Posts

Guardicore Selected as Finalist in Black Unicorn Awards for 2019

Guardicore Named One of the Top 30 Finalists for Cybersecurity Companies

Boston, Mass. and Tel Aviv, Israel – July 22, 2019 – Guardicore, a leader in internal data center and cloud security, today announced that is has been named a finalist in the Black Unicorn Awards for 2019, sponsored by Cyber Defense Magazine. Founded in Tel Aviv in 2013 Guardicore is a global company with more than 150 employees, a worldwide network of more than 50 partners and $110 million in venture funding from Battery Ventures, 83North, TPG, Qumra Capital and Deutsche Telecom Capital Partners and Partech.

Guardicore recognizes that traditional perimeter defenses are ineffective at reducing the attack surface, maintaining compliance or deploying granular policies quickly and at scale, in today’s dynamic, heterogeneous hybrid environments. Guardicore protects modern enterprise networks by constantly engaging with customers to understand their challenges in hybrid data centers and providing micro-segmentation to define security policies.

As one of thirty finalists, Guardicore is competing against many of the industry’s leading providers of cybersecurity products and services for this prestigious award. The term “Black Unicorn” signifies a cybersecurity company that has the potential to reach a $1 billion dollar market value as determined by private or public investment (Source) and these awards showcase those companies with this kind of incredible potential in the cybersecurity marketplace. Ten winners will be announced on August 7, 2019 by Cyber Defense Magazine.

“It’s exciting to see Guardicore making it into the finalist round among other cybersecurity industry leaders in our first annual Black Unicorn awards,” said Judges Robert Herjavec of Herjavec GroupDavid DeWalt of Night Dragon and Gary Miliefsky of Cyber Defense Media Group. Learn more about the judges at: Black Unicorn Awards 2019.

“We are honored to be recognized as a finalist for this prestigious award as Guardicore continues to expand research areas to identify and prevent threats before they impact the enterprise organizations that put their trust in our hands,” said Pavel Gurvich, CEO and co-founder of Guardicore. “We will continue to provide a simple and flexible solution to meet the current and future needs of the modern enterprise,” added Gurvich.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Guardicore’s Insights from Security Field Day 2019

We had such a great time speaking at Security Field Day recently, presenting the changes to our product since our last visit, and hearing from delegates about what issues concern them in micro-segmentation technology.

The last time we were at Field Day was four years ago, and our product was in an entirely different place. The technology and vision have evolved since then. Of course, we’re still learning as we innovate, with the help of our customers who continually come up with new use cases and challenges to meet.

For those who missed our talk, here’s a look at some of what we discussed, and a brief recap of a few interesting and challenging questions that came up on the day.

Simplicity and Visibility First

At Guardicore, we know that ease of use is the foundation to widespread adoption of a new technology for any business. When we get into discussions with each enterprise, customer, or team, we see clearly that they have their own issues or road map to address. As there is no such thing as the ultimate or only use case for micro-segmentation, we can start with the customer in mind. Our product can support any flavor, any need. Just as examples, some of the most popular use cases include separation of environments such as Dev/Prod, ring fencing critical assets, micro-segmenting digital crown jewels, compliance or least privilege and more general IT hygiene like vulnerable port protocols.

To make these use cases into reality, organizations need deep visibility to understand what’s going on in the data center from a human lens. It’s important to have flexible labeling so that you can physically see your data center with the same language that you use to speak about it. We also enhance this by allowing users to see a particular view based on their need or their role within the company. A compliance officer would have a different use for the map than the CTO, or a developer in DevSecOps for example. In addition, organizations need to enforce both blacklist and whitelist policy models for intuitive threat prevention and response. Our customers benefit from our cutting edge visibility tool, Reveal, which is completely customizable and checks all of these boxes. They also benefit from our flexible policy models that include both whitelisting and blacklisting.

To learn more about how our mapping and visibility happen, and how this helps to enforce policy with our uniquely flexible policy model as well and show quick value, watch our full presentation, below.

Addressing Questions and Challenges

With only one hour for presenting our product, there were a lot of questions that we couldn’t get to answer. Maybe next time! Here are three of the topics we wanted to address further.

Q. How does being agent-based affect your solution?

One of the questions raised during the session was surrounding the fact that Guardicore micro-segmentation is an agent-based solution, as the benefits are clear, but people often want to know what the agent’s impact is on the workload.

The first thing we always tell customers who ask this question is that our solution is tried and tested. It is already deployed in some of the world’s biggest data centers such as Santander and Openlink, and works with a negligible impact on performance. Our agent footprint is very small, less than 0.1% CPU and takes up 185MB on Linux and 800MB on windows. Our resources are also configurable, allowing you to tailor the agent to what you need. At the same time, we support the largest amount of operating systems as compared to other vendors.

If the agent is still not suitable, you can use our L4 collectors, which sit at the hypervisor level or switch level, and give you full visibility, and use our virtual appliance for enforcement, as we touched upon during the talk. As experts in segmentation, we can talk you through your cybersecurity use cases, and discuss which approach works best, and where.

