Posts

Guardicore Centra Integration now available on CyberArk Marketplace

We had our first integration with CyberArk in 2016. One of our very early adopters, a CISO for a large telecommunications company, realized that Guardicore Centra was becoming a critical part of his security infrastructure and decided to integrate the two products.

The CISO understood that one of the biggest security threats for his organization was the misuse of privileged accounts with elevated permissions on IT systems. He decided to use CyberArk with Guardicore in order to manage privileged accounts and protect his critical assets. Guardicore secured access to critical assets via micro-segmentation and detection capabilities, and CyberArk managed the privileged access on these systems.

Since then, we have added additional features such as identity-based policies to provide a stronger overall solution, and many other customers have benefited from these integrated capabilities.

I am happy to update you that this integration of Guardicore Centra security platform and the CyberArk Privileged Access Security Solution has recently been made available on the CyberArk Marketplace, helping our joint customers accelerate their ability to meet compliance requirements and reduce security risk without introducing additional operational complexity.

By providing the Guardicore plug-in via the CyberArk Marketplace, customers can now more easily evolve their privileged access management programs. Our integration enables CyberArk customers to protect their hybrid cloud and data center while maintaining strong privileged access controls.

As a CyberArk C3 Alliance member, Guardicore will continue to work alongside CyberArk to deliver value to shared customers through an integrated plug-in, as part of their security stack.

Privileged access is pervasive and provides attackers the “keys to the IT kingdom.”

It is widely recognized that nearly all damaging cyber-attacks involve privileged account compromise. Attackers are then able to exploit this legitimate privileged access to establish a foothold and make lateral moves across enterprise IT infrastructure. Additionally, without least privilege, internal users might abuse their access rights. By integrating the capabilities of Guardicore Centra with the CyberArk solution, customers can be better positioned to detect and stop lateral movement using both software-defined segmentation and privileged access management.

Thinking about zero trust implementation? CyberArk combines with Guardicore to take you that much closer to the adoption of the zero trust model of security.

Want to read more about how Guardicore micro-segmentation can take you closer to adopting a zero trust framework? Download our white paper on getting there faster.

Read More

Guardicore vs. VLANs. No Contest. All That’s Left is Deciding What to Do with Your Free Time

A fast-paced business world deserves security solutions that can keep up. Speed isn’t everything, but reducing complexity and time when deploying a new strategy can be the difference between success and failure. Let’s look at the process of segmenting just one business critical application via VLANs, and then compare how it works with Guardicore Centra micro-segmentation. Then you can decide how to use all that spare time wisely.

VLANs – How Long Does it Take?

If you decide to go down the VLAN route, you will need to spend around 4-6 months preparing your network and application changes. On the networking side, teams will configure switches, connect servers, and generally get the network ready for the new VLANs. On the application side, teams will build a migration strategy, starting with discovering all the relevant infrastructure, making changes to application code where necessary and preparing any pre-existing dependent applications for the change ahead of time.

After this 6-month period, you can start to build policy. It can take anywhere from 2-4 months to submit firewall change requests and have fixes and changes signed off and approved by the firewall governance teams. Meanwhile, your critical applications remain vulnerable.

Once you’re ready to move on to policy enforcement, you’ll need to spend a weekend migrating the application to the new VLAN. This includes manually reconfiguring IP addresses, applications and integration points. Don’t forget to warn your users, as there will be some application downtime that you can’t avoid. Altogether, you’ve spent up to 10 months performing this one segmentation task.

VLANs vs Guardicore

Guardicore Centra – How Long Does it Take?

Now let’s take a look at how it works when you choose smart segmentation for hybrid cloud and modern data center security with Guardicore. The preparation time is just a few days, as opposed to half a year, while Guardicore agents are deployed onto your application. This installation is simple and painless, and works with any platform. Labeling is also done during this time, integrating with your organizational inventory such as CMDB or cloud tags. Guardicore’s Reveal platform automatically discovers all traffic and flows, giving you an accurate map of your IT ecosystem, in real time, and continues to give you historical views as you proceed as well.

As policy creation is automatic, your policy suggestions can be tested immediately, and then run in ‘alert mode’ for two weeks while you tweak your policy to make sure it’s optimized to its full potential. When you’re ready to go – pick a day and switch from alert to enforce mode, with no impact on performance, and no downtime.

You’ve Just Saved 9 Months – Let’s Use It!

With security handled, and 9 months of time to kill, here are just some of the things you could achieve in your organization.

Start a Language Lunch Club

quick segmentation - start a language lunch club

90% of employees say that taking a regular lunch break helps them to feel more productive in the afternoon. Despite this, most of us often grab a quick sandwich, or don’t even manage to get up from our desks. Why not use some of your newfound company “free time” to encourage teams to eat lunch together, socializing and enjoying some much needed down-time? This time ‘off’can give colleagues a chance to get to know one another, forming new friendships, social bonds and levels of trust between your staff. If you want to try to combine this with learning a new skill and further enriching your staff (expanding their minds and improving memory and brain function), you could start a language club where your team members can learn basic skills that can support them in reaching global customers. With 180 hours to kill – that’s a whole lot of lazy, or super-productive, lunches!

