Posts

Guardicore vs. VLANs. No Contest. All That’s Left is Deciding What to Do with Your Free Time

A fast-paced business world deserves security solutions that can keep up. Speed isn’t everything, but reducing complexity and time when deploying a new strategy can be the difference between success and failure. Let’s look at the process of segmenting just one business critical application via VLANs, and then compare how it works with Guardicore Centra micro-segmentation. Then you can decide how to use all that spare time wisely.

VLANs – How Long Does it Take?

If you decide to go down the VLAN route, you will need to spend around 4-6 months preparing your network and application changes. On the networking side, teams will configure switches, connect servers, and generally get the network ready for the new VLANs. On the application side, teams will build a migration strategy, starting with discovering all the relevant infrastructure, making changes to application code where necessary and preparing any pre-existing dependent applications for the change ahead of time.

After this 6-month period, you can start to build policy. It can take anywhere from 2-4 months to submit firewall change requests and have fixes and changes signed off and approved by the firewall governance teams. Meanwhile, your critical applications remain vulnerable.

Once you’re ready to move on to policy enforcement, you’ll need to spend a weekend migrating the application to the new VLAN. This includes manually reconfiguring IP addresses, applications and integration points. Don’t forget to warn your users, as there will be some application downtime that you can’t avoid. Altogether, you’ve spent up to 10 months performing this one segmentation task.

VLANs vs Guardicore

Guardicore Centra – How Long Does it Take?

Now let’s take a look at how it works when you choose smart segmentation for hybrid cloud and modern data center security with Guardicore. The preparation time is just a few days, as opposed to half a year, while Guardicore agents are deployed onto your application. This installation is simple and painless, and works with any platform. Labeling is also done during this time, integrating with your organizational inventory such as CMDB or cloud tags. Guardicore’s Reveal platform automatically discovers all traffic and flows, giving you an accurate map of your IT ecosystem, in real time, and continues to give you historical views as you proceed as well.

As policy creation is automatic, your policy suggestions can be tested immediately, and then run in ‘alert mode’ for two weeks while you tweak your policy to make sure it’s optimized to its full potential. When you’re ready to go – pick a day and switch from alert to enforce mode, with no impact on performance, and no downtime.

You’ve Just Saved 9 Months – Let’s Use It!

With security handled, and 9 months of time to kill, here are just some of the things you could achieve in your organization.

Start a Language Lunch Club

quick segmentation - start a language lunch club

90% of employees say that taking a regular lunch break helps them to feel more productive in the afternoon. Despite this, most of us often grab a quick sandwich, or don’t even manage to get up from our desks. Why not use some of your newfound company “free time” to encourage teams to eat lunch together, socializing and enjoying some much needed down-time? This time ‘off’can give colleagues a chance to get to know one another, forming new friendships, social bonds and levels of trust between your staff. If you want to try to combine this with learning a new skill and further enriching your staff (expanding their minds and improving memory and brain function), you could start a language club where your team members can learn basic skills that can support them in reaching global customers. With 180 hours to kill – that’s a whole lot of lazy, or super-productive, lunches!

Play with Lego!

quick segmentation - play with lego

Many organizations struggle with how to make team meetings more productive, especially when everyone is always so short on time. If you’re known for sharing memes like “I survived another meeting that should have been an email,” then isn’t it time you did something about it?

Lego Serious Play is one great methodology that can get staff thinking and working outside of the box. As 80% of our brain cells are connected to our hands, building and creating can unlock hidden thoughts and ideas. It’s also a fantastic way to get input from quieter team members, as it works for both introverts and extroverts, and uses visual, kinaesthetic and auditory communication. If you have some free time left over, why not try beating the world record for the tallest Lego tower, built in Tel Aviv in 2017. You’ll have to make it to 36 meters to stand a chance though!

