Posts

Guardicore Now Available in the Microsoft Azure Marketplace

Microsoft Azure customers worldwide now gain access to the Guardicore Centra security platform to take advantage of the scalability, reliability, and agility of Azure to drive application development and shape business strategies

Boston, Mass. and Tel Aviv, Israel – October 8, 2019 – Guardicore, a leader in internal data center and cloud security, today announced the availability of its Guardicore Centra security platform in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. Guardicore customers can now take advantage of the scalability, high availability, and security of Azure, with streamlined deployment and management.

Guardicore Centra helps accelerate security migration from an on-premises data center to Azure. Additionally, it supports hybrid clouds and can protect legacy applications for those customers that prefer to keep such applications in their traditional data centers while migrating other applications to Azure. The Guardicore Centra security platform is also among the first cloud and data center micro-segmentation solutions in the market to achieve Microsoft IP Co-Sell status. This designation recognizes that Guardicore has demonstrated proven technology and deep expertise that helps customers achieve their cloud security goals.

“By implementing Guardicore Centra, combined with the range of powerful tools from Microsoft Azure, customers are able to gain the highest level of visibility and implement micro-segmentation for enhanced security. And they can do it faster and more effectively than traditional firewall technology with our simple-to-deploy overlay that can go to the cloud, stay on-premise, or do both at the same time,” said Pavel Gurvich, CEO and cofounder, Guardicore. “Achieving this status demonstrates our commitment to the Microsoft partner ecosystem and our ability to deliver innovative solutions that help forward-thinking enterprise customers to secure their business-critical applications and data quickly, reduce the cost and burden of compliance, and secure cloud adoption.”

Sajan Parihar, Senior Director, Microsoft Azure Platform at Microsoft Corp said, “We’re pleased to welcome Guardicore and the Guardicore Centra security platform to the Microsoft Azure Marketplace, which gives our partners great exposure to cloud customers around the globe. Azure Marketplace offers world-class quality experiences from global trusted partners with solutions tested to work seamlessly with Azure.”

The Azure Marketplace is an online market for buying and selling cloud solutions certified to run on Azure. The Azure Marketplace helps connect companies seeking innovative, cloud-based solutions with partners who have developed solutions that are ready to use.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Trials and Tribulations – A Practical Look at the Challenges of Azure Security Groups and Flow Logs

Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. While Next-Generation firewalls protect and segment applications on premises’ perimeter (mostly), AWS, Azure, and GCP do not mirror this in the cloud. Segmenting applications using Cloud Security Groups is done in a restricted manner, supporting only layer 4 traffic, ports and IPs. This means that to benefit from application-aware security capabilities with your cloud applications you will need an additional set of controls which is not available with the built-in functionality of Cloud Security Groups.

The basic function that Cloud Security Groups should provide is network separation, so they can be best compared to what VLANs provides on premises, Access Control Lists on switches and endpoint FWs. Unfortunately, like VLANs, ACLs and endpoint FWs, Cloud Security Groups come with similar ailments and limitations. This makes using them complex, expensive and ultimately ineffective for modern networks that are hybrid and require adequate segmentation. To create application aware policies, and micro-segment an application, you need to visualize application dependencies, which Cloud Security Groups do not support. Furthermore, if your application dependencies cross regions within the same cloud provider or between clouds and on premises, application security groups are ineffective by design. We will touch on this topic in upcoming posts.

In today’s post we will focus on a specific scenario and use case that is common to most organizations, discussing Cloud Security Groups and flow logs limitations within a specific vNet, and illustrating what Guardicore’s value is in this scenario.

Experiment: Simulate a SWIFT Application Migration to Azure

Let’s look at the details from an experiment performed by one of our customers during a simulation of a SWIFT application migration to Azure.

Our customer used a subscription in Azure, in the Southern region of Brazil. Within the subscription, there is a Virtual Network (vNet). The vNet includes a Subnet 10.0.2.0/24 with various application servers that serve different roles.

This customer attempted to simulate the migration of their SWIFT application to Azure given the subscription above. General segmentation rules for their migrated SWIFT application were set using both NSGs (Network Security Groups) & ASGs (Application Security Groups). These were used to administrate and control network traffic within the virtual network (vNet) and specifically to segment this application.

Let’s review the difference:

  • An NSG is the Azure resource that is used to enforce and control the network traffic. NSGs control access by permitting or denying network traffic. All traffic entering or leaving your Azure network can be processed via an NSG.
  • An ASG is an object reference within a Network Security Group. ASGs are used within an NSG to apply a network security rule to a specific workload or group of VMs. An ASG is a “network object,” and explicit IP addresses are added to this object. This provides the capability to group VMs into associated groups or workloads.

The lab setup:
The cloud setup in this experiment included a single vNet, with a single Subnet, which has its own Network Security Group (NSG) assigned.

ASGs

  • Notice that they are all contained within the same Resource Group, and belong to the Location of the vNet (Brazil South).

NSGs:

The following NSG rules were in place for the simulated migrated SWIFT Application:

  • Load Balancers to Web Servers, over specific ports, allow.
  • Web Servers to Databases, over specific ports, allow.
  • Deny all else between SWIFT servers.

