Posts

GuardiCore Integrates with AWS Security Hub

Today at re:Invent, Amazon revealed the AWS Security Hub, a security service that provides AWS cloud customers with a comprehensive view of their security state within AWS. GuardiCore has worked with AWS over the past weeks to provide support and integration to this service. While AWS provides some built-in security capabilities, customers require additional capabilities that can only be provided by third-party companies like GuardiCore.

Both GuardiCore Centra and Infection Monkey now integrate with the AWS Security Hub. This integration provides a lot of value to customers. Early feedback is extremely positive and AWS customers would find it interesting to test both integrations:

GuardiCore Centra Integration with AWS Security Hub

GuardiCore Centra, our flagship product, secures any cloud-private or public. Security Incidents will be forwarded to the AWS Security Hub and can be managed through the console or consumed by other security products.

Infection Monkey Integration with AWS Security Hub

The Infection Monkey is an open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement. Its integration with the AWS Security Hub allows anyone to verify and test the resilience of their AWS environment and correlate this information with the native security solutions and benchmark score.

Working on the integration was fun. Since both Centra and Infection Monkey have integration points and can run on AWS, adding reporting interfaces to the Security Hub was a straightforward task.

We believe that the AWS Security Hub represents a good approach, allowing for more shared security insights from more vendors in order to improve the overall security posture of your environment. It detects security findings and alerts generated by other AWS security services, other security solutions (like GuardiCore Centra and Infection Monkey) and aggregates those findings and alerts within each supported AWS region.

During the beta period the service provided integration with Amazon GuardDuty, Amazon Inspector, and Amazon Macie and added new capabilities by running CIS benchmark check for AWS workloads. We are looking forward to your feedback. Tell us- what do you think about the integration?

I Know What We Did Last Summer, You Should Too: See What’s New with GuardiCore Centra

As our CTO Ariel Zeitlin mentioned in his recent post , the GuardiCore field team has been very busy over the past several months working with some of the world’s largest corporations on different hybrid cloud security projects. More specifically, the GuardiCore Centra solution has been helping these large companies achieve greater visibility and assisting them in creating micro-segmentation policies.

At the same time, the GuardiCore product teams were busy developing the next wave of innovation for GuardiCore Centra. Some of our customers told us that the ability to quickly innovate and introduce new capabilities is one of our key differentiators as a company, and we take this feedback and the responsibility to push the boundaries of our technology seriously.

I have selected a couple of important highlights of the recent releases that I wanted to share with you, to give you a glimpse of the exciting progress we are making. The overview below is only partial. For the complete list of new release features and release content, please see the documentation on our customer portal (login required).

Of note – we are currently on release 28, and soon will EA release 29 and start the development of release 30. We are in continuous motion, upgrading, optimizing and pushing out the best improvements for our customers and if I may add a personal note – setting an example for the industry.

Reveal

GuardiCore Reveal provides visibility into application flows and processes. When visualizing assets, one can now perform asset grouping according to multiple, nested keys. This allows a much clearer view of large data centers and communication flows between environments, applications and roles. In addition, Centra now supports defining segmentation rules according to complicated logic of labels. Want to know more? Watch the demo to learn about Centra and visibility.

Some of the other recent enhancements include the following capabilities:

Nested Grouping

Users can now define map groupings that consist of multiple keys to form a nested map structure. For example, a user can define a default “Environment” → “Application” → “Role” grouping; Reveal maps will then show the different environments by default. When expanded, each environment will reveal its underlying applications, and correspondingly when an application is expanded, Reveal will show its underlying Roles.

3-tier GuardiCore Centra product update

 

AND Segmentation Rules

Segmentation rules now support specifying the result of a logic “AND” operation on label criteria as a rule’s source or destination. As in previous versions, users can get these suggestions directly from the Reveal map or enter them manually in the Segmentation Policy screen.
AND rules are directly related to nested groups. For example, when suggesting rules from the eCommerce application node in the Production environment, to the Data Processing application in the Production environment, the resulting rules will have a source of “Environment: Production AND Application: eCommerce” and a destination of “Environment: Production AND Application: Data Processing”.

One-Click Daily Maps

This new feature produces daily Reveal maps, generated automatically every 24 hours. Clicking “Explore” on the Reveal menu displays the most recent map by default. Maps are created once and are automatically updated based on your configuration.

Time estimation – We added a progress bar to indicate how long it takes the map to build. When you create a new map on an extended time frame (a week, a month etc’) or activate the Accurate connection times option on the Create New Map window, you will get an ETA indication on the Saved Maps page.

Tighter Process Level Policy Enforcement

To enable more granular and secure policies , we added the ability to explicitly specify the full path of the process as part of the Allow/Block rules. For example, when creating a policy for application “nginx”, Centra will suggest to allow /usr/local/nginx instead of  /tmp/nginx.

Cloud Native Visibility, More Multi-Cloud UI Controls

We simplified the way users activate multiple orchestration providers: AWS, vSphere and Kubernetes (K8s) simultaneously. Asset inventory and metadata will be continuously fetched from all defined orchestration providers.