Play with Lego!

quick segmentation - play with lego

Many organizations struggle with how to make team meetings more productive, especially when everyone is always so short on time. If you’re known for sharing memes like “I survived another meeting that should have been an email,” then isn’t it time you did something about it?

Lego Serious Play is one great methodology that can get staff thinking and working outside of the box. As 80% of our brain cells are connected to our hands, building and creating can unlock hidden thoughts and ideas. It’s also a fantastic way to get input from quieter team members, as it works for both introverts and extroverts, and uses visual, kinaesthetic and auditory communication. If you have some free time left over, why not try beating the world record for the tallest Lego tower, built in Tel Aviv in 2017. You’ll have to make it to 36 meters to stand a chance though!

Put more Time into Health and Wellness

quick segmentation - put time into health and wellness

With more time in the day, there’s no need to take shortcuts that adversely affect your health. Tell your employees to skip the elevator and take the stairs, or to come in slightly later and cycle instead of jumping on available public transport. If your staff take the stairs twice a day for the whole nine months of saved time – that’s 12,600 calories, or the equivalent of 50 pieces of cheesecake!

Research has shown that employees who have work wellness programs report taking 56% fewer sick days than those without. Use some of the free time you’re saving to set up 8:30am or 5:00pm wellness classes, such as yoga, mindfulness, aerobics or Zumba and give your employees more reasons to love coming to work! Activity also encourages greater focus and productivity while on the job, so consider it a triumph to flex the muscles of your body and your mind.

Do More with Your Day Job

quick segmentation - do more with your day job

Spend some time getting to know other departments in the company, sitting down with Procurement to understand recent contracts, or heading over to R&D and having that conversation you’ve been meaning to have about Intellectual Property. Nine months makes 1440 hour-long coffee meetings! Better yet, why not plan a stint to an at least semi-exotic location to visit your offshore development teams on site? Allow yourself a bit of time out of the office while getting some all-important face-time with other members of your team.

You could also use some of your extra time to visit some customers or other stakeholders in the supply chain, identifying the risks that they pose to your organization and the mitigation you could put in place. Interested in some more informal professional development? It’s the perfect time to start a training to develop or expand a new skill, or mentoring some junior employees, or think about your own career enrichment. After all, you’ve just saved nine months!

Encourage Innovation

quick segmentation - encourage innovation

Most people have heard of Google’s 20% rule, where employees are encouraged to work on side projects, new hustles, or research for 20% of their working day. But for many companies this is a huge privilege – only possible if you have enough time in the day to get all the urgent work off your desk- which we know is never the case. But now with more time to play with, literally, you can implement some enforced innovation time. With 9 months of extra time to use up, it will take four and a half years of an hour a day before your staff have used up the surplus.

Now It’s your Turn to Innovate: What Will Your Teams Do With Their Free Time?

Why not draw up a bucket list of what you could do with an extra nine months, and how it could benefit your company?

Take a look at the seven steps to operationalize micro-segmentation so you can see just how simple it would be to get started.

Read More

Environment Segmentation is your Company’s First Quick Micro-Segmentation Win

We often tell our customers that implementing micro-segmentation technology should be a phased project. Starting with a thorough map of your entire IT ecosystem, your company should begin with the ‘low hanging fruit’, the easy wins that can show quick time to value, and have the least impact on other parts of the business. From here, you’ll be in a strong vantage point to get buy in for more complex or granular segmentation projects, perhaps even working towards a zero-trust model for your security.

One of the first tasks that many customers take on is separating environments from one another. Let’s see how it works.

Understanding the Context of your Data Center

Whether your workloads are on-premises, in the cloud, or in a hybrid mix of the two, your data center will be split into environments. These include:

  • Development: Where your developers create code, try out experiments, fix bugs, and use trial and error to create new features and tools.
  • Staging: This is where testing is done, either manually or through automation. Resource-heavy, and as similar as possible to your production environment. This is where you would do your final checks.
  • Production: Your live environment is your production environment. If any errors or bugs make it this far, they could be discovered by your users. If this happens in this environment, it could have the greatest impact on your business through your most critical applications. While all environments are vulnerable, and some may even be more easily breached, penetration and movement in this environment can have the most impact and cause the most damage.

Of course, every organization is different. In some cases, you might have environments such as QA, Local, Feature, or Release, to name just a few. Your segmentation engine should be flexible enough to meet any business structure, suiting your organization rather than the other way around.

It’s important to note that these environments are not entirely separate. They share the same infrastructure and have no physical separation. In this reality, there will be traffic which needs to be controlled or blocked between the different environments to ensure best-practice security. At the same time however, in order for business to run as usual, specific communication flows need to be allowed access despite the environment separations. Mapping those flows, analyzing them and white-listing them is often not an easy process in itself, adding another level of complexity to traditional segmentation projects carried out without the right solution.