The problem:

A SWIFT application team member in charge of the simulation project called the cloud security team telling them a critical backup operation had stopped working on the migrated application, and he suspects the connection is blocked. The cloud network team, at this point, had to verify the root cause of the problem, partially through process of elimination, out of several possible options:

  1. The application team member was wrong, it’s not a policy issue but a configuration issue within the application.
  2. The ASGs are misconfigured while NSGs are configured correctly.
  3. The ASGs are configured correctly but the NSGs are misconfigured or missing a rule.

The cloud team began the process of elimination. They used Azure flow logs to try to detect the possible blocked connections. The following is an example of such a log:

Using the Microsoft Azure Log Analytics platform, the cloud team sifted through the data, with no success. They were searching for a blocked connection that could potentially be the backup process. The blocked connection was non-detectable. The cloud team members therefore dismissed the issue as a misconfiguration in the application.

The SWIFT team member insisted it was not an application issue and several days passed with no solution, all while the SWIFT backup operation kept failing. In a live environment, this stalemate would have been a catastrophe, with team members likely working around the clock to find the blocked connection, or prove misconfiguration in the application itself. In many cases an incident like this would lead to removing the security policy for the sake of business continuity as millions of dollars are at stake daily.

After many debates and an escalation of the incident, it was decided- based on the Protect team’s recommendation- to leverage Guardicore Centra in the Azure cloud environment to help with the investigation and migration simulation project.

Using Guardicore Centra, the team used Reveal to filter for all failed connections related to the SWIFT application. This immediately revealed an attempted failed connection, between the SWIFT load balancer and the SWIFT databases. The connection failed due to missing allow security groups. There was no NSG in place to allow SWIFT LBs to talk to SWIFT DBs in the policy.

The filters in Reveal

 

Discovering the process

Guardicore was able to provide visibility down to the process level for further context and identification of the failed backup process.

Application Context is a Necessity

The reason the flow logs were inadequate to detect the connection was that IPs were constantly changing as the application scaled up and down and the migration simulation project moved forward. Throughout this, the teams had no context of when the backup operation was supposed to occur or what servers initiated these attempted connections, therefore the search came up empty handed. They were searching for what they thought would reveal the failed connections. As flow logs are limited to IPs and ports, they were unable to search based on application context.

The cloud team decided to use Guardicore Centra to manage the migration and segmentation of the SWIFT application simulation for ease of management and ease of maintenance. Additionally, they added process and user context to the rules for more granular security and testing. Guardicore Centra enabled comparing the on-premises application deployment with the cloud setup to make sure all configurations were in place.

The team then went on to use Guardicore Centra to simulate the SWIFT policy over real SWIFT traffic. Making sure they are not blocking additional critical services, and will not inadvertently block these in the future.

 

Guardicore Centra provided the cloud security team with:

  • Visibility and speed to detect the relevant blocked flows
  • Process and user context to identify the failed operation as the backup operation
  • Ability to receive real-time alerts on any policy violation
  • Applying process level rules & user level rules required for the critical SWIFT Application
  • Simulation and testing capabilities to simulate the policies over real application traffic before blocking

All of these features are not available in Azure. These limitations cause serious implications, such as the backup operation failure and no ability to adequately investigate and resolve the issue.

Furthermore, as part of general environment hygiene, our customer attempted to add several rules to govern the whole vNet, blocking Telnet and insecure FTP. For Telnet, our customer could add a block rule in Azure on port 23; For FTP, an issue was raised. FTP can communicate over high range ports that many other applications will need to use, how could it be blocked? Using Guardicore, a simple block rule over the ftpd process was put in place with no port restriction, immediately blocking any insecure ftp communication at process level regardless of the ports used.

Visibility is key to any successful application migration project. Understanding your application dependencies is a critical step, enabling setting up the application successfully in the cloud. Guardicore Centra provides rich context for each connection, powerful filtering capabilities, flexible timeframes and more. We collect all the flows, show successful, failed, and blocked connections, and store historical data, not just short windows of it, to be able to support many use cases. These include troubleshooting, forensics, compliance and of course, segmentation. This enables us to help our customers migrate to the cloud 30x faster and achieve their segmentation and application migration goals across any infrastructure.

Ophir Harpaz of Guardicore Wins Rising Star Leadership Award from SC Media

Boston, Mass. and Tel Aviv, Israel – September 23, 2019 – Guardicore, a leader in internal data center and cloud security, today announced that Ophir Harpaz, Security Researcher, Guardicore has been named a winner in the third-annual SC Media Reboot Leadership Awards, earning the distinction in the Rising Star category. A total of 50 honorees were revealed as part of a special editorial section published today at SC Magazine.

“Ophir represents the very best of what it means to be a contributing member of the information security community. Her curiosity leads her forward daily to uncover the most dangerous tools and techniques employed by today’s adversaries, and to share her findings through blog posts, workshops and talks. She is passionate about leveraging her position to elevate and educate young women and her fellow researchers and dedicates her time freely to pass on all she has already learned,” said Ofri Ziv, Vice President of Research, Guardicore and Head of Guardicore Labs. “We applaud her for her achievements and look forward to her continued success.”

The Reboot Leadership Awards are an adjunct to SC Media’s annual Reboot coverage that takes place each December when SC Media recognizes the best and brightest cybersecurity luminaries and organizations. The Reboot Leadership Awards are offered similar accolades. The winners are honored with a special section on SC Media’s website and in their December Reboot edition.