Q. Which breach detection capabilities are included?

Complementary controls are an important element of our solution, because they contribute to the ease of use and simplicity. One tool for multiple use cases offers a powerful competitive edge. Here are three of the tools we include:

  • Reputation Analysis: We can identify granular threats, including suspicious domain names, IP addresses, and even file hashes in traffic flows.
  • Dynamic Deception: The latest in incident response, this technique tricks attackers, diverting them to a honeypot environment where Labs can learn from their behavior.
  • File Integrity Monitoring: A prerequisite for many compliance regulations, this change-detection mechanism will immediately alert to any unauthorized changes to files.

Q. How do you respond to a known threat?

Flexible policy models allow us to respond quickly and intuitively when it comes to breach detection and incident response. Some vendors have a whitelist only model, which impedes their ability to take immediate action and is not enough in a hybrid fast-paced data center. In contrast, we can immediately block a known threat or undesired ports by adding it to the blacklist. One example might be blocking Telnet across the whole environment, or blocking FTP at the process level. This helps us show real value from day one. Composite models can allow complex rules like the real-world example we used at the presentation, SSH is only allowed in Production environment if it comes from Jumpboxes. With Guardicore, this takes 2 simple rules, while with a whitelist model it would take thousands.

Security Field Day 2019 staff

Until Next Time!

We loved presenting at Field Day, and want to thank all the delegates for their time and their interesting questions! If you want to talk more about any of the topics raised in the presentation, reach out to me via LinkedIn.

In the meantime, learn more about securing a hybrid modern data center which works across legacy infrastructure as well as containers and clouds.

Download our white paper

Rethinking Segmentation for Better Security

Cloud services and their related security challenges will continue to grow

One of the biggest shifts in the enterprise computing industry in the past decade is the migration to the cloud. As more and more organizations discover the benefits of moving their data centers to private and public cloud environments, this trend is expected to continue dominating the enterprise landscape. Gartner projects cloud services will grow exponentially from 2019 through 2022, with Infrastructure-as-a-Service (IaaS) being the fastest growing segment of the market, already showing an increase of 27.5% in 2019 compared to 2018.

So what’s the big challenge?

The added agility of cloud infrastructure comes with a trade-off, in the form of increased complexity of cyber security. Traditional security tools were designed for on premise servers and endpoints, focusing on perimeter defense to block the attacks at the entry point. But the dynamic nature of hybrid cloud services meant that perimeter defense became insufficient. When the perimeter itself is constantly shifting, as data and workloads move back and forth among public and private clouds and on premise data centers, the attack surfaces became much larger and required network segmentation to control lateral movement within the perimeter.

From the early days of clouds, segmentation became a popular concept. Traditionally, businesses were looking to divide the network into segments and enforce some sort of access control between the segments. In practice, the way it worked was that relevant servers were put into a dedicated VLAN and routed through a firewall. The higher level of segmentation meant smaller segment size, which reduced the attack surface and limited the impact of any potential breach.

Then – the rules of the game changed! Moving from one static cloud to dynamic, hybrid cloud-based data centers

Simple segmentation by firewalls used to work in the past, when the networks were comprised of relatively large static segments. However, the “rules of the game” have changed significantly in recent years. Dynamic data centers and hybrid cloud adoption have created problems that cannot be solved with legacy firewalls, and yet achieving segmentation is now more vital than ever before. The cadence of change to the infrastructure and application services is very high, accentuating the need for granular segments with an understanding of their dependencies and impacting their security policy.

Take, for example, the 2017 Equifax breach. The US House of Representatives report on this incident pointed directly to the lack of internal segmentation as one of the key gaps that allowed the breach impact to be so big, affecting 143 million consumers.

Regulation is another driver of segmentation. One of Guardicore’s customers, a global investment bank, needed to comply with a new regulation of SWIFT – which requires all SWIFT servers to be put into a separate segment and whitelist all connection allowed in and out of this segment. Using traditional methods, it took the bank 10 months and a costly labor-intensive process to complete this change, spurring them on to find smarter segmentation methods moving forward.

The examples above demonstrate how although segmentation is a known and well understood security measure, in practice organizations struggle to implement it properly in a cost-effective way.

Adapt easily to these changes and start micro-segmentation

To deal with these challenges, micro-segmentation was born. Micro-segmentation takes enterprise security to a new level and is a step further than existing network segmentation and application segmentation methods, adding visibility and policy granularity. It typically works by establishing security policies around individual or groups of applications, regardless of where they reside in the hybrid data center. These policies dictate which applications can and cannot communicate with each other.

Micro-segmentation includes the ability to fully visualize the environment and define security policies with Layer 7 process-level precision, making it highly effective at preventing lateral movement in a hybrid cloud environment.

