Posts

Guardicore Awarded 5 Stars In CRN’s 2019 Partner Program Guide

Annual Guide Recognizes the IT Channel’s Top Partner Programs; Guardicore Senior Director of Channels Named to 2019 list of CRN Channel Chiefs

Boston, Mass. and Tel Aviv, Israel – April 02, 2019 – Guardicore, a leader in internal data center and cloud security, today announced CRN®, a brand of The Channel Company, has recognized The Guardicore Partner Program with a 5 Star rating in the 2019 Partner Program Guide. Additionally, Guardicore applauds Senior Director of Channels Todd Bice for being named once again to the annual list of CRN Channel Chiefs.

CRN’s annual guide identifies the strongest and most successful partner programs in the channel today, offered by the top technology suppliers for IT products and services.  The 5 Star rating recognizes an elite subset of companies that offer solution providers the best partnering elements in their channel programs.  To determine the 2019 5 Star ratings, The Channel Company’s research team assessed each Supplier’s partner program based on investments in program offerings, partner profitability, partner training, education and support, marketing programs and resources, sales support, and communication.

“We are delighted to once again be awarded this 5 Star rating from CRN. Our partners recognize that the Guardicore channel program is designed to drive success by aligning the award-winning capabilities of our Guardicore Centra Security Platform to partners’ unique business models, helping to establish breakthrough go-to-market service offerings and driving new revenue streams,” said Todd Bice, Senior Director of Channels, and a 2019 CRN Channel Chief.

Continued Bice, “Guardicore partners value the best-in-class visibility, software-defined segmentation, and real-time breach detection and response capabilities of our platform, which help to ensure protection of their clients’ most critical assets as they face a growing attack surface and increasing complexities involved in defending hybrid environments. Today’s honor, combined with continued traction in the Managed Security Services market and a 100 percent increase in new partner engagements since last year, demonstrates how much we value our partners and how our commitment to the channel has translated to success for their clients and businesses.”

As a CRN Channel Chief Bice demonstrated exceptional leadership, vision and commitment to Guardicore’s channel partner programs. Channel Chief honorees are selected by CRN’s editorial staff as a result of their professional achievements, standing in the industry, dedication to the channel partner community, and strategies for driving future growth and innovation.

Exclusive Networks recently joined the Guardicore Partner Program as its first value added distributor in North America. Laurent Daudré-Vignier, Exclusive Networks Executive Vice-President North America shares, “Partnering with Guardicore has enabled us to easily expand delivery of cloud security services to our clients. Through its innovative channel program Guardicore enables us to address potential blind spots for our customers, helping to protect critical data center assets in dynamic environments with software-defined micro-segmentation and distributed breach detection and automated attack mitigation.”

Guardicore Partner Program

The award-winning Guardicore Partner Program offers differentiated go-to-market service offerings and revenue opportunities for our growing ecosystem of partners. It is designed to drive value for partners by helping them gain a competitive advantage in the security marketplace. Guardicore partners can leverage the Guardicore Centra Security Platform to deliver project-based service engagements, embed it into an operational services model or simply resell to address a specific use case.  The Guardicore Partner Program was created to meet the unique needs of different partner types including resellers, service providers, managed security services and technology partners.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Guardicore Threat Intelligence Helps Cybersecurity Community Research Attacks and Mitigate Risks

Guardicore Labs Launches Freely Available Public Resource For Investigating Malicious IP Addresses and Domains

 

Boston, Mass. and Tel Aviv, Israel – March 25, 2019 – Guardicore, a leader in internal data center and cloud security, today announced the launch of its Guardicore Threat Intelligence community resource. Developed by the Guardicore Labs research team, Guardicore Threat Intelligence is a freely available public resource for identifying and investigating malicious IP addresses and domains. With an easy to understand dashboard, Guardicore Threat Intelligence rates top attackers, top attacked ports and top malicious domains, giving security teams the insight they need to research and understand attacks and mitigate risks.

“Based on our deployment and technology Guardicore has a unique view of the most recent threats that are targeting servers in the cloud and in data centers. As a company we believe in giving back to the community and contributing where we can to the benefit of all. Thus, the Guardicore Labs research team has made its data and research available for the public,” said Pavel Gurvich, Co-founder and CEO, Guardicore. “With the launch of Guardicore Threat Intelligence, the cyber security community now has the opportunity to benefit from the same insights leveraged by Guardicore to protect its customers. Busy security teams can now benefit from a trusted, freely available resource that allows them to keep track of potential threats and enjoy unique analysis specific to data center attacks.”