We also added the ability to display orchestrations data from multiple sources for the same Kubernetes asset. All the data about a specific node is now collected both from the Kubernetes API and the compute providers’ APIs.

For GuardiCore customers who are using agentless, managed cloud solutions such as AWS, GCP and Azure, we provide a visibility and ‘soft’ enforcement solution with AWS inherent virtual private cloud (VPC) flow logs. VPC flow logs provide a way to inspect all the flows between all the different cloud assets within a given cloud network. Policy-wise this means that only alerts are supported without enforcement.

Private Threat Feeds Integrated into GuardiCore Reputation Services

Our users have asked us to enable them to use their own existing threat feeds (IoCs) with the GuardiCore Reputation Service. Now GuardiCore users can add their internal threat feed and enjoy the same rich visual incident experience as with all GuardiCore incidents. The IoC types that are supported are file and IP. The IoCs are uploaded in a JSON format to Centra REST API. Once uploaded, Centra will alert on the presence of these IoCs across the entire customer’s data center.

Shift Left on Security to Enable Secure and Rapid Digital Transformation

Rapid development and deployment can be a major competitive business advantage. This approach minimizes waste and cost, aligns business and IT teams, and allows companies to respond to real-time customer need and market trends. However exciting these opportunities are, it’s important to remember that dynamic and complex IT environments are creating increasing risk and threat, and reliability and security are a must have, not an optional extra.

Ensuring that rapid development and security protocols are not at odds should be a goal for any forward-focused business, especially during October’s cyber security Awareness Month. Shifting left on your security is becoming increasingly popular, but how can it be done?

Embracing the Shift Left Approach from a Security Standpoint

The idea behind the ‘shift-left’ approach for security is simple. Instead of first building a new product or service entirely, and then introducing security as a rubber stamp of approval at the end, you bring the security process in at an earlier point in the timeline, at the DevOps stage.

This has multiple benefits. From a business perspective, it’s a more cost-effective way to work on a new project. In fact, according to software development guru Steve McConnell, “violations are 10x to 20x less expensive to resolve during software development compared to at the production release step.”

The shift-left approach also ensures that areas such as reliability and compliance are considered at the earliest possible stage and can be part of the game plan from the start. As any security problems are discovered at the beginning, they are much easier to resolve, as they aren’t integral to the product yet. Troubleshooting security issues in advance means you can fix potential security violations before they become a reality.

Change the Way Security Fits Within your Business Structure and Company Culture

Without “shifting left,” when security is added as an afterthought, key stakeholders in development have historically seen security as a hurdle to get past, or a hoop to jump through. Often, security can stand in the way of a product or a service, making it more difficult to make quick decisions or streamline a process.

By moving security earlier on in the process, it can do the exact opposite – making it easier to say yes to new innovation and change. One example could be third-party code that would speed up development of a new product. Instead of being forced to build your own code from scratch to ensure security, automated processes could scan the code at the point of entry and ensure it is architecturally sound, working with DevOps teams to make their lives easier.

Going Further to Break Down Traditional Silos

Another method to increase the speed of deployment and its agility is to create a shared ownership over delivery of projects as well as a shared accountability for each other’s bottom lines. If development is responsible for secure code going out, and security is responsible for quick deployment, they suddenly have a shared goal they can work towards.

This change in mentality provides functionality and security in one for your business, with a seamless ability to feedback and improve. This is effective throughout a specific development cycle, and also as an overall posture of communication and collaboration for your company. Furthermore, this approach makes the security function less disruptive. It’s a quiet and constant part of the process rather than an addition that is seen to blow up the hard work of your development team at the very last stages.

What Does This Look Like in Action?

Embedding security into the application itself as part of the risk reduction process can be done in a number of ways. Let’s look at a practical example of implementing this methodology using GuardiCore Centra.

First, you will identify the applications and the connections it creates, either on staging or in the QA environment. You can then verify and analyze what the associated risks are.

Once the the GuardiCore agent is embedded into the workloads, you can then configure the security policy using our flexible policy engine. Workload specific, this can be implemented with a Zero Trust policy model. The policies are applied to the assets themselves, without the need to rely on IP addresses or any physical location, so wherever the application moves to, the policy follows.

The Benefits are Clear

Rapid digital transformation is essential for business success, and yet without security at its core – the risks are simply too great. Rather than allow security to continue to take a bolted-on role that is disparate from business process, we should be using tools such as Centra to enable security to shift-left and take an early and equal continuous role in development.

As CTO Ariel Zeitlin shared with his insights, the sooner you get started, the sooner you can enjoy the taste of your success

Detecting and Mitigating WannaCry and Its Copycats Using GuardiCore Centra Platform

Attack overview WannaCry and its copycat attacks work by exploiting the Microsoft Windows SMB Server critical vulnerability (MS17-010). Patched Windows machines are safe while any unpatched Windows machine is at risk. The WannaCry campaign threatens internet facing as well as internal networks, since a compromised laptop/server in the network will try to propagate and infect […]