Put more Time into Health and Wellness

quick segmentation - put time into health and wellness

With more time in the day, there’s no need to take shortcuts that adversely affect your health. Tell your employees to skip the elevator and take the stairs, or to come in slightly later and cycle instead of jumping on available public transport. If your staff take the stairs twice a day for the whole nine months of saved time – that’s 12,600 calories, or the equivalent of 50 pieces of cheesecake!

Research has shown that employees who have work wellness programs report taking 56% fewer sick days than those without. Use some of the free time you’re saving to set up 8:30am or 5:00pm wellness classes, such as yoga, mindfulness, aerobics or Zumba and give your employees more reasons to love coming to work! Activity also encourages greater focus and productivity while on the job, so consider it a triumph to flex the muscles of your body and your mind.

Do More with Your Day Job

quick segmentation - do more with your day job

Spend some time getting to know other departments in the company, sitting down with Procurement to understand recent contracts, or heading over to R&D and having that conversation you’ve been meaning to have about Intellectual Property. Nine months makes 1440 hour-long coffee meetings! Better yet, why not plan a stint to an at least semi-exotic location to visit your offshore development teams on site? Allow yourself a bit of time out of the office while getting some all-important face-time with other members of your team.

You could also use some of your extra time to visit some customers or other stakeholders in the supply chain, identifying the risks that they pose to your organization and the mitigation you could put in place. Interested in some more informal professional development? It’s the perfect time to start a training to develop or expand a new skill, or mentoring some junior employees, or think about your own career enrichment. After all, you’ve just saved nine months!

Encourage Innovation

quick segmentation - encourage innovation

Most people have heard of Google’s 20% rule, where employees are encouraged to work on side projects, new hustles, or research for 20% of their working day. But for many companies this is a huge privilege – only possible if you have enough time in the day to get all the urgent work off your desk- which we know is never the case. But now with more time to play with, literally, you can implement some enforced innovation time. With 9 months of extra time to use up, it will take four and a half years of an hour a day before your staff have used up the surplus.

Now It’s your Turn to Innovate: What Will Your Teams Do With Their Free Time?

Why not draw up a bucket list of what you could do with an extra nine months, and how it could benefit your company?

Take a look at the seven steps to operationalize micro-segmentation so you can see just how simple it would be to get started.

Read More



The Risk of Legacy Systems in a Modern-Day Hybrid Data Center

If you’re still heavily reliant on legacy infrastructure, you’re not alone. In many industries, legacy servers are an integral part of ‘business as usual’ and are far too complex or expensive to replace or remove.

Examples include Oracle databases that run on Solaris servers, applications using Linux RHEL4, or industry-specific legacy technology. Think about legacy AIX machines that often manage the processing of transactions for financial institutions, or end of life operating systems such as Windows XP that are frequently used as end devices for healthcare enterprises. While businesses do attempt to modernize these applications and infrastructure, it can take years of planning to achieve execution, and even then might never be fully successful.

When Legacy Isn’t Secured – The Whole Data Center is at Risk

When you think about the potential risk of legacy infrastructure, you may go straight to the legacy workloads, but that’s just the start. Think about an unpatched device that is running Windows XP. If this is exploited, an attacker can gain access directly to your data center. Security updates like this recent warning about a remote code execution vulnerability in Windows Server 2003 and Windows XP should show us how close this danger could be.

Gaining access to just one unpatched device, especially when it is a legacy machine, is relatively simple. From this point, lateral movement can allow an attacker to move deeper inside the network. Today’s data centers are increasingly complex and have an intricate mix of technologies, not just two binary categories of legacy and modern, but future-focused and hybrid such as public and private clouds and containers. When a data center takes advantage of this kind of dynamic and complex infrastructure, the risk grows exponentially. Traffic patterns are harder to visualize and therefore control, and attackers are able to move undetected around your network.

Digital Transformation Makes Legacy More Problematic

The threat that legacy servers pose is not as simple as it was before digital transformation. Modernization of the data center has increased the complexity of any enterprise, and attackers have more vectors than ever before to gain a foothold into your data centers and make their way to critical applications of digital crown jewels.