 

Guardicore Threat Intelligence Features
Guardicore Threat Intelligence is currently the only publicly available community resource to focus exclusively on data center attacks. Specifically, it includes data not available in other public feeds, including the role of IP addresses in specific attacks and detailed attack flow, providing context for attacks on Internet-facing servers with a single aggregated view. Security analysts, threat hunters, and incident response or forensics teams can leverage Guardicore Threat Intelligence as an aggregated source to verify threats, understand attack patterns, and update IoCs quickly, eliminating the need to check multiple feeds and accelerating the time to response. Ultimately, Guardicore Threat Intelligence can help defenders anticipate future attacks and mitigate risks. Guardicore sources data from its Guardicore Global Sensors Network (GGSN), which streams early threat information to Guardicore Labs’ team for new attack identification and analysis.

 

Availability & Contributions

Guardicore Threat Intelligence is freely available now at https://threatintelligence.guardicore.com. Contributions are welcome. Guardicore Labs invites the cybersecurity community to contribute to its Threat Intelligence knowledge base by submitting data, asking questions and collaborating with Guardicore researchers on additional findings.

 

Guardicore Labs

Guardicore Labs is a global research team, consisting of hackers, cybersecurity researchers and industry experts. Its mission is to deliver cutting-edge cyber security research, lead and participate in academic research and provide analysis, insights and response methodologies to the latest cyber threats. Guardicore Labs helps Guardicore customers and the security community to continually enhance their security posture and protect critical business applications and infrastructure.

 

Creators of Infection Monkey, a popular open-source network resiliency test tool, Guardicore Labs’ high-profile threat discoveries include the Hexmen multiple attack campaigns targeting database services, the Bondnet botnet used to mine different cryptocurrencies, Operation Prowli, a traffic manipulation and cryptocurrency mining campaign, and Butter, a brute force SSH attack on Linux machines that leaves a backdoor to deliver a Samba payload. To learn more visit Guardicore Labs.


About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

The cost of over-compliance

A few weeks ago I visited a prospect who presented me with an interesting business case.
They are a financial services company with all their applications hosted on their premises.
As expected from a financial services company, they are heavily regulated – having to meet PCI DSS and other standards and requirements.

When they started their business ~10 years ago, the core set of their applications were under that or another regulation. At that time a plausible solution was to define all of their production environment as “regulated” and implement all the requirements there. The overhead was small and it made a lot of sense to simplify the management of segregation of regulated from non-regulated.

But over the years the situation has changed quite a lot. In addition to financial applications that remain regulated, they added tens of other applications to their production environment and now the situation is that in fact fewer than 50% of their servers run regulated applications, and the overhead becomes quite big. They estimated a few hundreds of thousands of dollars annually “wasted” on compliance where it is not needed (from licenses on software, auditing hours, and time of compliance oriented engineers internally etc.)

So “why not separate the irrelevant applications from the regulated data-center?” you might ask, and so did I. But here are a few challenges that the prospect presented me with:

  1. The data center is quite complex today, spanning a few different virtualization solutions, networking equipment etc, so separating them into different VLANs will require quite a lot of networking effort.
  2. The regulated and non-regulated applications are interconnected – mapping those dependencies (for identifying the FW rules) is a very complex task without the right visibility.
  3. Some applications are business critical and they cannot afford the down-time associated with moving them to another VLAN, changing their IPs etc – just the thought of that scares away everyone from application owners to leadership.
  4. When looking deeper into the regulation requirements – they would like to separate the “regulated part” even further into separate segments, thus driving the compliance and auditing costs event further down. So take all the problems above and multiply them…
  5. As with all modern organizations, they would like to embrace “new” technologies such as cloud – so they would like to enable this easily within any change they implement in their IT and plan for future expansions.

What a perfect use-case for an overlay segmentation solution as Guardicore!!! We can help implement any size of segments, across any infrastructure, without any downtime, and help save quite a lot of money in the process of uplifting their security posture.

Want to hear more – talk to us.

CVE-2019-5736 – runC container breakout

A major vulnerability related to containers was released on Feb 12th. The vulnerability allows a malicious container that is running as root to break out into the hosting OS and gain administrative privileges.

Adam Iwanuik, one of the researchers who took part in the discovery shares in detail the different paths taken to discover this vulnerability.

The mitigations suggested as part of the research for unpatched systems are:

  1. Use Docker containers with SELinux enabled (–selinux-enabled). This prevents processes inside the container from overwriting the host docker-runc binary.
  2. Use read-only file system on the host, at least for storing the docker-runc binary.
  3. Use a low privileged user inside the container or a new user namespace with uid 0 mapped to that user (then that user should not have write access to runC binary on the host).