Take the first step in preparing your enterprise for a better data security

Want to learn more? Listen to Guardicore’s CTO and Co-founder, Ariel Zeitlin, as he walks through the challenges and the solutions to better secure your data in his latest interview with the CIO Talk Network. In this podcast, Ariel discusses the new approaches to implementing segmentation, the key aspects you need to consider when comparing different vendors and technologies, and what comes ahead of the curve for security leaders in this space.

 

Want to learn more about how to first think through, then properly implement micro-segmentation? Read our white paper on operationalizing your segmentation project.

Read More

NSX-T vs. NSX-V – Key Differences and Pitfalls to Avoid

While working with many customers on segmentation projects, we often get questions about alternative products to Guardicore. This is expected, and, in fact, welcome, as we will take on any head-to-head comparison of Guardicore Centra to other products for micro-segmentation.

Guardicore vs. NSX-T vs NSX- V

One of the common comparisons we get is to VMware NSX. And specifically, we get a lot of questions from customers about the difference between VMware’s two offerings in this space, NSX-T vs NSX-V. Although many security and virtualization experts have written about the differences between the two offerings, including speculation on whether or not these two solutions will merge into a single offering, we think we offer a unique perspective on some of the differences, and what to pay attention to in order to ensure segmentation projects are successful. Also, regardless of which product variant an organization is considering, there are several potential pitfalls with NSX that are important to understand and consider before proceeding with deployment.

NSX-T vs. NSX-V: Key Differences

NSX-V (NSX for “vSphere”) was the first incarnation of NSX and has been around for several years now. As the name suggests, NSX-V is designed for on-premises vSphere deployments only and is architected so that a single NSX-V manager is tied to a single VMware vCenter Server instance. It is only applicable for VMware virtual machines, which leaves a coverage gap for organizations whose use a hybrid infrastructure model. The 2019 RightScale State of the Cloud Report in fact shows that 94% of organizations use the cloud — with 28% of those prioritizing hybrid cloud – with VMware vSphere at 50% of private cloud adoption, flat from last year. So, given the large number of organizations embracing the cloud, interest in NSX-V is waning.

NSX-T (NSX “Transformers”) was designed to address the use cases that NSX-V could not cover, such as multi-hypervisors, cloud, containers and bare metal servers. It is decoupled from VMware’s proprietary hypervisor platform and incorporates agents to perform micro-segmentation on non-VMware platforms. As a result, NSX-T is a much more viable offering than NSX-V now that hybrid cloud and cloud-only deployment models are growing in popularity. However, NSX-T remains limited by feature gaps when compared to both NSX-V and other micro-segmentation solutions, including Guardicore Centra.

Key Pitfalls to Avoid with NSX

While the evolution to NSX-T was a step in the right direction for VMware strategically, there are a number of limitations that continue to limit NSX’s value and effectiveness, particularly when compared to specialized micro-segmentation solutions like Guardicore Centra .

The following are some of the key pitfalls to avoid when considering NSX.