The contenders who were nominated faced a thorough judging process conducted by SC Media’s editorial team. This included a review of their professional backgrounds, references and work undertaken to benefit the wider industry, as well as any other research deemed necessary. Winners were chosen based on their outstanding service, qualifications and advancements in the cybersecurity industry.

“There were no shortage of quality nominations this year as we reviewed the various candidates for our coveted Reboot Awards,” said Teri Robinson, executive editor, SC Media. “However, after a thorough evaluation process, it was clear that Ophir truly distinguished herself through her valuable contributions and industry influence.”

Ophir is becoming one of the world’s foremost experts in cybercrime research, preventing millions of dollars of damage for some of the world’s most valuable companies. Most recently, she has led research on the Nansh0u crypto mining and Smominru botnet campaigns, as well as took part in the development of Guardicore’s publicly available Cyber Threat Intelligence threat feed. She is also an active member of Baot, a community for women in software development and research positions in the Israeli high tech industry, and dedicates copious time to education and contribute to the world. She is a true believer in the information security world being a community. As part of that approach, she runs the website begin.re, a popular resource for learning reverse engineering, and regularly shares insights from her daily life in cybersecurity via social media. In fact, Ophir was selected by Sentinel One as one of 21 Twitter profiles worth following and by Cybersecurity Ventures’ Cybercrime Magazine as one of the industry’s recommended list of women to follow on Twitter.

About SC Media

SC Media is cybersecurity. They’ve lived it for over 30 years, sharing industry expert guidance and insight, in-depth features, timely news and independent product reviews in various content forms in partnership with and for top-level information security executives and their technical teams. SC Media arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies. They deliver breaking news, comprehensive analysis, cutting-edge features, contributions from thought leaders, and the best, most extensive collection of product reviews in the business. Whether through their comprehensive website, magazine, in-depth ebooks, newsletters, or regularly scheduled digital and live events, such as their SC Awards program and their RiskSec conference, their readers gain all the relevant information they need to safeguard their organizations and, ultimately, contribute to their longevity and success.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Guardicore’s Infection Monkey Becomes the Industry’s First Zero Trust Assessment Tool

Open Source Infection Monkey Provides Enterprise Leaders the Ability to Examine Adherence to Zero Trust Security Posture and Prescribe Recommendations for Faster Zero Trust Adoption

Boston, Mass. and Tel Aviv, Israel – September 12, 2019 – Guardicore, a leader in internal data center and cloud security, today unveiled new capabilities for its Infection Monkey that make it the industry’s first Zero Trust assessment tool. Added features extend the functionality of the already successful Infection Monkey, a free, open source breach and attack simulation tool used by thousands to demonstrate and analyze their environments against lateral movement and attacks.  The latest version of Infection Monkey enables both enterprise security leaders and network engineers to determine how their environments perform against a Zero Trust security posture on their path to overall Zero Trust adoption. Infection Monkey now provides security and network infrastructure teams the ability to easily and accurately examine an enterprise’s adherence to key components of the Zero Trust framework as established by Forrester with detailed explanations of security gaps and prescriptive instructions on how to rectify them. Guardicore will preview the Zero Trust capabilities of Infection Monkey with attendees of the Forrester Security & Risk Forum in National Harbor, MD this week.

“A concept first developed by Forrester Research nearly a decade ago, the Zero Trust approach to information security is gaining momentum and driving strategic technical alignment and implementations toward a process focused on building security from the inside out,” said Pavel Gurvich, Co-founder and CEO, Guardicore. “Yet many organizations are still unsure of how to move from theory to deployment and apply the principles of Zero Trust in their environment. Infection Monkey is the first tool of its kind that allows organizations to safely and easily test their environment’s Zero Trust posture and generate specific recommendations to accelerate and enhance Zero Trust adoption and ensure continued adherence. ” 

Infection Monkey with Zero Trust Assessment

Infection Monkey enables cybersecurity and infrastructure architects to operationalize Zero Trust by accurately examining an enterprise’s adherence to the pillars of Zero Trust, including detailed explanations of where the enterprise falls short, and instructions on how to address these shortcomings. Easy to deploy and run, Infection Monkey tests implementation of the Zero Trust framework by attempting to communicate with machines residing in different segments of the enterprise network, demonstrating policy violations, and generating test results with actionable recommendations for remediation.With prescriptive reporting that can be easily implemented without any additional staff or education, Infection Monkey offers security leaders the ability to illustrate enterprise Zero Trust posture against the Forrester framework with an easy to understand red, yellow, green color scheme. Like previous versions of Infection Monkey, the latest version runs on bare metal, VMWare, other hypervisors, AWS, Azure, Google, and private clouds.

Availability & Contributions

Developed by Guardicore Labs Infection Monkey is an open source breach and attack simulation tool for securely and automatically testing the resiliency of private and public cloud environments. Guardicore Infection Monkey source code is currently available from the GitHub repository. Added capabilities for Zero Trust assessment and deployments for the AWS Marketplace, Microsoft Azure Marketplace and Google Cloud Platform Marketplace will be available for download at the end of the quarter. Infection Monkey is available for Linux, Windows, AWS, Azure, Google Cloud Platform, VMWare and Docker environments. For questions, suggestions and guidance join the Infection Monkey community.