The first two suggestions are pretty straightforward but I would like to elaborate on the third one. It’s important to understand that Docker containers run as root by default unless stated otherwise. This does not explicitly mean that the container also has root access to the host OS but it’s the main prerequisite for this vulnerability to work.

To run a quick check whether your host is running any containers as root:


#!/bin/bash

# get all running docker container names
containers=$(docker ps | awk '{if(NR>1) print $NF}')

echo "List of containers running as root"

# loop through all containers
for container in $containers
do
    uid=$(docker inspect --format='{{json .Config.User}}' $container)
    if [ $uid = '"0"' ] ; then
        echo "Container name: $container"
    fi
done

In any case, as a best practice you should prevent your users from running containers as root. This can be enforced by existing controls of the common orchestration\management system. For example, OpenShift prevents users from running containers as root out of the box so your job here is basically done. However, in Kubernetes your can run as root by default but you can easily configure PodSecurityPolicy to prevent this as described here.

In order to fix this issue, you should patch the version of your container runtime. Whether you are just using a container runtime (docker) or some flavor of a container orchestration system (Kubernetes, Mesos, etc…) you should look up the instructions for your specific software version and OS.

How can Guardicore help?

Guardicore provides a network security solution for hybrid cloud environments that spans across multiple compute architectures, containers being one of them. Guardicore Centra is a holistic micro-segmentation solution that provides process-level visibility and enforcement of the traffic flows both for containers and VMs. This is extremely important in the case of this CVE, as the attack would originate from the host VM or a different container and not the original container in case of a malicious actor breaking out.

Guardicore can mitigate this risk by controlling which processes can actually communicate between the containers or VMs covered by the system.

Learn more about containers and cloud security

Banco Del Bajio, S.A., Selects Guardicore Centra Security Platform to Protect Data Center

Guardicore Chosen for Bank’s Data Center Security for Superior Micro-segmentation and Visibility Capabilities

Read more

5 Ways that PCI DSS Micro-Segmentation Can Help You Achieve Compliance

The consequences of non-compliance with regulations such as PCI-DSS and HIPAA are increasingly serious, while achieving compliance is only becoming more difficult because of dynamic workloads and hybrid IT environments. How can micro-segmentation make compliance easy again?

Arbala Systems Joins GuardiCore Partner Program

Leverages GuardiCore Centra Security Platform to Drive New Service Opportunities

Read more

I Know What We Did Last Summer, You Should Too: See What’s New with GuardiCore Centra

As our CTO Ariel Zeitlin mentioned in his recent post , the GuardiCore field team has been very busy over the past several months working with some of the world’s largest corporations on different hybrid cloud security projects. More specifically, the GuardiCore Centra solution has been helping these large companies achieve greater visibility and assisting them in creating micro-segmentation policies.

At the same time, the GuardiCore product teams were busy developing the next wave of innovation for GuardiCore Centra. Some of our customers told us that the ability to quickly innovate and introduce new capabilities is one of our key differentiators as a company, and we take this feedback and the responsibility to push the boundaries of our technology seriously.

I have selected a couple of important highlights of the recent releases that I wanted to share with you, to give you a glimpse of the exciting progress we are making. The overview below is only partial. For the complete list of new release features and release content, please see the documentation on our customer portal (login required).

Of note – we are currently on release 28, and soon will EA release 29 and start the development of release 30. We are in continuous motion, upgrading, optimizing and pushing out the best improvements for our customers and if I may add a personal note – setting an example for the industry.

Reveal

GuardiCore Reveal provides visibility into application flows and processes. When visualizing assets, one can now perform asset grouping according to multiple, nested keys. This allows a much clearer view of large data centers and communication flows between environments, applications and roles. In addition, Centra now supports defining segmentation rules according to complicated logic of labels. Want to know more? Watch the demo to learn about Centra and visibility.

Some of the other recent enhancements include the following capabilities:

Nested Grouping

Users can now define map groupings that consist of multiple keys to form a nested map structure. For example, a user can define a default “Environment” → “Application” → “Role” grouping; Reveal maps will then show the different environments by default. When expanded, each environment will reveal its underlying applications, and correspondingly when an application is expanded, Reveal will show its underlying Roles.

3-tier GuardiCore Centra product update

 

AND Segmentation Rules

Segmentation rules now support specifying the result of a logic “AND” operation on label criteria as a rule’s source or destination. As in previous versions, users can get these suggestions directly from the Reveal map or enter them manually in the Segmentation Policy screen.
AND rules are directly related to nested groups. For example, when suggesting rules from the eCommerce application node in the Production environment, to the Data Processing application in the Production environment, the resulting rules will have a source of “Environment: Production AND Application: eCommerce” and a destination of “Environment: Production AND Application: Data Processing”.