  • Solution Complexity
    VMware NSX requires multiple tools to cover the entire hybrid data center environment. This means NSX-V for ESXi hosts, NSX-T for bare-metal servers, and NSX-Cloud for VMware cloud hosting. In addition, it is a best practice in any micro-segmentation project to first start with visibility to map flows and classify assets where policy will be applied. This requires a separate product, vRealize Network Insight (vRNI). So, a true hybrid infrastructure requires multiple products from VMware, and the need to synchronize policy across them. This leads to more complexity and significantly more time to achieve results. In addition, vRNI is not well-integrated into NSX, which makes the task of moving from visibility to policy a long and complex process. It requires manual downloading and uploading of files to share information between tools.But don’t just take our word for it. A recent Gartner report, Solution Comparison for Microsegmentation Products, April 2019, stated that VMware NSX “comes with massive complexity and many moving parts”. And, when considering NSX for organizations that have implemented the VMware SDN, there is additional complexity added. For example, the network virtualization service alone requires an architecture that consists of “logical switches, logical routers routers, NSX Edge Nodes, NSX Edge Clusters, Transport Nodes, Transport Zones, the logical firewall and logical load balancers,” according to Gartner. Not to mention all the manual configuration steps required to implement.
  • Overspending on Licensing
    For many organizations, segmentation requirements develop in stages. They may not even consciously be beginning a micro-segmentation project. It could start as a focused need to protect a critical set of “digital crown jewels” or subsets of the infrastructure that are subject to regulatory requirements. VMware’s licensing model for NSX does not align well with practical approaches to segmentation like these. When deploying NSX, an organization must license its entire infrastructure. If a segmentation project only applies to 20 percent of the total infrastructure, NSX licenses must be purchased for the remaining 80 percent regardless of whether they will ever be used.
  • Management Console Sprawl
    As mentioned above, detailed infrastructure virtualization is a critical building block for effective micro-segmentation. You can’t protect what you can’t see. While micro-segmentation products integrate virtualization and micro-segmentation into a single interface, NSX does not include native visualization capabilities. Instead, NSX requires the use of a separately licensed product, vRealize Network Insight, for infrastructure visibility. This adds both cost and complexity. It also makes it much more difficult and time-consuming to translate insights from visualization into corresponding micro-segmentation policies. The impact is significant, as it puts additional resource strain on already over-taxed IT resources and results in less effective and less complete segmentation policies.
  • Limited Visibility
    Even when NSX customers choose to deploy vRNI as part of an NSX deployment, the real-time visibility it provides is limited to Layer 4 granularity. This does not provide the level of visibility to set fine-grained, application-aware policies to protect against today’s data center and cloud infrastructure threats. As environments and security requirements become more sophisticated, it is often necessary to combine Layer 4 and Layer 7 views to gain a complete picture of how applications and workloads work and develop strategies for protecting them.Also, while real-time visibility is critical, historical visibility also plays an important role in segmentation. IT environments – and the threat landscape – are constantly changing, and the ability to review historical activity helps security teams continuously improve segmentation policies over time. However, NSX and vRNI lack any historical reporting or views.
  • Enforcement Dependencies and Limitations
    As with visualization, it is important to be able to implement policy enforcement at both the network and process levels. Native NSX policy enforcement can only be performed at the network level.It is possible to achieve limited application-level policy control by using NSX in conjunction with a third VMware product, VMware Distributed Firewall. However, even using VMware Distributed Firewall and NSX together has significant limitations. For example, VMware Distributed Firewall can only be used with on-premises vSphere deployments or with VMware’s proprietary VMware Cloud for AWS cloud deployment model. This makes it non-applicable to modern hybrid cloud infrastructure.
  • Insufficient Protection of Legacy Assets
    While most organizations strive to deploy key applications on modern operating systems, legacy assets remain a fact of life in many environments. While the introduction of agents with NSX-T broadens platform coverage beyond the VMware stack, operating system compatibility is highly constrained. NSX-T agent support is limited to Windows Server 2012 or newer and the latest Linux distributions. Many organizations continue to run high-value applications on older versions of Windows and Linux. The same is true for legacy operating systems like Solaris, AIX, and HP-UX. In many ways, these legacy systems are leading candidates for protection with micro-segmentation, as they are less likely than more modern systems to have current security updates available and applied. But they cannot be protected with NSX.
  • Inability to Detect Breaches
    While the intent of micro-segmentation policies is to proactively block attacks and lateral movement attempts, it is important to complement policy controls with breach detection capabilities. Doing so acts as a safety net, allowing security teams to detect and respond to any malicious activities that micro-segmentation policies do not block. Detecting infrastructure access from sources with questionable reputation and monitoring for network scans and unexpected file changes can both uncover in-progress security incidents and help inform ongoing micro-segmentation policy improvements. NSX lacks any integrated breach detection capabilities.

With the introduction of NSX-T, VMware took an important step away from the proprietary micro-segmentation model it originally created with NSX-V. But even NSX-T requires customers to lock themselves into a sprawling collection of VMware tools. And some key elements, such as VMware Distributed Firewall, remain highly aligned with VMware’s traditional on-premises model.

In contrast, Guardicore Centra is a software-defined, micro-segmentation solution that was designed from day one to be platform-agnostic. This makes is much more effective than NSX at applying micro-segmentation to any combination of VMware and non-VMware infrastructures.

Centra also avoids the key pitfalls that limit the usefulness of NSX.

For example, Centra offers:

  • Flexible licensing that can be applied to a subset of the overall infrastructure if desired.
  • Visualization capabilities that are fully integrated with the micro-segmentation policy creation process.
  • Visibility and integrated enforcement at both Layer 4 and Layer 7 for more granular micro-segmentation control.
  • Extensive support for legacy operating systems, including older Windows and Linux versions, Solaris, AIX, and HP-UX.
  • Fully integrated breach detection and response capabilities, including reputation-based detection, dynamic deception, file integrity monitoring, and network scan detection.

Don’t Let NSX Limitations Undermine Your Micro-Segmentation Strategy

Before considering NSX, see first-hand how Guardicore Centra can help you achieve a simpler and more effective micro-segmentation approach.

Interested in more information on how Guardicore Centra is better for your needs than any NSX amalgam? Read our Guardicore vs. VMware NSX Comparison Guide

Read More

Guardicore Achieves AWS Security Competency Status for Micro-Segmentation and Zero Trust

Guardicore Centra Security Platform Provides Segmentation for Applications, Flows and Processes, Providing Granular Policy Controls to Establish Zero Trust Micro-perimeters

Boston, Mass. and Tel Aviv, Israel – June 28, 2019 – Guardicore, a leader in internal data center and cloud security, today announced that its Centra Security platform is one of the first cloud and data center micro-segmentation solutions in the market to achieve Amazon Web Service (AWS) Security Competency status. This designation recognizes that Guardicore has demonstrated proven technology and deep expertise that helps customers achieve their cloud security goals.