Use cases for environment segmentation include keeping business-critical servers away from customer access, and isolating the different stages of the product life cycle. This vital segmentation project also allows businesses to keep up with compliance regulations and prevents attackers from exploiting security vulnerabilities to access critical data and assets.

Traditional Methods of Environment Segmentation

Historically, enterprises would separate their environments using firewalls and VLANs, often physically creating isolation between each area of the business. They may have relied on cloud platforms for development, and then used on-premises data centers for production for example.

Today, some organizations adapt VLANs to create separations inside a data center. This relies on multiple teams spending time configuring network switches, connecting servers, and making application and code changes where necessary. Despite this, In static environments, hosted in the same infrastructure, and without dynamic changes or the need for large scale, VLANs get the job done.

However, the rise in popularity of cloud and containers, as well as fast-paced DevOps practices, has made quick implementation and flexibility more important than ever before. It can take months to build and enforce a new VLAN, and become a huge bottleneck for the entire business, even creating unavoidable downtime for your users. Manually maintaining complex rules and changes can cause errors, while out of date rules leave dangerous gaps in security that can be exploited by sophisticated attackers. VLANs do not extend to the cloud, which means your business ends up trying to reconcile multiple security solutions that were not built to work in tandem. Often this results in compromises being made which put you at risk.

A Software-Based Segmentation Solution Helps Avoid Downtime, Wasted Resources, and Bottlenecks

A policy that follows the workload using software bypasses these problems. Using micro-segmentation technology, you can isolate low-value environments such as Development from Production, so that even in case of a breach, attackers cannot make unauthorized movement to critical assets or data. With intelligent micro-segmentation, this one policy will be airtight throughout your environment. This includes on-premises, in the public or private cloud, or in a hybrid data center.

The other difference is the effort in terms of implementation. Unlike with VLANs, with software-based segmentation, there is no complex coordination among teams, no downtime, and no bottlenecks while application and networking teams configure switches, servers and code. Using Guardicore Centra as an example, it takes just days to deploy our agents, and your customers won’t experience a moment of downtime.

Achieve Environment Segmentation without Infrastructure Changes

Environment segmentation is a necessity in today’s data centers: to achieve compliance, reduce the attack surface, and maintain secure separation between the different life stages of the business. However, this project doesn’t need to be manually intensive. When done right, it shouldn’t involve multiple teams, result in organizational downtime or even require infrastructure changes. In contrast, it can be the first stage of a phased micro-segmentation journey, making it easier to embrace new technology on the cloud, and implement a strong posture of risk-reduction across your organization.

Want to learn more about what’s next after environment segmentation as your first micro-segmentation project? Read up on securing modern data centers and clouds.

More Here.

Guardicore Achieves Microsoft IP Co-Sell Status: Available for Download on the Azure Marketplace – Here’s What That Means for You

A couple of weeks ago we announced that the Guardicore Centra security platform is available in the Microsoft Azure Marketplace. As you might know, Centra was available in the marketplace before, as Guardicore has worked with Microsoft for a very long time, providing various integrations as well as research for Azure and Azure Stack. Now, the latest version of Centra is available and Guardicore has achieved an IP Co-Sell status.

One of the most important capabilities that we developed for Azure provides Centra with real-time integration to Azure orchestration. This provides metadata on the assets deployed in your Azure cloud environment, complementing the information provided by Guardicore agents.

For example, information coming from orchestration may include data that can’t be collected from the VM itself, including: Source Image, Instance Name, Private DNS name, Instance Id, Instance Type , Security groups, Architecture, Power State, Private IP Address and Subscription Name.

Using this information, Centra will accelerate security migration from an on-premises data center to Azure.

In addition, we are very proud that Guardicore has achieved the Microsoft IP Co-Sell status. This designation recognizes that Guardicore has demonstrated its proven technology and deep expertise that helps customers achieve their cloud security goals. Achieving this status demonstrates our commitment to the Microsoft partner ecosystem. It also proves our ability to deliver innovative solutions that help forward-thinking enterprise customers to secure their business-critical applications and data with quick time to value, reduce the cost and burden of compliance, and securely embrace cloud adoption.

Banco BASE Selects Guardicore Centra Security Platform to Protect Critical Banking Applications

Guardicore Chosen for Superior Visibility and Segmentation Policy Management to Reduce Risks

Boston, Mass. and Tel Aviv, Israel – October 22, 2019 – Guardicore, a leader in internal data center and cloud security, today announced that Banco BASE, a Mexican financial group and a leader in financing and foreign trade industries, is deploying Guardicore’s Centra Security Platform to provide advanced data center security.

“Banco BASE has built its success by providing the most innovative financial solutions, with agile and personalized service,” said Prudencio Frigolet Gómez. Director of Technology and  Operations at Banco BASE. “A big part of our commitment to our customers is ensuring the protection of their critical data and availability of services. Guardicore Centra gives our IT team deep visibility into east-west traffic for our critical banking applications and the ability to reduce risk with micro-segmentation.”  