Infection Monkey is open source, developed on GitHub under the GPLv3 license. 

Guardicore Labs

Guardicore Labs is a global research team, consisting of hackers, cybersecurity researchers and industry experts. Its mission is to deliver cutting-edge cyber security research, lead and participate in academic research and provide analysis, insights and response methodologies to the latest cyber threats. Guardicore Labs helps Guardicore customers and the security community to continually enhance their security posture and protect critical business applications and infrastructure.

Creators of Infection Monkey, a popular open-source network resiliency test tool, Guardicore Labs’ high-profile threat discoveries include Nansh0u advanced crypto-mining attack,  the Hexmen multiple attack campaigns targeting database services, the Bondnet botnet used to mine different cryptocurrencies, and a privilege escalation vulnerability in VMWare. Guardicore Labs also hosts Cyber Threat Intelligence (CTI), a freely available threat intelligence portal to assist security teams in identifying and investigating malicious IP addresses and domains in data centers. To learn more visit Guardicore Labs.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Securing a Hybrid Data Center – Strategies and Best Practices

Today’s data centers exist in a hybrid reality. They often include on-premises infrastructure such as Bare Metal or Virtual Machines, as well as both Public and Private cloud. At the same time, most businesses have legacy systems that they need to support. Even as you embrace cutting-edge infrastructure like containers and microservices, your legacy systems aren’t going anywhere, and it’s probably not even on your near future road-map to replace them. As a result, your security strategy needs to be suitable across a hybrid ecosystem, which is not as simple as it sounds.

The Top Issues with Securing a Hybrid Data Center

Many businesses attempt to use traditional security tools to manage a hybrid data center, and quickly run into problems.

Here are the most common problems that companies encounter when traditional tools are used to secure a modern, hybrid data center:

  • Keeping up with the pace of change: Business moves fast, and traditional security tools such as legacy firewalls, ACLs, VLANs and cloud security groups are ineffectual. This is because these solutions are made for one specific underlying infrastructure. VLANs will work well for on premises – but fall short when it comes to cloud and container infrastructure. Cloud security groups work for the cloud, but won’t support additional cloud providers or on premises. If you want to migrate, security will seriously affect the speed and flexibility of your move, slowing down the whole process – and probably negating the reasons you chose cloud to begin with.
  • Management overhead: Incorporating different solutions for different infrastructure is nothing short of a headache. You’ll need to hire more staff, including experts in each area. A cross-platform security strategy that incorporates everyone’s field of expertise is costly, complex, and prone to bottlenecks because of the traditional ‘too many cooks’ issue.
  • No visibility: Your business will also need to think about compliance. This could involve an entirely different solution and staff member dedicated to compliance and visibility. Without granular insight into your entire ecosystem, it’s impossible to pass an audit. VLANs for example offer no visibility into application dependencies, a major requirement for audit-compliance. When businesses use VLANs, compliance therefore becomes an additional headache.
  • Insufficient control: Today’s security solutions need Layer 7 control, with granularity that can look at user identity, FQDN (fully qualified domain names), command lines and more. Existing solutions rely on IPs and ports, which are insufficient to say the least.
    Take cloud security groups for example, which for many has become the standard technology for segmenting applications, the same way as they would on-premises. However, on the cloud this solution stops at Layer 4 traffic, ports and IPs. For application-aware security on AWS, you will need to add another set of controls. In a dynamic data center, security needs to be decoupled from the IPs themselves, allowing for migration of machines. Smart security uses an abstraction level, enabling the policy to follow the workload, rather than the IP.
  • Lack of automation: In a live hybrid cloud data center, automation is essential. Without automation as standard, for example using VLANs, changes can take weeks or even months. Manually implementing rules can result in the downtime of critical systems, as well as multiple lengthy changes in IPs, configurations of routers, and more.

Hybrid Data Center Security Strategies that Meet These Issues Head-On

The first essential item on your checklist should be infrastructure-agnostic security. Centralized management means one policy approach across everything, from modern and legacy technology on-premises to both public and private cloud. Distributed enforcement decouples the security from the IP or any underlying infrastructure – allowing policy to follow the workload, however it moves or changes. Security policy becomes an enabler of migration and change, automatically moving with the assets themselves.

The most effective hybrid cloud solutions will be software-based, able to integrate with any other existing software solution, including ansible, chef, puppet, SCCM, and more. This will also make deployment fast and seamless, with implementation taking hours rather than days. At Guardicore, our customers often express surprise when we request three hours to install our solution for a POC, as competitors have asked for three days!

The ease of use should continue after the initial deployment. An automated, readable visualization of your entire ecosystem makes issues like compliance entirely straightforward, and provides an intuitive and knowledgeable map that is the foundation to policy creation. Coupling this with a flexible labeling system means that any stakeholder can view the map of your infrastructure, and immediately understand what they are looking at.

These factors allow you to implement micro-segmentation in a highly effective way, with granular control down to the process level. In comparison to traditional security tools, Guardicore can secure and micro-segment an application in just weeks, while for one customer it had taken 9 months to do the same task using VLANs.