“By implementing Guardicore Centra combined with the range of powerful tools from AWS, our customers are able to gain the highest level of visibility and implement micro-segmentation for enhanced security. And they can do it faster and more effectively than traditional firewall technology with our simple-to-deploy overlay that can go to the cloud, stay on-premise, or do both at the same time,” said Pavel Gurvich, CEO and Co-founder, Guardicore. “Achieving AWS Security Competency status demonstrates our ability to deliver innovative solutions that help our forward-thinking enterprise customers quickly secure their business-critical applications and data, reduce the cost and burden of compliance and secure cloud adoption.”

Moving applications and workloads to the cloud, or between clouds, is now a common attribute of the modern IT environment. However, the current security controls of such environments are still not adequate, and cloud migration presents multiple challenges for IT teams, including the loss of visibility and control over their assets.

Isolation is the solid foundation for cloud workload protection and compliance. Segmentation of network applications and their components can ensure isolation and reduce the attack surface. Guardicore Centra enables deep application dependency mapping and policy enforcement, ensuring an ongoing management process for the creation and maintenance of micro-segmentation policies. Guardicore Centra delivers a complete and flexible solution for micro-segmentation.

Achieving the AWS Security Competency differentiates Guardicore as an AWS Partner Network (APN) member that provides specialized software designed to help enterprises adopt, develop and deploy complex security projects on AWS. To receive the designation, APN Partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.

AWS is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify Consulting and Technology APN Partners with deep industry experience and expertise.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Want to know more about securing workloads in AWS? Get our white paper about Protecting Cloud Workloads with Shared Security Models.

Read More

How to Establish your Next-Gen Data Center Security Strategy

In 2019, 46 percent of businesses are expected to use hybrid data centers, and it is therefore critical for these businesses to be prepared to deal with the inherent security challenges. Developing a next gen data center security strategy that takes into account the complexity of hybrid cloud infrastructure can help keep your business operations secure by way of real-time responsiveness, enhanced scalability, and improved uptime.

One of the biggest challenges of securing the next gen data center is accounting for the various silos that develop. Every cloud service provider has its own methods to implement security policies, and those solutions are discrete from one another. These methods are also discrete from on-premises infrastructure and associated security policies. This siloed approach to security adds complexity and increases the likelihood of blind spots in your security plan, and isn’t consistent with the goals of developing a next gen data center. To overcome these challenges, any forward-thinking company with security top of mind requires security tools that enable visibility and policy enforcement across the entirety of a hybrid cloud infrastructure.

In this piece, we’ll review the basics of the next gen data center, dive into some of the details of developing a next gen data center security strategy, and explain how Guardicore Centra fits into a holistic security plan.

What is a next gen data center?

The idea of hybrid cloud has been around for a while now, so what’s the difference between what we’re used to and a next gen data center? In short, next gen data centers are hybrid cloud infrastructures that abstract away complexity, automate as many workflows as possible, and include scalable orchestration tools. Scalable technologies like SDN (software defined networking), virtualization, containerization, and Infrastructure as Code (IaC) are hallmarks of the next gen data center.

Given this definition, the benefits of the next gen data center are clear: agile, scalable, standardized, and automated IT operations that limit costly manual configuration, human error, and oversights. However, when creating a next gen data center security strategy, enterprises must ensure that the policies, tools, and overall strategy they implement are able to account for the inherent challenges of the next gen data center.

Asking the right questions about your next gen data center security strategy

There are a number of questions enterprises must ask themselves as they begin to design a next gen data center and a security strategy to protect it. Here, we’ll review a few of the most important.

  • What standards and compliance regulations must we meet?Regulations such as HIPAA, PCI-DSS, and SOX subject enterprises to strict security and data protection requirements that must be met, regardless of other goals. Failure to account for these requirements in the planning stages can prove costly in the long run should you fail an audit due to a simple oversight.
  • How can we gain granular visibility into our entire infrastructure? One of the challenges of the next gen data center is the myriad of silos that emerge from a security and visibility perspective. With so many different IaaS, SaaS, and on-premises solutions going into a next gen data center, capturing detailed visibility of data flows down to the process level can be a daunting task. However, in order to optimize security, this is a question you’ll need to answer in the planning stages. If you don’t have a baseline of what traffic flows on your network look like at various points in time (e.g. peak hours on a Monday vs midnight Saturday) identifying and reacting to anomalies becomes almost impossible.
  • How can we implement scalable, cross-platform security policies?As mentioned, the variety of solutions that make up a next gen data center can lead to a number of silos and discrete security policies. Managing security discretely for each platform flies in the face of the scalable, DevOps-inspired ideals of the next gen data center. To ensure that your security can keep up with your infrastructure, you’ll need to seek out scalable, intelligent security tools. While security is often viewed as hamstringing DevOps efforts, the right tools and strategy can help bridge the gap between these two teams.

Finding the right solutions

Given what we have reviewed thus far, we can see that the solutions to the security challenges of the next gen data center need to be scalable and compliant, provide granular visibility, and function across the entirety of your infrastructure.