Banco BASE is part of the Mexican Financial Group Grupo Financiero BASE. With over 32 years of experience, Banco BASE provides products for corporate and private banking, including loans, investments, digital accounts and currency exchange. 

“We are honored Banco BASE has selected Guardicore to help protect their most critical applications,” said Pavel Gurvich, co-founder and CEO of Guardicore. “Banco BASE quickly recognized that a new, software-defined approach to segmentation is essential for reducing risk and simplifying ongoing policy management for critical applications and payment systems like SWIFT.”

Guardicore’s flagship product, the Centra Security Platform, is a comprehensive data center and cloud security solution that delivers the simplest and most intuitive way to apply micro-segmentation controls to reduce the attack surface and detect and control breaches within east-west traffic. It provides deep visibility into application dependencies and flows and enforcement of network and individual process level policies to isolate and segment critical applications and infrastructure.

About Banco BASE

For nearly three decades, Banco BASE has specialized in providing companies with financial advice solutions, to help them grow and achieve their goals, through a strong services portfolio, including Foreign Currency, Hedging Instruments, Credit, Digital Accounts and Investments. We deliver very efficient financial services due to our network of offices in Mexico’s major cities from which we cover all the country; plus, we have as well a representation office in Toronto, Canada. Furthermore, we have correspondence relationships with the world’s main banks and most Mexican banks, which ensure our transparency, reliability and transaction swiftness.

Our credentials include: Rated by Standard & Poor´s, since February 2000 and by Fitch Ratings since 2006 always increasing our ratings; Approximately 2,000 FX transactions per day and a daily trading volume of USD $450 million; Members of the Association of Certified Anti-Money Laundering Specialist (ACAMS) and founders of the Monterrey-Mexico Chapter; Placed among the 500 most important companies in Mexico, and a “Super Empresa” (one of the best places to work for) by Expansion Magazine (A Time Inc. Enterprise). Our best recommendation comes from our more than 20,000 satisfied national and international customers.

For more information, visit www.bancobase.com 

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Guardicore Now Available in the Microsoft Azure Marketplace

Microsoft Azure customers worldwide now gain access to the Guardicore Centra security platform to take advantage of the scalability, reliability, and agility of Azure to drive application development and shape business strategies

Boston, Mass. and Tel Aviv, Israel – October 8, 2019 – Guardicore, a leader in internal data center and cloud security, today announced the availability of its Guardicore Centra security platform in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. Guardicore customers can now take advantage of the scalability, high availability, and security of Azure, with streamlined deployment and management.

Guardicore Centra helps accelerate security migration from an on-premises data center to Azure. Additionally, it supports hybrid clouds and can protect legacy applications for those customers that prefer to keep such applications in their traditional data centers while migrating other applications to Azure. The Guardicore Centra security platform is also among the first cloud and data center micro-segmentation solutions in the market to achieve Microsoft IP Co-Sell status. This designation recognizes that Guardicore has demonstrated proven technology and deep expertise that helps customers achieve their cloud security goals.

“By implementing Guardicore Centra, combined with the range of powerful tools from Microsoft Azure, customers are able to gain the highest level of visibility and implement micro-segmentation for enhanced security. And they can do it faster and more effectively than traditional firewall technology with our simple-to-deploy overlay that can go to the cloud, stay on-premise, or do both at the same time,” said Pavel Gurvich, CEO and cofounder, Guardicore. “Achieving this status demonstrates our commitment to the Microsoft partner ecosystem and our ability to deliver innovative solutions that help forward-thinking enterprise customers to secure their business-critical applications and data quickly, reduce the cost and burden of compliance, and secure cloud adoption.”

Sajan Parihar, Senior Director, Microsoft Azure Platform at Microsoft Corp said, “We’re pleased to welcome Guardicore and the Guardicore Centra security platform to the Microsoft Azure Marketplace, which gives our partners great exposure to cloud customers around the globe. Azure Marketplace offers world-class quality experiences from global trusted partners with solutions tested to work seamlessly with Azure.”

The Azure Marketplace is an online market for buying and selling cloud solutions certified to run on Azure. The Azure Marketplace helps connect companies seeking innovative, cloud-based solutions with partners who have developed solutions that are ready to use.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Trials and Tribulations – A Practical Look at the Challenges of Azure Security Groups and Flow Logs

Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. While Next-Generation firewalls protect and segment applications on premises’ perimeter (mostly), AWS, Azure, and GCP do not mirror this in the cloud. Segmenting applications using Cloud Security Groups is done in a restricted manner, supporting only layer 4 traffic, ports and IPs. This means that to benefit from application-aware security capabilities with your cloud applications you will need an additional set of controls which is not available with the built-in functionality of Cloud Security Groups.