One-Click Daily Maps

This new feature produces daily Reveal maps, generated automatically every 24 hours. Clicking “Explore” on the Reveal menu displays the most recent map by default. Maps are created once and are automatically updated based on your configuration.

Time estimation – We added a progress bar to indicate how long it takes the map to build. When you create a new map on an extended time frame (a week, a month etc’) or activate the Accurate connection times option on the Create New Map window, you will get an ETA indication on the Saved Maps page.

Tighter Process Level Policy Enforcement

To enable more granular and secure policies , we added the ability to explicitly specify the full path of the process as part of the Allow/Block rules. For example, when creating a policy for application “nginx”, Centra will suggest to allow /usr/local/nginx instead of  /tmp/nginx.

Cloud Native Visibility, More Multi-Cloud UI Controls

We simplified the way users activate multiple orchestration providers: AWS, vSphere and Kubernetes (K8s) simultaneously. Asset inventory and metadata will be continuously fetched from all defined orchestration providers.

We also added the ability to display orchestrations data from multiple sources for the same Kubernetes asset. All the data about a specific node is now collected both from the Kubernetes API and the compute providers’ APIs.

For GuardiCore customers who are using agentless, managed cloud solutions such as AWS, GCP and Azure, we provide a visibility and ‘soft’ enforcement solution with AWS inherent virtual private cloud (VPC) flow logs. VPC flow logs provide a way to inspect all the flows between all the different cloud assets within a given cloud network. Policy-wise this means that only alerts are supported without enforcement.

Private Threat Feeds Integrated into GuardiCore Reputation Services

Our users have asked us to enable them to use their own existing threat feeds (IoCs) with the GuardiCore Reputation Service. Now GuardiCore users can add their internal threat feed and enjoy the same rich visual incident experience as with all GuardiCore incidents. The IoC types that are supported are file and IP. The IoCs are uploaded in a JSON format to Centra REST API. Once uploaded, Centra will alert on the presence of these IoCs across the entire customer’s data center.

Shift Left on Security to Enable Secure and Rapid Digital Transformation

Rapid development and deployment can be a major competitive business advantage. This approach minimizes waste and cost, aligns business and IT teams, and allows companies to respond to real-time customer need and market trends. However exciting these opportunities are, it’s important to remember that dynamic and complex IT environments are creating increasing risk and threat, and reliability and security are a must have, not an optional extra.

Ensuring that rapid development and security protocols are not at odds should be a goal for any forward-focused business, especially during October’s cyber security Awareness Month. Shifting left on your security is becoming increasingly popular, but how can it be done?

Embracing the Shift Left Approach from a Security Standpoint

The idea behind the ‘shift-left’ approach for security is simple. Instead of first building a new product or service entirely, and then introducing security as a rubber stamp of approval at the end, you bring the security process in at an earlier point in the timeline, at the DevOps stage.

This has multiple benefits. From a business perspective, it’s a more cost-effective way to work on a new project. In fact, according to software development guru Steve McConnell, “violations are 10x to 20x less expensive to resolve during software development compared to at the production release step.”

The shift-left approach also ensures that areas such as reliability and compliance are considered at the earliest possible stage and can be part of the game plan from the start. As any security problems are discovered at the beginning, they are much easier to resolve, as they aren’t integral to the product yet. Troubleshooting security issues in advance means you can fix potential security violations before they become a reality.

Change the Way Security Fits Within your Business Structure and Company Culture

Without “shifting left,” when security is added as an afterthought, key stakeholders in development have historically seen security as a hurdle to get past, or a hoop to jump through. Often, security can stand in the way of a product or a service, making it more difficult to make quick decisions or streamline a process.

By moving security earlier on in the process, it can do the exact opposite – making it easier to say yes to new innovation and change. One example could be third-party code that would speed up development of a new product. Instead of being forced to build your own code from scratch to ensure security, automated processes could scan the code at the point of entry and ensure it is architecturally sound, working with DevOps teams to make their lives easier.

Going Further to Break Down Traditional Silos

Another method to increase the speed of deployment and its agility is to create a shared ownership over delivery of projects as well as a shared accountability for each other’s bottom lines. If development is responsible for secure code going out, and security is responsible for quick deployment, they suddenly have a shared goal they can work towards.

This change in mentality provides functionality and security in one for your business, with a seamless ability to feedback and improve. This is effective throughout a specific development cycle, and also as an overall posture of communication and collaboration for your company. Furthermore, this approach makes the security function less disruptive. It’s a quiet and constant part of the process rather than an addition that is seen to blow up the hard work of your development team at the very last stages.