Guardicore Centra is uniquely capable of addressing these challenges and helping secure the next gen data center. For example, not only can micro-segmentation help enable compliance to standards like HIPAA and PCI-DSS, but Centra offers enterprises the level of visibility required in the next gen data center. Centra is capable of contextualizing all application dependencies across all platforms to ensure that your micro-segmentation policies are properly implemented. Regardless of where your apps run, Centra helps you overcome silos and provides visibility down to the process level.

Further, Centra is capable of achieving the scalability that the next gen data center demands. To help conceptualize how scalable micro-segmentation with Guardicore Centra can be, consider that a typical LAN build-out that can last for a few months and require hundreds of IT labor hours. On the other hand, a comparable micro-segmentation deployment takes about a month and significantly fewer IT labor hours.

Finally, Centra can help bridge the gap between DevOps and Security teams by enabling the use of “zero trust” security models. The general idea behind zero trust is, as the name implies, nothing inside or outside of your network should be trusted by default. This shifts focus to determining what is allowed as opposed to being strictly on the hunt for threats, which is much more conducive to a modern DevSecOps approach to the next gen data center.

Guardicore helps enable your next gen data center security strategy

When developing a next gen data center security strategy, you must be able to account for the nuances of the various pieces of on-premises and cloud infrastructure that make up a hybrid data center. A big part of doing so is selecting tools that minimize complexity and can scale across all of your on-premises and cloud platforms. Guardicore Centra does just that and helps implement scalable and granular security policies to establish the robust security required in the next gen data center.

If you’re interested in redefining and adapting the way you secure your hybrid cloud infrastructure, contact us to learn more.

Want to know more about proper data center security? Get our white paper about operationalizing a proper micro-segmentation project.

Read More

Have You Heard the News? Guardicore Employees Making Waves in Cybersecurity

Here at Guardicore, our employee successes are always a cause for celebration. We love seeing their names up in lights when they gain media attention for their achievements in cybersecurity and beyond.

With that in mind, let’s take a closer look at some of our Guardicore family who have hit the headlines recently, and understand why the Guardicore culture promotes and attracts this kind of success.

Encouraging our Diverse Voices

Ola Sergatchov, our Vice President of Corporate Strategy, was recently recognized as one of The Software Report’s Top 25 Women Leaders in Cybersecurity for 2019. An Executive Leader at Guardicore, Ola encourages women in technology to pursue both technical and leadership positions with creativity, integrity, and determination. Ola has more than 20 years in the industry, and combines technical knowledge with strategic business experience and an innovative flair.

On the topic of awesome Guardicore women who are gaining press attention, check out Danielle Kuznetz Nohi, Guardicore’s Information Security Researcher and Team Leader, featured in this article on female voices that are making a difference in cybersecurity. She talked about how she looks for the right skill set and personality when she is hiring for her team, applicants who show creativity, communication, organization and superb management ability.

Age is Just a Number

An open mind when it comes to hiring practices is an area where many companies fall short, often focusing on the age and experience of candidates rather than their skills and raw talent and potential to contribute. In contrast, at Guardicore we look for the right talent, no matter where it comes from. Rather than restricting ourselves to one ‘type’ of person, we look for interesting people with fresh ideas who can add to our teams. Omri’s story has attracted a lot of interest, as he was just 18 years old when he came to work for us. His high school teacher had sparked his interest by teaching him Scratch, and he began developing his own applications and programming websites.

When Omri applied to Guardicore, Daniel Goldberg, our Information Security Expert and Security Researcher, said that the decision to hire him was an easy one, although he knew that Omri could only join the team for a few months and then would leave for his army service. He saw the win-win nature of the situation, and said yes where others may have said no. Tangling with the bad actors and malicious hackers that only the top percentage of security experts ever grapple with is an unusual experience for any teenager, and one that Omri feels has prepared him for both his army intelligence unit, and an ongoing career in hi-tech.

Innovation and Fresh Thinking

A fresh voice shouting out from the frontlines of cybersecurity research, Ophir Harpaz is a reverse-engineering enthusiast, sharing her skills through her pet project, begin.re where even beginners can get some hands-on advice and knowledge. She was recently featured in 21 Cybersecurity Twitter Accounts You Should Follow for bestowing her insight and practical know-how to the masses. Innovative and exciting, it’s easy to see why she is such a good fit for Guardicore Labs.

Sharing her own story on her experience in cybersecurity, Product Manager, Avishag Daniely was recently featured in ITSP magazine, giving her fresh and unique perspective on how minorities in the workplace can fight their fear of failure.

We encourage our staff to work on their own unique personal goals, and then use these to excel in the workplace, too. Expanding the company’s global footprint and extending the search for talent to new markets is increasingly important. With this in mind, for Avishag, becoming confident in business Spanish, learning to present and hold meetings in this language helped her to close the culture gap, whether she was making new connections, presenting to large audiences, or building informal relationships while she temporarily relocated abroad.

The Best People for the Job

Despite the company experiencing great growth over the past few years, one unique element of Guardicore is that we still manage to keep a truly caring culture, the feeling of being one big family, celebrating one another’s successes.

