speculations that the backdoor was installed by “State Sponsored” actors.  Shortly after Juniper posted the advisory, an employee of Fox-IT stated that they were able to identify the backdoor password in six hours. (So much for Government efficiency hiding their actions)

To read more, click here

Pay No Attention to the Man Behind the Curtain!

How do you detect a security breach inside your network? How do you collect the necessary intelligence to protect your assets properly? Sun Tzu, author of The Art of War, said that convincing your opponents to unveil their identity without knowing that they are being watched is one of the most important keys to winning a war. Attack deception is one of the best techniques to make attackers unveil their identity and gain valuable intelligence. While it is not new, advanced attack deception methods take advantage of Sun Tzu’s strategy.

Read more

Caught red handed – Alex

Opportunistic hackers are far from the limelight these days but they still exist and can cause large amounts of damage if they manage to break into your systems. We’ve recently observed our Data Center Security Suite catch such a hacker, an “Alex” from Romania who has kindly enough supplied his own name and private domain for publicity.

Read more

5 Key Takeaways from VMworld Barcelona

So, VMworld Europe just concluded last week and certainly there was a lot to talk about, from hybrid clouds, VMware’s acquisition of Boxer, Dell’s acquisition of EMC and how this affects VMware (it doesn’t according to Dell CEO Michael Dell), VMware CEO Pat Gelsinger’s keynote where he highlighted the five imperatives of the digital business and also called out of some enterprises for lack of agility (“Elephants must learn to dance”) and of course, security, which seemed to be integrated into almost every topic at the event.

Read more