The basic function that Cloud Security Groups should provide is network separation, so they can be best compared to what VLANs provides on premises, Access Control Lists on switches and endpoint FWs. Unfortunately, like VLANs, ACLs and endpoint FWs, Cloud Security Groups come with similar ailments and limitations. This makes using them complex, expensive and ultimately ineffective for modern networks that are hybrid and require adequate segmentation. To create application aware policies, and micro-segment an application, you need to visualize application dependencies, which Cloud Security Groups do not support. Furthermore, if your application dependencies cross regions within the same cloud provider or between clouds and on premises, application security groups are ineffective by design. We will touch on this topic in upcoming posts.

In today’s post we will focus on a specific scenario and use case that is common to most organizations, discussing Cloud Security Groups and flow logs limitations within a specific vNet, and illustrating what Guardicore’s value is in this scenario.

Experiment: Simulate a SWIFT Application Migration to Azure

Let’s look at the details from an experiment performed by one of our customers during a simulation of a SWIFT application migration to Azure.

Our customer used a subscription in Azure, in the Southern region of Brazil. Within the subscription, there is a Virtual Network (vNet). The vNet includes a Subnet 10.0.2.0/24 with various application servers that serve different roles.

This customer attempted to simulate the migration of their SWIFT application to Azure given the subscription above. General segmentation rules for their migrated SWIFT application were set using both NSGs (Network Security Groups) & ASGs (Application Security Groups). These were used to administrate and control network traffic within the virtual network (vNet) and specifically to segment this application.

Let’s review the difference:

  • An NSG is the Azure resource that is used to enforce and control the network traffic. NSGs control access by permitting or denying network traffic. All traffic entering or leaving your Azure network can be processed via an NSG.
  • An ASG is an object reference within a Network Security Group. ASGs are used within an NSG to apply a network security rule to a specific workload or group of VMs. An ASG is a “network object,” and explicit IP addresses are added to this object. This provides the capability to group VMs into associated groups or workloads.

The lab setup:
The cloud setup in this experiment included a single vNet, with a single Subnet, which has its own Network Security Group (NSG) assigned.

ASGs

  • Notice that they are all contained within the same Resource Group, and belong to the Location of the vNet (Brazil South).

NSGs:

The following NSG rules were in place for the simulated migrated SWIFT Application:

  • Load Balancers to Web Servers, over specific ports, allow.
  • Web Servers to Databases, over specific ports, allow.
  • Deny all else between SWIFT servers.

The problem:

A SWIFT application team member in charge of the simulation project called the cloud security team telling them a critical backup operation had stopped working on the migrated application, and he suspects the connection is blocked. The cloud network team, at this point, had to verify the root cause of the problem, partially through process of elimination, out of several possible options:

  1. The application team member was wrong, it’s not a policy issue but a configuration issue within the application.
  2. The ASGs are misconfigured while NSGs are configured correctly.
  3. The ASGs are configured correctly but the NSGs are misconfigured or missing a rule.

The cloud team began the process of elimination. They used Azure flow logs to try to detect the possible blocked connections. The following is an example of such a log:

Using the Microsoft Azure Log Analytics platform, the cloud team sifted through the data, with no success. They were searching for a blocked connection that could potentially be the backup process. The blocked connection was non-detectable. The cloud team members therefore dismissed the issue as a misconfiguration in the application.

The SWIFT team member insisted it was not an application issue and several days passed with no solution, all while the SWIFT backup operation kept failing. In a live environment, this stalemate would have been a catastrophe, with team members likely working around the clock to find the blocked connection, or prove misconfiguration in the application itself. In many cases an incident like this would lead to removing the security policy for the sake of business continuity as millions of dollars are at stake daily.

After many debates and an escalation of the incident, it was decided- based on the Protect team’s recommendation- to leverage Guardicore Centra in the Azure cloud environment to help with the investigation and migration simulation project.

Using Guardicore Centra, the team used Reveal to filter for all failed connections related to the SWIFT application. This immediately revealed an attempted failed connection, between the SWIFT load balancer and the SWIFT databases. The connection failed due to missing allow security groups. There was no NSG in place to allow SWIFT LBs to talk to SWIFT DBs in the policy.

The filters in Reveal

 

Discovering the process

Guardicore was able to provide visibility down to the process level for further context and identification of the failed backup process.

Application Context is a Necessity

The reason the flow logs were inadequate to detect the connection was that IPs were constantly changing as the application scaled up and down and the migration simulation project moved forward. Throughout this, the teams had no context of when the backup operation was supposed to occur or what servers initiated these attempted connections, therefore the search came up empty handed. They were searching for what they thought would reveal the failed connections. As flow logs are limited to IPs and ports, they were unable to search based on application context.

The cloud team decided to use Guardicore Centra to manage the migration and segmentation of the SWIFT application simulation for ease of management and ease of maintenance. Additionally, they added process and user context to the rules for more granular security and testing. Guardicore Centra enabled comparing the on-premises application deployment with the cloud setup to make sure all configurations were in place.

