What’s new in GuardiCore Centra Release 26

Release 26 introduces a major new capability – Saved Reveal Maps. Saved Maps allows users to build, save, share and revisit their most commonly used Reveal maps.
In addition, this release introduces Role Based Access Control (RBAC) capabilities that allow administrators to assign specific permissions to users; these users can only view Reveal data and incidents related to their defined scope.
Finally, this release improves our Kubernetes coverage, adds the CEF format to our syslog exporting capabilities, and fixes numerous issues and bugs.
As always, a full list of improvements can be found in the complete Release Notes page of the administration guide.

Version Highlights

Here’s a short taste of the changes in Release 26:

Saved Reveal Maps

Saved Maps is a new Reveal feature which allows users to create, save and revisit Reveal maps of their choice. This may include maps of specific applications, entire data centers, a specific asset, or any other combination of filters (ports, IPs and more). By using Saved Maps, users can accelerate everyday activities:

  • Micro-segmentation policy creation can be facilitated by saving a specific application’s map across a long time period and reusing it during the process.
  • For incident response and forensic analysis, users can create maps of the affected assets and share them with various teams in the organization.
  • To address compliance and audit requirements, users can generate and share maps of sensitive environments to whitelist their incoming and outgoing flows.

To create your first map, visit the ‘Explore’ page and click ‘Create New Map’ on the top left Maps dropdown. Build your desired map by selecting the time range, filters (you can choose ‘Unfiltered’ to see all assets), and whether you want to include process and timestamp information in your map. Then, click the ‘Create’ button – the progress status will appear, and once the map is created it will show up on screen. You can always return to this map by selecting it from the Maps dropdown on the top left part of the Explore view.

In addition, all your saved maps appear in the “Saved Maps” view. You can search, share and delete maps from this screen.

Role Based Access Control (RBAC)

Over the past few months we’ve had many of our customers -mainly service providers and large enterprises – asking for a role based security feature that will allow them to assign permissions to applications based on user roles. In release 26, we added role-based access control that allows administrators to assign different permissions such as full Control, View All, See Reveal Maps etc to selected labels or to the entire data center.

An application owner might be allowed to view all data pertaining to their application (with all other applications hidden) while a site owner might be allowed to access only Reveal maps pertaining to their environment. In 26, we’re focusing on scoping access to Reveal maps and incidents views.  To enable this feature, from System select ‘User Permissions Schemes’, add a title for the new Scheme, select labels and assign permissions of your choice, whether it’s global permissions to all assets or scoped access to incidents, Reveal Maps, or view permissions to neighboring assets details.

Container Support

As of release 26, Centra provides process level visibility and control of containerized workloads. Security teams can view communication flows down to the process-level within container pods and deploy granular micro-segmentation policies to protect and control communication flows against application attacks and misconfigurations. In addition, Centra provides the ability to detect threats within individual containers and, in the event a container is compromised, quarantine it and prevent the spread of the attack. Some of this release main capabilities include:

  • Process level micro-segmentation for VM to pod and pod to pod traffic
  • Native Kubernetes metadata orchestration with the ability to use native labels in segmentation rules
  • Reputation analysis of containerized processes and the ability to quarantine individual containers to prevent an attack from spreading

Support for Common Event Format (CEF)

Requested by customers with SIEM solutions, starting with release 26 it is possible to export all system events in CEF format over syslog. The Common Event Format (CEF) is a log management standard that was created to promote the interoperability of devices and apps that generate events or log files. CEF can be readily adopted by vendors of both security and non-security devices. The standard defines the syntax for individual log records. Every major SIEM vendor such as Splunk, QRadar and others accepts CEF formatted events.
Activate CEF from the Syslog Integration screen.