What Makes Guardicore Unique When it Comes to Hybrid Data Center Security Strategies?

For Guardicore, it all starts with the map. We collect all the flows, rather than just a sample, and allow you to access all your securely stored historical data rather than only snap-shotting small windows in time. This allows us to support more use cases for our customers, from making compliance simple to troubleshooting a slowdown or forensic investigation into a breach. We also use contextual analysis on all application dependencies and traffic, using orchestration data, as well as the process, user, FQDN and command line of all traffic. We can enable results, whatever use case you’re looking to meet.

Guardicore is also known for our flexibility, providing a grouping and labeling process that lets you see your data center the way you talk about it, using your own labels rather than pre-defined ones superimposed on you by a vendor, and Key:Value formats instead of tags. This makes it much easier to create the right policies for your environment, and use the map to see a hierarchical view of your entire business structure, with context that makes sense to you. Taking this a step further into policy creation, your rules methodology can be a composite of whitelisting and blacklisting, giving less risk of inflexibility and complexity in your data center, and even allowing security rules that are not connected to segmentation use cases. In contrast, competitors use white-list only approaches with fixed labels and tiers.

Fast & Simple Segmentation with Guardicore

Your hybrid data center security strategies should enable speed and flexibility, not stand in your way. First, ensure that your solution supports any environment. Next, gain as much visibility as possible, including context. Use this to glean all data in an intuitive way, without gaps, before creating flexible policies that focus on your key objectives – regardless of the underlying infrastructure.

Interested in learning more about implementing a hybrid cloud center security solution?

Download our white paper

Guardicore Partners with Mellanox to Deliver Agentless and High-Performance Micro-Segmentation in Data Centers

Combination of Guardicore Centra Security Platform with Mellanox’s BlueField SmartNICs Enables Organizations to Combine the Benefits of Hardware Acceleration, Micro-segmentation and Advanced Networking at Wire Speed

Boston, Mass. and Tel Aviv, Israel – September 5, 2019 – Guardicore, a leader in internal data center and cloud security, today announced that it has partnered with Mellanox Technologies, Ltd. (NASDAQ: MLNX), a leading supplier of high-performance, end-to-end smart interconnect solutions for data center servers and storage systems, to deliver the first agentless and high-performance, low latency micro-segmentation solution for high speed 10G-100G networks. The solution leverages both the Guardicore Centra security platform and Mellanox BlueField SmartNIC solutions to provide customers with hardware-embedded micro-segmentation security. This integration allows customers using BlueField SmartNICs to support micro-segmentation requirements for high speed networks or when other agent-based solutions cannot be used. The new solution is fully integrated and managed centrally by Guardicore Centra.

“The exponential growth of the global datasphere is fueling demand for data centers that can keep pace with the speed, scale and security necessary to support digitally driven business,” said Pavel Gurvich, CEO and Co-founder, Guardicore. “We have long been committed to applying micro-segmentation techniques to help enterprise security teams cost-effectively reduce risk and limit the attack surface inside the data center without impacting performance. Partnering with Mellanox to offer an integrated solution is a natural extension of the many use cases we already support and allows us to address another set of specific customer requirements to protect data in high-speed, complex environments.”

“The first agentless and high-performance micro-segmentation solution in the IT security industry, the combination of Guardicore Centra and BlueField enables ease of deployment and operations in both new and existing environments,” said Ariel Levanon, VP Cyber Security, Mellanox Technologies. “The combined Guardicore and Mellanox solution enables enhanced visibility and policy enforcement without installing agents on compute nodes. Agents are integrated into the BlueField SmartNIC in a manner fully isolated from the application workload, while also complying with strict regulations and embracing DevOps automation. As a high-speed SmartNIC, BlueField delivers unmatched performance that enforces micro-segmentation policies in 100Gb/s networks at full wire speed.”

Unleash The Full Potential of Micro-segmentation

The joint Guardicore-Mellanox solution addresses the challenges faced by enterprises seeking to gain visibility and to protect application workloads in high-speed networks where it is not possible or practical to deploy and operate agents across their infrastructures, such as in cases of high-frequency trading, multi-tenant hosting with cloud providers, or management of third-party appliances. The solution runs on the Mellanox BlueField SmartNIC, considered a computer on its own, and not on the enterprise infrastructure. It uses hardware offload to support high-speed and low-latency requirements. Deploying Guardicore technology on BlueField provides protection without compromising either the host or the compliance regulations in any way. Additionally, running the Guardicore solution integrated on BlueField delivers unmatched enforcement performance – allowing or blocking traffic at wire speed and without any impact to server performance. The solution gives enterprises the freedom to deploy Guardicore on every workload in any environment and at any scale, including private, public and hybrid cloud instances, while supporting the following deployment options:

  • Agentless with BlueField SmartNIC – fully isolated from the host
  • Hybrid – agent running on the compute node while taking advantage of the BlueField SmartNIC for hardware acceleration
  • Native – the agent runs directly on the compute node on the host operating system or in a guest VM/container, which is the traditional type of deployment for microservices.

The best choice of deployment options varies based on the environment and type of workloads, etc., for every enterprise. BlueField is perfectly positioned for bare-metal and Kubernetes deployments; running agents on the SmartNIC removes the need to deploy and maintain agents in these environments, enabling enterprise DevOps automation. BlueField also enhances the out-of-box experience for enterprises as they roll out microservices across their infrastructures, delivering improved agility, resiliency and business continuity.