The team then went on to use Guardicore Centra to simulate the SWIFT policy over real SWIFT traffic. Making sure they are not blocking additional critical services, and will not inadvertently block these in the future.

 

Guardicore Centra provided the cloud security team with:

  • Visibility and speed to detect the relevant blocked flows
  • Process and user context to identify the failed operation as the backup operation
  • Ability to receive real-time alerts on any policy violation
  • Applying process level rules & user level rules required for the critical SWIFT Application
  • Simulation and testing capabilities to simulate the policies over real application traffic before blocking

All of these features are not available in Azure. These limitations cause serious implications, such as the backup operation failure and no ability to adequately investigate and resolve the issue.

Furthermore, as part of general environment hygiene, our customer attempted to add several rules to govern the whole vNet, blocking Telnet and insecure FTP. For Telnet, our customer could add a block rule in Azure on port 23; For FTP, an issue was raised. FTP can communicate over high range ports that many other applications will need to use, how could it be blocked? Using Guardicore, a simple block rule over the ftpd process was put in place with no port restriction, immediately blocking any insecure ftp communication at process level regardless of the ports used.

Visibility is key to any successful application migration project. Understanding your application dependencies is a critical step, enabling setting up the application successfully in the cloud. Guardicore Centra provides rich context for each connection, powerful filtering capabilities, flexible timeframes and more. We collect all the flows, show successful, failed, and blocked connections, and store historical data, not just short windows of it, to be able to support many use cases. These include troubleshooting, forensics, compliance and of course, segmentation. This enables us to help our customers migrate to the cloud 30x faster and achieve their segmentation and application migration goals across any infrastructure.

Ophir Harpaz of Guardicore Wins Rising Star Leadership Award from SC Media

Boston, Mass. and Tel Aviv, Israel – September 23, 2019 – Guardicore, a leader in internal data center and cloud security, today announced that Ophir Harpaz, Security Researcher, Guardicore has been named a winner in the third-annual SC Media Reboot Leadership Awards, earning the distinction in the Rising Star category. A total of 50 honorees were revealed as part of a special editorial section published today at SC Magazine.

“Ophir represents the very best of what it means to be a contributing member of the information security community. Her curiosity leads her forward daily to uncover the most dangerous tools and techniques employed by today’s adversaries, and to share her findings through blog posts, workshops and talks. She is passionate about leveraging her position to elevate and educate young women and her fellow researchers and dedicates her time freely to pass on all she has already learned,” said Ofri Ziv, Vice President of Research, Guardicore and Head of Guardicore Labs. “We applaud her for her achievements and look forward to her continued success.”

The Reboot Leadership Awards are an adjunct to SC Media’s annual Reboot coverage that takes place each December when SC Media recognizes the best and brightest cybersecurity luminaries and organizations. The Reboot Leadership Awards are offered similar accolades. The winners are honored with a special section on SC Media’s website and in their December Reboot edition.

The contenders who were nominated faced a thorough judging process conducted by SC Media’s editorial team. This included a review of their professional backgrounds, references and work undertaken to benefit the wider industry, as well as any other research deemed necessary. Winners were chosen based on their outstanding service, qualifications and advancements in the cybersecurity industry.

“There were no shortage of quality nominations this year as we reviewed the various candidates for our coveted Reboot Awards,” said Teri Robinson, executive editor, SC Media. “However, after a thorough evaluation process, it was clear that Ophir truly distinguished herself through her valuable contributions and industry influence.”

Ophir is becoming one of the world’s foremost experts in cybercrime research, preventing millions of dollars of damage for some of the world’s most valuable companies. Most recently, she has led research on the Nansh0u crypto mining and Smominru botnet campaigns, as well as took part in the development of Guardicore’s publicly available Cyber Threat Intelligence threat feed. She is also an active member of Baot, a community for women in software development and research positions in the Israeli high tech industry, and dedicates copious time to education and contribute to the world. She is a true believer in the information security world being a community. As part of that approach, she runs the website begin.re, a popular resource for learning reverse engineering, and regularly shares insights from her daily life in cybersecurity via social media. In fact, Ophir was selected by Sentinel One as one of 21 Twitter profiles worth following and by Cybersecurity Ventures’ Cybercrime Magazine as one of the industry’s recommended list of women to follow on Twitter.

