What’s new in GuardiCore Centra R25

New in Release 25 is the File Integrity Monitoring (FIM) capability. FIM is designed to alert on any unauthorized modification of files. This method is widely used to detect breaches and achieve compliance with regulations such as PCI and HIPAA.
In addition, this release introduces several improvements to our Micro-Segmentation capabilities, enabling users to build and maintain policies even easier than before.
Finally, this release includes numerous quality improvements and general fixes. A full list of all changes can be found in the Release Notes page of the Administration Guide.

Version Highlights

Here’s a short taste of the changes in Release 25:

File Integrity Monitoring

Centra can now perform routine integrity checks to identify file alterations across cloud and data center environments, using its lightweight agent module.
FIM is low on CPU consumption and has no impact on performance. Centra R25 includes support for FIM in Linux. FIM for Windows and other OS is planned for future versions.

Set up FIM

To setup FIM, first identify the files you want to monitor for changes, and the assets (or, preferably, asset labels) that contain these files.
Then, create a FIM template indicating the files and services to be monitored:

Monitor File Changes

GuardiCore’s Linux agents will then monitor these files for changes, checking their contents once every 24 hours (configurable).
If a change is detected, a “bad integrity” incident will be created:

As with other incident types, this incident can be sent to your email/SIEM.

Reveal

Better policy management

Release 25 better reflects rules precedence and meaning. You can now view all rule types in on table through the Segmentation Policy view.

In addition, we’ve added some helpful tips and examples when adding new rules

Finally, by popular demand, you can now undo all your unpublished policy changes by clicking “Discard Changes” (as seen in the screenshot above).

Custom Alerts

We’ve talked to customers and understood that “Deny Rules”, introduced in previous releases, are actually used for two different things:

  1. “Custom Alerts” can be defined to get notifications when certain flows occur – for example, you might want to get alerts any time a database server talks to the internet.
  2. “Override Rules” can be added when you need to block specific traffic, even if your microsegmentation policy allows it. These rules take precedence above all other rules.

Release 25 addresses this by separating the two use cases – use them wisely!

Label Search

Have thousands of labels? Fear no more! One of our biggest advantages is our ability to create as many labels with any hierarchy that are suitable for both large and small organizations.
Now, our new filter bar in the labels view will help you find and manage them better.

REST API Documentation

We created new REST API documentation pages with better coverage and more examples. We liked it so much, that we put it in the GuardiCore Console itself. Take a look, maybe you’ll get some ideas for interesting automations to build around our APIs.

One more thing…

Over the last year, we’ve been seeing more and more organizations start using containers in staging and production environments, to facilitate more rapid, agile development.
As GuardiCore’s mission is to secure data centers, no matter on which workload or environment, we’ve been working on expanding our visibility, segmentation and breach detection capabilities to the container ecosystem. We are proud to make these capabilities available to interested customers as part of our Early Access program. Contact your Customer Success representative for more details.
Here’s a sneak preview of GuardiCore Reveal visualizing container-to-container traffic in an Openshift/Kubernetes environment:

Stay tuned for more exciting news in the upcoming releases.

Upgrading to Release 25

Contact your Customer Success representative for details on how to upgrade to Release 25.
We’re excited about delivering these exciting enhancements and would be glad to hear your feedback. Connect with us through our Slack channel, your sales representatives or email.