Resources

Please join our Guardicore and Mellanox experts on September 10 at 9:00 a.m. ET for a webinar to learn how Mellanox BlueField SmartNICs unleash the full potential of micro-segmentation. Topics addressed will include agentless micro-segmentation, security enforcement in hardware at full wire-speed, and full isolation. Register here to attend this session.

Availability

The joint Guardicore-Mellanox solution is available immediately from both vendors’ network of value-added resellers.

About Mellanox

Mellanox Technologies (NASDAQ: MLNX) is a leading supplier of end-to-end Ethernet and InfiniBand smart interconnect solutions and services for servers and storage. Mellanox interconnect solutions increase data center efficiency by providing the highest throughput and lowest latency, delivering data faster to applications, unlocking system performance and improving data security. Mellanox offers a choice of fast interconnect products: adapters, switches, software and silicon that accelerate application performance and maximize business results for a wide range of markets including cloud and hyperscale, high performance computing, artificial intelligence, enterprise data centers, cyber security, storage, financial services and more.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

What Makes a Business Successful? Celebrating the Culture of Guardicore

Culture is what takes good businesses and makes them successful organizations. Of course you need to have great technology, which we have. We also pride ourselves on addressing a clear need for our customers, which has given us the financial stability to expand. Once you have this foundation, your culture is what is going to add the special spark and engage your team. With it, your business becomes a well-oiled machine, and without it – even a great product with a strong market fit can fail.

One important part of managing growth and global expansion for Guardicore is to keep our finger on the pulse of the organization. For us, this means making sure that the strong and unique culture that we created when we were a small company starting out, remains an integral part of our organization, even as we expand. Not only does this keep our employees happy, it also speaks to our customers, making more businesses want to choose us as their security partner, creating relationships that resonate more than the competition.

We recently ran a global internal survey of our staff, asking for anonymous feedback. Our intention was to highlight the areas in which we’re doing well, and to better understand how we can improve, both as an organization and as an employer. As a part of this survey, we looked at both satisfaction and engagement.

Satisfaction vs Engagement: What’s the Difference?

For us, satisfaction means how happy our employees are at Guardicore. This could include the work environment, how interesting each employee finds their work, , their compensation, and more. An employee’s level of engagement derives from their level of satisfaction, and this refers to how connected our staff feel to Guardicore. How much will they go the extra mile for the company and for its customers? The level of engagement is heavily reliant on the culture.

The results from the survey were extremely high, which showed us that our staff know that we’re on their side, looking to take their feedback into consideration. The results helped us to see that our staff have a high level of satisfaction at work, and gave us some fantastic guidance on where we can support them further by making improvements. However, the level of engagement our employees experience was even higher. It was clear from the results that our team feel incredibly engaged.

As I believe that engagement levels are connected intrinsically to culture, identifying this culture is very important. As we grow and expand, what is the unique make-up of our culture which we need to hold on to and how can we do this?

Culture is Where the Magic Happens

If I were to summarize the Guardicore culture in four words, I would say Fun, Straightforward, Caring, and Smart. This is our ethos, but it is not written on posters. It is most strongly represented by our people. When we’re hiring new people, we look for candidates who check these boxes, people who you can learn from, but who you also love spending time with. People who are trustworthy and straightforward, and who care about their work and the people who they see every day. If candidates walk into an interview and they are fantastic at what they do professionally, but don’t seem to care, or don’t have a spark of fun – they aren’t likely to be the right choice for the position.

Cultivating this Culture at Guardicore

The level of engagement we achieve is a lot about how we support our employees in connecting with one another. Of course, we organize team bonding days, corporate events and at-work initiatives, such as volunteering day. As well as this though, we’ve seen that get-togethers are organized externally, and led by the employees themselves.

As our staff love spending time together, they arrange activities outside of working hours. We have a soccer team that was put together by our staff, a band – Layer 7, and spontaneous board game evenings that employees arrange and initiate. Our teams make plans to go out after work for drinks, or get together on the weekends for beach days and outings. We’ve found that when you recruit like-minded people, and bring together individuals who don’t just work together, but have the potential to form friendships too, the effects on engagement, productivity and success are clear to see.

Understanding the Effect of Engagement

This work culture is the magic ingredient that creates engagement in our staff. Because we’re building friendships, and not just co-working relationships, we have found that our staff is a lot more willing to go above and beyond for one another. This isn’t connected to a financial reward, or the promise of any incentives. It truly comes from a place of caring, and liking one another.

This has a powerful effect on our customers, who have a better experience working with us because we’re a cohesive team filled with people who really care. It also affects the employees themselves, because this company-wide culture means that no one is ‘just another member of staff.’ From the toast when we take on a new customer, to the long tables in the dining room where everyone eats together regardless of department or job title, the inclusive nature of Guardicore means that we’re always working with friends.

Company culture is often a product of the people who work there. The original team at Guardicore, who created the company and have been here since the very first weeks and months of the organization, are smart, fun, straightforward and caring. They hired more of the same type of people, and it’s grown from there and continues to be built around this personality. We are now 160 people strong, building the organization with these core principles at heart. The challenge we have is to keep this culture as we grow.