I believe that this has a lot to do with our hiring practices, and how we create a strong, cohesive culture that runs through everything we do as a company. Tune in to my next blog to hear about the steps we put in place to make this happen.

Guardicore Raises $60 Million; Continues to Build Momentum in Cloud and Data Center Security

Led by New Investor Qumra, Funding Fuels Company Growth and Continued Disruption in Firewall and Data Center Markets

Boston, Mass. and Tel Aviv, Israel – May 21, 2019 – Guardicore, a leader in internal data center and cloud security, today announced it has raised $60 million in Series C funding, bringing the company’s total funding to $110 million. This more than doubles the total capital raised to date and represents an endorsement of Guardicore’s current momentum as the company continues to disrupt the broader firewall and data center markets.

“Any organization has critical IT assets that need to be secured. Our distributed, software-defined segmentation solution is the simplest way to secure these assets whether they reside in the cloud or on premises. The days of being chained to legacy firewalls are over,” said Pavel Gurvich, CEO and co-founder of Guardicore.  

New investor Qumra Capital led the round and was joined by other new investors DTCP, Partech, and ClalTech, Access Industries’ vehicle for Israeli technology investments. Existing investors Battery Ventures, 83North, TPG Growth, and Greenfield Partners also participated in the round. Guardicore will leverage the funds to fuel continued growth and accelerate investments in sales, marketing and customer service as it seeks to expand delivery of its Guardicore Centra security platform to enterprise organizations seeking to protect dynamic data center and cloud infrastructure environments. Ram Metser, Executive Chairman of Segterra, Inc., an innovative digital health analytics company, and former CEO of Guardium, Inc., a dominant database security company acquired by IBM, also joined the Guardicore board of directors.

Continued Gurvich, “Since our last round of funding, we have successfully been able to articulate our vision and demonstrate that the market is ripe for disruption. With consistent revenue growth the past three years and large-scale deployments with numerous Fortune 500 customers, we have proven that our product is more intuitive, flexible, and makes security easier to apply than traditional firewall technology currently being used to protect internal and cloud infrastructure. We are displacing incumbent players and newcomers alike as we strive to help our enterprise customers quickly secure their business-critical applications and data, reduce the cost and burden of compliance and secure cloud adoption.”

“Deutsche Bank is committed to the highest standards of security and a high priority for us is implementing tight network segmentation in our on-premise and cloud environments. Guardicore gives us an effective way to protect our critical assets through segmentation,” said Alan Meirzon, Director, Chief Information Security Office at Deutsche Bank, a Guardicore customer.

“Guardicore is changing the way enterprises approach data center security with modern segmentation capabilities that overcome the inherent inefficiencies of traditional techniques and results in stronger security for enterprise environments,” said Boaz Dinte, founding partner of Qumra Capital, investing in exceptional late-stage companies. “Guardicore is disrupting the market and is well positioned to capitalize on the broader opportunities this presents. We were compelled to invest as the lead in this round because we believe Guardicore will play a critical role in shaping the future of enterprise security, helping organizations better protect vital systems and data as we evolve our digital information society.”

“Guardicore is led by an exceptionally strong team with deep tech know-how and has demonstrated consistent growth and momentum since inception. With wide-spread adoption of distributed and hybrid infrastructures, we need a new paradigm for enterprise security outside of classic perimeters,” said Irit Kahan, Managing Director at DTCP, a global investment platform with c. $1.7 billion assets under management from Deutsche Telekom and other institutional investors. “The company’s unique market positioning and attractive roster of customers across the US and Europe, including some of the largest Fortune 500 names, have validated the value and scale of Guardicore’s approach and strong capabilities.”

Guardicore protects data centers of large and mid-sized enterprises across North America, South America, and EMEA in financial, healthcare and retail industries, including global, blue-chip brands.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Guardicore Raises $60 Million; Funding Fuels Company Growth and Continued Disruption

Today I am excited to share that we have secured a Series C funding round of $60 million, bringing our total funding to more than $110 million. The latest round was led by Qumra Capital and was joined by other new investors DTCP, Partech, and ClalTech. Existing investors Battery Ventures, 83North, TPG Growth, and Greenfield Partners also participated in the round.

Since we launched the company in 2015, Guardicore has been focused on a single vision for providing a new, innovative way to protect critical assets in the cloud and data center. Our focus, and our incredible team, has earned the trust of some of the world’s most respected brands by helping them protect what matters most to their business. As the confidence our customers have in us has grown, so has our business, which has demonstrated consistent year-over-year growth for the past three years.

Our growth is due to our ability to deliver on a new approach to secure data centers and clouds using distributed, software-defined segmentation. This approach aligns with the transformation of the modern data center, driven by cloud, hybrid cloud, and PaaS adoption. As a result, we have delivered a solution that redefines the role of firewalls and implementing Zero Trust security frameworks. More dynamic, agile, and practical security techniques are required to complement or even replace the next-generation firewall technologies. We are delivering this and give our customers the ability to innovate rapidly with the confidence their security posture can keep up with the pace of change.