Historically, an on-premises application might have been used by only a few other applications, probably also on premises. Today however, it’s likely that it will be used by cloud-based applications too, without any improvements to its security. By introducing legacy systems to more and more applications and environments, the risk of unpatched or insecure legacy systems is growing all the time. This is exacerbated by every new innovation, communication or advance in technology.

Blocking these communications isn’t actually an option in these scenarios, and digital transformation makes these connections necessary regardless. However, you can’t embrace the latest innovation without securing business-critical elements of your data center. How can you rapidly deploy new applications in a modern data center without putting your enterprise at risk?

Quantifying the Risk

Many organizations think they understand their infrastructure, but don’t actually have an accurate or real-time visualization of their IT ecosystem. Organizational or ‘tribal’ knowledge about legacy systems may be incorrect, incomplete or lost, and it’s almost impossible to obtain manual visibility over a modern dynamic data center. Without an accurate map of your entire network, you simply can’t quantify what the risks are if an attack was to occur.

Once you’ve obtained visibility, here’s what you need to know:

  1. The servers and endpoints that are running legacy systems.
  2. The business applications and environments where the associated workloads belong.
  3. The ways in which the workloads interact with other environments and applications. Think about what processes they use and what goals they are trying to achieve.

Once you have this information, you then know which workloads are presenting the most risk, the business processes that are most likely to come under attack, and the routes that a hacker could use to get from the easy target of a legacy server, across clouds and data centers to a critical prized asset. We often see customers surprised by the ‘open doors’ that could lead attackers directly from an insecure legacy machine to sensitive customer data, or digital crown jewels.

Once you’ve got full visibility, you can start building a list of what to change, which systems to migrate to new environments, and which policy you could use to protect the most valuable assets in your data center. With smart segmentation in place, legacy machines do not have to be a risky element of your infrastructure.

Micro-segmentation is a Powerful Tool Against Lateral Movement

Using micro-segmentation effectively reduces risk in a hybrid data center environment. Specific, granular security policy can be enforced, which works across all infrastructure – from legacy servers to clouds and containers. This policy limits an attacker’s ability to move laterally inside the data center, stopping movement across workloads, applications, and environments.

If you’ve been using VLANs up until now, you’ll know how ineffective they are when it comes to protecting legacy systems. VLANs usually place all legacy systems into one segment, which means just one breach puts them all in the line of fire. VLANs rely on firewall rules that are difficult to maintain and do not leverage sufficient automation. This often results in organizations accepting loose policy that leaves it open to risk. Without visibility, security teams are unable to enforce tight policy and flows, not only among the legacy systems themselves, but also between the legacy systems and the rest of a modern infrastructure.

One Solution – Across all Infrastructure

Many organizations make the mistake of forgetting about legacy systems when they think about their entire IT ecosystem. However, as legacy servers can be the most vulnerable, it’s essential that your micro-segmentation solution works here, too. Covering all infrastructure types is a must-have for any company when choosing a micro-segmentation vendor that works with modern data centers. Even the enterprises who are looking to modernize or replace their legacy systems may be years away from achieving this, and security is more important than ever in the meantime.

Say Goodbye to the Legacy Challenge

Legacy infrastructure is becoming harder to manage. The servers and systems are business critical, but it’s only becoming harder to secure and maintain them in a modern hybrid data center. Not only this, but the risk, and the attack surface are increasing with every new cloud-based technology and every new application you take on.

Visibility is the first important step. Security teams can use an accurate map of their entire network to identify legacy servers and their interdependencies and communications, and then control the risks using tight micro-segmentation technology.

Guardicore Centra can cover legacy infrastructure alongside any other platform, removing the issue of gaps or blind spots for your network. Without fear of losing control over your existing legacy servers, your enterprise can create a micro-segmentation policy that’s future-focused, with support for where you’ve come from and built for today’s hybrid data center.

Interested in learning more about implementing a hybrid cloud center security solution?

Download our white paper