About SC Media

SC Media is cybersecurity. They’ve lived it for over 30 years, sharing industry expert guidance and insight, in-depth features, timely news and independent product reviews in various content forms in partnership with and for top-level information security executives and their technical teams. SC Media arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies. They deliver breaking news, comprehensive analysis, cutting-edge features, contributions from thought leaders, and the best, most extensive collection of product reviews in the business. Whether through their comprehensive website, magazine, in-depth ebooks, newsletters, or regularly scheduled digital and live events, such as their SC Awards program and their RiskSec conference, their readers gain all the relevant information they need to safeguard their organizations and, ultimately, contribute to their longevity and success.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Guardicore’s Infection Monkey Becomes the Industry’s First Zero Trust Assessment Tool

Open Source Infection Monkey Provides Enterprise Leaders the Ability to Examine Adherence to Zero Trust Security Posture and Prescribe Recommendations for Faster Zero Trust Adoption

Boston, Mass. and Tel Aviv, Israel – September 12, 2019 – Guardicore, a leader in internal data center and cloud security, today unveiled new capabilities for its Infection Monkey that make it the industry’s first Zero Trust assessment tool. Added features extend the functionality of the already successful Infection Monkey, a free, open source breach and attack simulation tool used by thousands to demonstrate and analyze their environments against lateral movement and attacks.  The latest version of Infection Monkey enables both enterprise security leaders and network engineers to determine how their environments perform against a Zero Trust security posture on their path to overall Zero Trust adoption. Infection Monkey now provides security and network infrastructure teams the ability to easily and accurately examine an enterprise’s adherence to key components of the Zero Trust framework as established by Forrester with detailed explanations of security gaps and prescriptive instructions on how to rectify them. Guardicore will preview the Zero Trust capabilities of Infection Monkey with attendees of the Forrester Security & Risk Forum in National Harbor, MD this week.

“A concept first developed by Forrester Research nearly a decade ago, the Zero Trust approach to information security is gaining momentum and driving strategic technical alignment and implementations toward a process focused on building security from the inside out,” said Pavel Gurvich, Co-founder and CEO, Guardicore. “Yet many organizations are still unsure of how to move from theory to deployment and apply the principles of Zero Trust in their environment. Infection Monkey is the first tool of its kind that allows organizations to safely and easily test their environment’s Zero Trust posture and generate specific recommendations to accelerate and enhance Zero Trust adoption and ensure continued adherence. ” 

Infection Monkey with Zero Trust Assessment

Infection Monkey enables cybersecurity and infrastructure architects to operationalize Zero Trust by accurately examining an enterprise’s adherence to the pillars of Zero Trust, including detailed explanations of where the enterprise falls short, and instructions on how to address these shortcomings. Easy to deploy and run, Infection Monkey tests implementation of the Zero Trust framework by attempting to communicate with machines residing in different segments of the enterprise network, demonstrating policy violations, and generating test results with actionable recommendations for remediation.With prescriptive reporting that can be easily implemented without any additional staff or education, Infection Monkey offers security leaders the ability to illustrate enterprise Zero Trust posture against the Forrester framework with an easy to understand red, yellow, green color scheme. Like previous versions of Infection Monkey, the latest version runs on bare metal, VMWare, other hypervisors, AWS, Azure, Google, and private clouds.

Availability & Contributions

Developed by Guardicore Labs Infection Monkey is an open source breach and attack simulation tool for securely and automatically testing the resiliency of private and public cloud environments. Guardicore Infection Monkey source code is currently available from the GitHub repository. Added capabilities for Zero Trust assessment and deployments for the AWS Marketplace, Microsoft Azure Marketplace and Google Cloud Platform Marketplace will be available for download at the end of the quarter. Infection Monkey is available for Linux, Windows, AWS, Azure, Google Cloud Platform, VMWare and Docker environments. For questions, suggestions and guidance join the Infection Monkey community.

Infection Monkey is open source, developed on GitHub under the GPLv3 license. 

Guardicore Labs

Guardicore Labs is a global research team, consisting of hackers, cybersecurity researchers and industry experts. Its mission is to deliver cutting-edge cyber security research, lead and participate in academic research and provide analysis, insights and response methodologies to the latest cyber threats. Guardicore Labs helps Guardicore customers and the security community to continually enhance their security posture and protect critical business applications and infrastructure.

Creators of Infection Monkey, a popular open-source network resiliency test tool, Guardicore Labs’ high-profile threat discoveries include Nansh0u advanced crypto-mining attack,  the Hexmen multiple attack campaigns targeting database services, the Bondnet botnet used to mine different cryptocurrencies, and a privilege escalation vulnerability in VMWare. Guardicore Labs also hosts Cyber Threat Intelligence (CTI), a freely available threat intelligence portal to assist security teams in identifying and investigating malicious IP addresses and domains in data centers. To learn more visit Guardicore Labs.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Securing a Hybrid Data Center – Strategies and Best Practices

Today’s data centers exist in a hybrid reality. They often include on-premises infrastructure such as Bare Metal or Virtual Machines, as well as both Public and Private cloud. At the same time, most businesses have legacy systems that they need to support. Even as you embrace cutting-edge infrastructure like containers and microservices, your legacy systems aren’t going anywhere, and it’s probably not even on your near future road-map to replace them. As a result, your security strategy needs to be suitable across a hybrid ecosystem, which is not as simple as it sounds.

The Top Issues with Securing a Hybrid Data Center

Many businesses attempt to use traditional security tools to manage a hybrid data center, and quickly run into problems.