Continued Innovation

The movement of critical workloads into virtualized, hybrid cloud environments, industry compliance requirements and the increase of data center breaches demands a new approach to security that moves away from legacy firewalls and other perimeter-based security products to a new, software-defined approach. This movement continues to inspire our innovations and ensure that our customers have a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment.

Our innovation is evident in several areas of the company. First, we have been able to quickly add new innovative technology into our Centra solution, working in close partnership with our customers. For example, we deliver expansive coverage of data center, cloud infrastructure and operating environments, and simpler and more intuitive ways to define application dependencies and segmentation policies. This gives our customers the right level of protection for critical applications and workloads in virtually any environment.

Second, our Guardicore Labs global research team continues to provide deep insights into the latest exploits and vulnerabilities that matter to the data center. They also equip industry with access to open source tools like Infection Monkey, and Cyber Threat Intelligence (CTI) that allows security teams to keep track of potential threats that are happening in real time.

We have also continued to build out other areas of our business, such as our partner ecosystem, which earned the five-star partner program rating from CRN since its inception two years ago, as well as our technology alliances, which include relationships with leading cloud / IaaS infrastructure players such as AWS, Azure, and Nutanix.

Looking Ahead

We are proud of our past, but even more excited about our future. While there is always more work to do, we are in a unique position to lead the market with not only great technology, but a strong roster of customers, partners and, most importantly, a team of Guardicorians that challenge the status quo every single day to deliver the most innovative solutions to meet the new requirements of a cloud-centric era. I truly believe that we have the best team in the business.

Finally, as we celebrate this important milestone, I want to say thanks to our customers who have made Guardicore their trusted security partner. It is our mission to continue to earn your trust by
ensuring you maximize the value of your security investments beyond your goals and expectations.

Guardicore Awarded 5 Stars In CRN’s 2019 Partner Program Guide

Annual Guide Recognizes the IT Channel’s Top Partner Programs; Guardicore Senior Director of Channels Named to 2019 list of CRN Channel Chiefs

Boston, Mass. and Tel Aviv, Israel – April 02, 2019 – Guardicore, a leader in internal data center and cloud security, today announced CRN®, a brand of The Channel Company, has recognized The Guardicore Partner Program with a 5 Star rating in the 2019 Partner Program Guide. Additionally, Guardicore applauds Senior Director of Channels Todd Bice for being named once again to the annual list of CRN Channel Chiefs.

CRN’s annual guide identifies the strongest and most successful partner programs in the channel today, offered by the top technology suppliers for IT products and services.  The 5 Star rating recognizes an elite subset of companies that offer solution providers the best partnering elements in their channel programs.  To determine the 2019 5 Star ratings, The Channel Company’s research team assessed each Supplier’s partner program based on investments in program offerings, partner profitability, partner training, education and support, marketing programs and resources, sales support, and communication.

“We are delighted to once again be awarded this 5 Star rating from CRN. Our partners recognize that the Guardicore channel program is designed to drive success by aligning the award-winning capabilities of our Guardicore Centra Security Platform to partners’ unique business models, helping to establish breakthrough go-to-market service offerings and driving new revenue streams,” said Todd Bice, Senior Director of Channels, and a 2019 CRN Channel Chief.

Continued Bice, “Guardicore partners value the best-in-class visibility, software-defined segmentation, and real-time breach detection and response capabilities of our platform, which help to ensure protection of their clients’ most critical assets as they face a growing attack surface and increasing complexities involved in defending hybrid environments. Today’s honor, combined with continued traction in the Managed Security Services market and a 100 percent increase in new partner engagements since last year, demonstrates how much we value our partners and how our commitment to the channel has translated to success for their clients and businesses.”

As a CRN Channel Chief Bice demonstrated exceptional leadership, vision and commitment to Guardicore’s channel partner programs. Channel Chief honorees are selected by CRN’s editorial staff as a result of their professional achievements, standing in the industry, dedication to the channel partner community, and strategies for driving future growth and innovation.

Exclusive Networks recently joined the Guardicore Partner Program as its first value added distributor in North America. Laurent Daudré-Vignier, Exclusive Networks Executive Vice-President North America shares, “Partnering with Guardicore has enabled us to easily expand delivery of cloud security services to our clients. Through its innovative channel program Guardicore enables us to address potential blind spots for our customers, helping to protect critical data center assets in dynamic environments with software-defined micro-segmentation and distributed breach detection and automated attack mitigation.”

Guardicore Partner Program

The award-winning Guardicore Partner Program offers differentiated go-to-market service offerings and revenue opportunities for our growing ecosystem of partners. It is designed to drive value for partners by helping them gain a competitive advantage in the security marketplace. Guardicore partners can leverage the Guardicore Centra Security Platform to deliver project-based service engagements, embed it into an operational services model or simply resell to address a specific use case.  The Guardicore Partner Program was created to meet the unique needs of different partner types including resellers, service providers, managed security services and technology partners.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.