Does it sound like the Guardicore magic culture would be a great fit for you?

Take a look at
our open positions
and get in touch if you see something that sparks your interest!

Guardicore Selected as Finalist in Black Unicorn Awards for 2019

Guardicore Named One of the Top 30 Finalists for Cybersecurity Companies

Boston, Mass. and Tel Aviv, Israel – July 22, 2019 – Guardicore, a leader in internal data center and cloud security, today announced that is has been named a finalist in the Black Unicorn Awards for 2019, sponsored by Cyber Defense Magazine. Founded in Tel Aviv in 2013 Guardicore is a global company with more than 150 employees, a worldwide network of more than 50 partners and $110 million in venture funding from Battery Ventures, 83North, TPG, Qumra Capital and Deutsche Telecom Capital Partners and Partech.

Guardicore recognizes that traditional perimeter defenses are ineffective at reducing the attack surface, maintaining compliance or deploying granular policies quickly and at scale, in today’s dynamic, heterogeneous hybrid environments. Guardicore protects modern enterprise networks by constantly engaging with customers to understand their challenges in hybrid data centers and providing micro-segmentation to define security policies.

As one of thirty finalists, Guardicore is competing against many of the industry’s leading providers of cybersecurity products and services for this prestigious award. The term “Black Unicorn” signifies a cybersecurity company that has the potential to reach a $1 billion dollar market value as determined by private or public investment (Source) and these awards showcase those companies with this kind of incredible potential in the cybersecurity marketplace. Ten winners will be announced on August 7, 2019 by Cyber Defense Magazine.

“It’s exciting to see Guardicore making it into the finalist round among other cybersecurity industry leaders in our first annual Black Unicorn awards,” said Judges Robert Herjavec of Herjavec GroupDavid DeWalt of Night Dragon and Gary Miliefsky of Cyber Defense Media Group. Learn more about the judges at: Black Unicorn Awards 2019.

“We are honored to be recognized as a finalist for this prestigious award as Guardicore continues to expand research areas to identify and prevent threats before they impact the enterprise organizations that put their trust in our hands,” said Pavel Gurvich, CEO and co-founder of Guardicore. “We will continue to provide a simple and flexible solution to meet the current and future needs of the modern enterprise,” added Gurvich.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Guardicore’s Insights from Security Field Day 2019

We had such a great time speaking at Security Field Day recently, presenting the changes to our product since our last visit, and hearing from delegates about what issues concern them in micro-segmentation technology.

The last time we were at Field Day was four years ago, and our product was in an entirely different place. The technology and vision have evolved since then. Of course, we’re still learning as we innovate, with the help of our customers who continually come up with new use cases and challenges to meet.

For those who missed our talk, here’s a look at some of what we discussed, and a brief recap of a few interesting and challenging questions that came up on the day.

Simplicity and Visibility First

At Guardicore, we know that ease of use is the foundation to widespread adoption of a new technology for any business. When we get into discussions with each enterprise, customer, or team, we see clearly that they have their own issues or road map to address. As there is no such thing as the ultimate or only use case for micro-segmentation, we can start with the customer in mind. Our product can support any flavor, any need. Just as examples, some of the most popular use cases include separation of environments such as Dev/Prod, ring fencing critical assets, micro-segmenting digital crown jewels, compliance or least privilege and more general IT hygiene like vulnerable port protocols.

To make these use cases into reality, organizations need deep visibility to understand what’s going on in the data center from a human lens. It’s important to have flexible labeling so that you can physically see your data center with the same language that you use to speak about it. We also enhance this by allowing users to see a particular view based on their need or their role within the company. A compliance officer would have a different use for the map than the CTO, or a developer in DevSecOps for example. In addition, organizations need to enforce both blacklist and whitelist policy models for intuitive threat prevention and response. Our customers benefit from our cutting edge visibility tool, Reveal, which is completely customizable and checks all of these boxes. They also benefit from our flexible policy models that include both whitelisting and blacklisting.

To learn more about how our mapping and visibility happen, and how this helps to enforce policy with our uniquely flexible policy model as well and show quick value, watch our full presentation, below.

Addressing Questions and Challenges

With only one hour for presenting our product, there were a lot of questions that we couldn’t get to answer. Maybe next time! Here are three of the topics we wanted to address further.

Q. How does being agent-based affect your solution?

One of the questions raised during the session was surrounding the fact that Guardicore micro-segmentation is an agent-based solution, as the benefits are clear, but people often want to know what the agent’s impact is on the workload.

The first thing we always tell customers who ask this question is that our solution is tried and tested. It is already deployed in some of the world’s biggest data centers such as Santander and Openlink, and works with a negligible impact on performance. Our agent footprint is very small, less than 0.1% CPU and takes up 185MB on Linux and 800MB on windows. Our resources are also configurable, allowing you to tailor the agent to what you need. At the same time, we support the largest amount of operating systems as compared to other vendors.

If the agent is still not suitable, you can use our L4 collectors, which sit at the hypervisor level or switch level, and give you full visibility, and use our virtual appliance for enforcement, as we touched upon during the talk. As experts in segmentation, we can talk you through your cybersecurity use cases, and discuss which approach works best, and where.

