Enhanced Visibility and Diagnosis
With the move to a virtualized, cloud-based infrastructure, Openlink’s security team was challenged by the need to gain highly granular visibility into application activity. A key feature of the Guardicore Centra Security Platform is the ability to visualize all workloads, flows and processes within a compute environment.
“Although we’re in the public cloud, we are not multi-tenant,” Lamberg explains. “We build a single-tenant environment for each of our clients. As a result, I need to have a full understanding of what’s going on horizontally within each client’s infrastructure. Lamberg cites two key use cases that leverage Guardicore. The first involves DevTest which provides clients with a test environment that enables them to quickly and easily spin up virtual machines to test Openlink’s application in various configurations before moving into production. In the event of an anomaly, Guardicore enables Lamberg’s team to quickly and clearly analyze the situation from a host perspective by providing visibility into all flow processes. “It may not necessarily be a security issue,” says Lamberg. “It may be a case of a design or configuration flaw or perhaps the client accidentally loaded some malware and suddenly I’m seeing a command and control connection attempting to go out. Guardicore gives me the ability to immediately isolate this anomaly and view it with unprecedented clarity.”
The second use case involving Guardicore is Openlink’s management of the clients’ supported production environment. “While our application is complex, it’s extremely deterministic,” says Lamberg. “So, I know all of the flows and processes that are supposed to be running on each of our servers supporting the client. This allows a baseline to be generated of their environment. In the event Guardicore notes a process or flow outside of the baseline, I’m immediately alerted.”
This ability to “triage and diagnose” problems very quickly is a core benefit of Guardicore, Lamberg points out. The appearance of an unknown process or flow — which would be exceedingly difficult, if not impossible, to isolate without a tool like Guardicore – could simply signal a problem with the software or something far worse. “It’s highly unlikely that anyone can get into our environment, but I need assurance that we have a proactive mechanism in place to deal with that kind of situation. Guardicore provides me that.”
Guardicore also caught Lamberg’s attention with its micro-segmentation capabilities, which allow security operators to set security policies around individual or groups of applications and processes. “Attacks typically occur in a lateral fashion these days,” he notes. “They get a foothold in one machine and laterally jump to others. Having appropriate controls on all your machines, and being able to monitor the interaction of those machines, is the only way you’re going to get ahead of that problem.” Should Openlink decide to implement micro-segmentation in the future, Lamberg believes Guardicore’s capabilities could put the company in a better position to do so successfully.
Partners in Protection
While Openlink is benefitting from Guardicore’s technology today, Lamberg also sees value in the ongoing working relationship with the people behind the solution. “I only do business with companies that are willing to partner,” he says. “I don’t just buy commoditized products. And Guardicore has been a terrific partner. They listen to our feedback and what we need, and they have continually refined the solution based on that.”
Because public clouds are by nature dynamic, Openlink counts on Guardicore to help ensure that the company is optimizing its environments as the cloud infrastructure evolves. “They understand that to solve problems, they’re going to have to work very closely with the cloud provider as well. Guardicore’s steady communication with Azure ensures they are staying on top of any changes that may impact how their product operates.”
As a result, Guardicore – the company and the solution – have become integral to Openlink’s mission to safeguard its clients’ critical assets in the public cloud. “I never want to get into a situation where I call a vendor about an issue, and they tell me, ‘Well, it’s a Microsoft issue, go talk to Azure.’ I’ve never heard that from Guardicore. They acknowledge that shared responsibility efforts are required to safeguard our clients’ most critical assets.”