Here are the most common problems that companies encounter when traditional tools are used to secure a modern, hybrid data center:

  • Keeping up with the pace of change: Business moves fast, and traditional security tools such as legacy firewalls, ACLs, VLANs and cloud security groups are ineffectual. This is because these solutions are made for one specific underlying infrastructure. VLANs will work well for on premises – but fall short when it comes to cloud and container infrastructure. Cloud security groups work for the cloud, but won’t support additional cloud providers or on premises. If you want to migrate, security will seriously affect the speed and flexibility of your move, slowing down the whole process – and probably negating the reasons you chose cloud to begin with.
  • Management overhead: Incorporating different solutions for different infrastructure is nothing short of a headache. You’ll need to hire more staff, including experts in each area. A cross-platform security strategy that incorporates everyone’s field of expertise is costly, complex, and prone to bottlenecks because of the traditional ‘too many cooks’ issue.
  • No visibility: Your business will also need to think about compliance. This could involve an entirely different solution and staff member dedicated to compliance and visibility. Without granular insight into your entire ecosystem, it’s impossible to pass an audit. VLANs for example offer no visibility into application dependencies, a major requirement for audit-compliance. When businesses use VLANs, compliance therefore becomes an additional headache.
  • Insufficient control: Today’s security solutions need Layer 7 control, with granularity that can look at user identity, FQDN (fully qualified domain names), command lines and more. Existing solutions rely on IPs and ports, which are insufficient to say the least.
    Take cloud security groups for example, which for many has become the standard technology for segmenting applications, the same way as they would on-premises. However, on the cloud this solution stops at Layer 4 traffic, ports and IPs. For application-aware security on AWS, you will need to add another set of controls. In a dynamic data center, security needs to be decoupled from the IPs themselves, allowing for migration of machines. Smart security uses an abstraction level, enabling the policy to follow the workload, rather than the IP.
  • Lack of automation: In a live hybrid cloud data center, automation is essential. Without automation as standard, for example using VLANs, changes can take weeks or even months. Manually implementing rules can result in the downtime of critical systems, as well as multiple lengthy changes in IPs, configurations of routers, and more.

Hybrid Data Center Security Strategies that Meet These Issues Head-On

The first essential item on your checklist should be infrastructure-agnostic security. Centralized management means one policy approach across everything, from modern and legacy technology on-premises to both public and private cloud. Distributed enforcement decouples the security from the IP or any underlying infrastructure – allowing policy to follow the workload, however it moves or changes. Security policy becomes an enabler of migration and change, automatically moving with the assets themselves.

The most effective hybrid cloud solutions will be software-based, able to integrate with any other existing software solution, including ansible, chef, puppet, SCCM, and more. This will also make deployment fast and seamless, with implementation taking hours rather than days. At Guardicore, our customers often express surprise when we request three hours to install our solution for a POC, as competitors have asked for three days!

The ease of use should continue after the initial deployment. An automated, readable visualization of your entire ecosystem makes issues like compliance entirely straightforward, and provides an intuitive and knowledgeable map that is the foundation to policy creation. Coupling this with a flexible labeling system means that any stakeholder can view the map of your infrastructure, and immediately understand what they are looking at.

These factors allow you to implement micro-segmentation in a highly effective way, with granular control down to the process level. In comparison to traditional security tools, Guardicore can secure and micro-segment an application in just weeks, while for one customer it had taken 9 months to do the same task using VLANs.

What Makes Guardicore Unique When it Comes to Hybrid Data Center Security Strategies?

For Guardicore, it all starts with the map. We collect all the flows, rather than just a sample, and allow you to access all your securely stored historical data rather than only snap-shotting small windows in time. This allows us to support more use cases for our customers, from making compliance simple to troubleshooting a slowdown or forensic investigation into a breach. We also use contextual analysis on all application dependencies and traffic, using orchestration data, as well as the process, user, FQDN and command line of all traffic. We can enable results, whatever use case you’re looking to meet.

Guardicore is also known for our flexibility, providing a grouping and labeling process that lets you see your data center the way you talk about it, using your own labels rather than pre-defined ones superimposed on you by a vendor, and Key:Value formats instead of tags. This makes it much easier to create the right policies for your environment, and use the map to see a hierarchical view of your entire business structure, with context that makes sense to you. Taking this a step further into policy creation, your rules methodology can be a composite of whitelisting and blacklisting, giving less risk of inflexibility and complexity in your data center, and even allowing security rules that are not connected to segmentation use cases. In contrast, competitors use white-list only approaches with fixed labels and tiers.

Fast & Simple Segmentation with Guardicore

Your hybrid data center security strategies should enable speed and flexibility, not stand in your way. First, ensure that your solution supports any environment. Next, gain as much visibility as possible, including context. Use this to glean all data in an intuitive way, without gaps, before creating flexible policies that focus on your key objectives – regardless of the underlying infrastructure.

Interested in learning more about implementing a hybrid cloud center security solution?

Download our white paper