Q. Which breach detection capabilities are included?

Complementary controls are an important element of our solution, because they contribute to the ease of use and simplicity. One tool for multiple use cases offers a powerful competitive edge. Here are three of the tools we include:

  • Reputation Analysis: We can identify granular threats, including suspicious domain names, IP addresses, and even file hashes in traffic flows.
  • Dynamic Deception: The latest in incident response, this technique tricks attackers, diverting them to a honeypot environment where Labs can learn from their behavior.
  • File Integrity Monitoring: A prerequisite for many compliance regulations, this change-detection mechanism will immediately alert to any unauthorized changes to files.

Q. How do you respond to a known threat?

Flexible policy models allow us to respond quickly and intuitively when it comes to breach detection and incident response. Some vendors have a whitelist only model, which impedes their ability to take immediate action and is not enough in a hybrid fast-paced data center. In contrast, we can immediately block a known threat or undesired ports by adding it to the blacklist. One example might be blocking Telnet across the whole environment, or blocking FTP at the process level. This helps us show real value from day one. Composite models can allow complex rules like the real-world example we used at the presentation, SSH is only allowed in Production environment if it comes from Jumpboxes. With Guardicore, this takes 2 simple rules, while with a whitelist model it would take thousands.

Security Field Day 2019 staff

Until Next Time!

We loved presenting at Field Day, and want to thank all the delegates for their time and their interesting questions! If you want to talk more about any of the topics raised in the presentation, reach out to me via LinkedIn.

In the meantime, learn more about securing a hybrid modern data center which works across legacy infrastructure as well as containers and clouds.

Download our white paper

Rethinking Segmentation for Better Security

Cloud services and their related security challenges will continue to grow

One of the biggest shifts in the enterprise computing industry in the past decade is the migration to the cloud. As more and more organizations discover the benefits of moving their data centers to private and public cloud environments, this trend is expected to continue dominating the enterprise landscape. Gartner projects cloud services will grow exponentially from 2019 through 2022, with Infrastructure-as-a-Service (IaaS) being the fastest growing segment of the market, already showing an increase of 27.5% in 2019 compared to 2018.

So what’s the big challenge?

The added agility of cloud infrastructure comes with a trade-off, in the form of increased complexity of cyber security. Traditional security tools were designed for on premise servers and endpoints, focusing on perimeter defense to block the attacks at the entry point. But the dynamic nature of hybrid cloud services meant that perimeter defense became insufficient. When the perimeter itself is constantly shifting, as data and workloads move back and forth among public and private clouds and on premise data centers, the attack surfaces became much larger and required network segmentation to control lateral movement within the perimeter.

From the early days of clouds, segmentation became a popular concept. Traditionally, businesses were looking to divide the network into segments and enforce some sort of access control between the segments. In practice, the way it worked was that relevant servers were put into a dedicated VLAN and routed through a firewall. The higher level of segmentation meant smaller segment size, which reduced the attack surface and limited the impact of any potential breach.

Then – the rules of the game changed! Moving from one static cloud to dynamic, hybrid cloud-based data centers

Simple segmentation by firewalls used to work in the past, when the networks were comprised of relatively large static segments. However, the “rules of the game” have changed significantly in recent years. Dynamic data centers and hybrid cloud adoption have created problems that cannot be solved with legacy firewalls, and yet achieving segmentation is now more vital than ever before. The cadence of change to the infrastructure and application services is very high, accentuating the need for granular segments with an understanding of their dependencies and impacting their security policy.

Take, for example, the 2017 Equifax breach. The US House of Representatives report on this incident pointed directly to the lack of internal segmentation as one of the key gaps that allowed the breach impact to be so big, affecting 143 million consumers.

Regulation is another driver of segmentation. One of Guardicore’s customers, a global investment bank, needed to comply with a new regulation of SWIFT – which requires all SWIFT servers to be put into a separate segment and whitelist all connection allowed in and out of this segment. Using traditional methods, it took the bank 10 months and a costly labor-intensive process to complete this change, spurring them on to find smarter segmentation methods moving forward.

The examples above demonstrate how although segmentation is a known and well understood security measure, in practice organizations struggle to implement it properly in a cost-effective way.

Adapt easily to these changes and start micro-segmentation

To deal with these challenges, micro-segmentation was born. Micro-segmentation takes enterprise security to a new level and is a step further than existing network segmentation and application segmentation methods, adding visibility and policy granularity. It typically works by establishing security policies around individual or groups of applications, regardless of where they reside in the hybrid data center. These policies dictate which applications can and cannot communicate with each other.

Micro-segmentation includes the ability to fully visualize the environment and define security policies with Layer 7 process-level precision, making it highly effective at preventing lateral movement in a hybrid cloud environment.

Take the first step in preparing your enterprise for a better data security

Want to learn more? Listen to Guardicore’s CTO and Co-founder, Ariel Zeitlin, as he walks through the challenges and the solutions to better secure your data in his latest interview with the CIO Talk Network. In this podcast, Ariel discusses the new approaches to implementing segmentation, the key aspects you need to consider when comparing different vendors and technologies, and what comes ahead of the curve for security leaders in this space.

 

Want to learn more about how to first think through, then properly implement micro-segmentation? Read our white paper on operationalizing your segmentation project.

Read More