What Does This Look Like in Action?

Embedding security into the application itself as part of the risk reduction process can be done in a number of ways. Let’s look at a practical example of implementing this methodology using GuardiCore Centra.

First, you will identify the applications and the connections it creates, either on staging or in the QA environment. You can then verify and analyze what the associated risks are.

Once the the GuardiCore agent is embedded into the workloads, you can then configure the security policy using our flexible policy engine. Workload specific, this can be implemented with a Zero Trust policy model. The policies are applied to the assets themselves, without the need to rely on IP addresses or any physical location, so wherever the application moves to, the policy follows.

The Benefits are Clear

Rapid digital transformation is essential for business success, and yet without security at its core – the risks are simply too great. Rather than allow security to continue to take a bolted-on role that is disparate from business process, we should be using tools such as Centra to enable security to shift-left and take an early and equal continuous role in development.

As CTO Ariel Zeitlin shared with his insights, the sooner you get started, the sooner you can enjoy the taste of your success

GuardiCore’s Journey from Vision to Best-in-Class Micro-Segmentation

Micro-segmentation as we know it today has gone through several stages in the last few years, moving from a rising trend for securing software-defined data centers to a full-blown cyber security technology and a top priority on the agenda of nearly every CISO.

Built on the vision of securing the hybrid cloud and software defined data centers, we started our journey in 2013, thinking how to solve what in our opinion was a huge challenge for a market that did not exist at that time. In this post we’ll share how we created the micro-segmentation solution that is considered the best on the market – from vision to execution.

2015: First steps towards segmentation

Throughout the second half of 2015, we started delivering our micro-segmentation methodology after realizing that understanding how applications communicate inside the cloud was the key to success and as such – must be addressed first. “You can’t protect what you can’t see” wasn’t coined by GuardiCore but was immediately embraced by us when we started planning our micro-segmentation solution. We started developing our visibility solution Reveal, a visual map of all the applications running in the data center, all the way down to the process level. Reveal allows you to view applications and the flow they create in real time while also providing historic views. For the first time, admins and security teams were able to easily discover the running applications, one by one, and then review relations between the application tiers. Early releases supported general data center topologies as well as Docker containers.

2016: Gartner names micro-segmentation a top information security technology

We launched our segmentation solution at the RSA conference 2016 with a big splash. Reveal gained a lot of coverage and was well received by security teams who were lacking the proper tools to see the application flows in their data centers. It was one of the hottest security products at RSA 2016 and for a good reason!

Important to note that when micro-segmentation was introduced in Gartner’s Top 10 Technologies for Information Security in 2016 time in June 2016, many security professionals were unaware of the concept. In that report Gartner stated that to prevent attackers from moving “unimpeded laterally to other systems” there was “an emerging requirement for microsegmentation of east/west traffic in enterprise networks”. Enthusiasm was then at its peak, micro-segmentation was widely covered in the media and conferences dealing with the technology abound.

2017: Micro-segmentation for early adopters

Micro-segmentation was gaining traction as one of the most effective ways to secure data centers and clouds, but organizations learned the hard way that the path to meaningful micro-segmentation was full of challenges. Incomplete visibility into east-west traffic flows, inflexible policy engines and lack of multi-cloud support were among the most cited reasons. Throughout 2017 market penetration was around 5% of target audience and micro-segmentation was far from being mainstream. Andrew Lerner, Research Vice President at Gartner, noted in a blog post that “Micro-segmentation is the future of modern data center and cloud security; but not getting the micro-segmentation-supporting technology right can be analogous to building the wrong foundation for a building and trying to adapt afterward”.

That year GuardiCore tackled these challenges head on and based on the feedback we received from our growing customer base, we added flexible policy management and moved on from using only 3rd party integration to add native enforcement at the flow and process levels. Customers were able to move from zero-segmentation to native enforcement in 3 easy steps, based on revealing applications, building policies and natively enforcing policies.

2018: Our solution takes complexity out of micro-segmentation

Today, micro-segmentation serves as a foundational element of data center security in any data center. According to a Citi group’s report, cloud security is the number one priority among CISOs in 2018, with micro-segmentation the top priority in plans to purchase in this category. Concentrated effort on the part of organizations from different industries has resulted in better understanding of the technology. This year we were able to deploy micro-segmentation across all types of environments, from bare metal to virtualized machines, through public cloud instances and recently to containerized environments.

So if you are planning a micro-segmentation project let’s talk. We can show you how to do it in a way that is quick, affordable, secure, and provable across any environment.