Posts

PLEASE_READ_ME: The Opportunistic Ransomware Devastating MySQL Servers

Guardicore Labs uncovers a sophisticated, multifunctional P2P botnet written in Golang and targeting SSH servers.

Migrating to the Cloud Fast and Securely

There are numerous different ways to make your move to the cloud. According to Gartner, the five most common techniques are rehosting, refactoring, revising, rebuilding, or replacing. Yet every one of those options has a few commonalities: you will always need to understand what assets will be involved, how they communicate, and the ways they interact with your broader IT environment.

After helping organizations of all sizes and complexity levels simplify and accelerate their cloud migration projects, Guardicore has identified five simple steps that can streamline those common points. Following these steps helps assure a fast migration while also enabling you to ensure that security and compliance policies extend to the new infrastructure

5 simple steps to a fast and secure cloud migration

Ready for a sneak preview? Check out this short video for the quick overview before diving into the detailed instructions for how to achieve a fast and secure cloud migration.

1. Map application workloads

Typically, 73% of cloud migrations take more than a year to complete1. Even migrating a single application can take as long as four months2. However, with Guardicore, you can drastically speed up the timeline of your project from step one.

Once installed, Guardicore Centra automatically generates a detailed map of activity across all your environments. Process-level activity is correlated with network events, giving you a visual view of all workloads.
You can then drill down for more detail, including granular information on specific assets and processes. This helps you determine what elements you need to consider during your migration, so you can accurately scope your project.

2. Identify service dependencies

Many applications have service dependencies that they rely on to operate, such as DNS, active directory, or update services. These need to be documented and correctly configured as a part of the migration process.

For instance, you may not want your newly migrated cloud application to have access to the on-premises active directory for security or compliance reasons. Therefore, rehosting it or setting up another instance may be a better option for your business.

Guardicore can help you determine what dependencies exist today. Once those dependencies are identified, you can make a proactive and informed decision on how you would like to set up these services before you migrate. In this way you can avoid unplanned delays.


Guardicore provides detailed insights into service and business dependencies

3. Identify business dependences

In addition to ensuring service dependencies are taken care of, other elements in your environment likely require access to the newly migrated asset to keep your business running as usual. One common use case for financial services organizations, for instance, is the need for billing, accounting, and SWIFT applications to communicate with a banking application migrated to the cloud.

In order to ensure that everything continues operating as expected post-migration, Guardicore provides you with the granular visibility you need to understand communication between each relevant element. This includes insights into connections between protocols, ports, and processes.

This visibility lets you plan how to configure for today’s dependencies. It also helps you decide whether or not to make a change moving forward (like creating a cloud instance of an accounting application in order to avoid an on-premises-to-cloud dependency). Moreover, it allows you avoid potential outages that can occur when you decommission on-premises versions of applications after a migration.

4. Migrate your assets to the cloud

Once you’ve gone through the process of mapping assets and thoroughly understanding dependencies, you can confidently begin your cloud migration. During this time, you can also define any segmentation policies needed to further reduce risk and ensure compliance.

Guardicore Risk Reduction Analysis Report

See how micro-segmentation can shrink attack surface up to 99%

Learn about our free, no-touch, zero-impact, personalized report that quantifies risk reduction from using software-based segmentation in your own environment

MEASURE RISK REDUCTION RESULTS

 

Because Guardicore presents real-time and historical network data in a centralized platform, it’s easy to spot communication flows that might increase risk or result in non-compliance. You can then limit exchanges between assets as needed.

There is an additional bonus to defining policies before undergoing a cloud migration. Since Guardicore operates independently of the underlying infrastructure, policies follow the workloads. Thus, existing security controls carry over to the cloud. There, they can be fine-tuned for an asset’s new environment, saving even more time.

“The entire segmenting of the Somos infrastructure, applications, and data had been completed when we entered the new environment.”

Alex Amorim – Information Security Manager

5. Check and validate your cloud migration

After you’ve completed your cloud migration, it’s important to do one last thorough check. Now is the time to validate that you have accounted for all dependencies and that the correct security policies are in place.

Once you’ve confirmed everything is as it should be, you can securely shut down any on-premises assets you want to decommission. All that’s left is to toast to a successful migration!

Congratulations on completing your fast and secure cloud migration!

Going through these five steps with Guardicore Centra can drastically simplify and speed up your migration to the cloud. Ready to see that kind of success in action for yourself? Check out this five-minute walkthrough of moving an e-commerce application to the cloud:

WarezTheRemote: Turning Remotes into Listening Devices

Guardicore Labs uncovers a sophisticated, multifunctional P2P botnet written in Golang and targeting SSH servers.

FritzFrog: A New Generation of
Peer-to-Peer Botnets

Guardicore Labs uncovers a sophisticated, multifunctional P2P botnet written in Golang and targeting SSH servers.

Test Your ATT&CK Before the Attack With Guardicore Infection Monkey

Test Your ATT&CK Before the Attack With Guardicore Infection Monkey

What’s a 10? Pwning vCenter with
CVE-2020-3952

Guardicore Labs provides a full, detailed technical analysis of the latest vulnerability from VMware – CVE-2020-3952. The bug, which hit the maximal score of CVSS 10.0, allows a malicious actor to take over the complete vSphere infrastructure, with all its machines and servers.

The Vollgar Campaign: MS-SQL Servers Under Attack

Guardicore Labs uncovers an attack campaign that’s been under the radar for almost two years, breaching MS-SQL servers and infecting them with remote-access tools and cryptominers.

Are You up to Date with the Latest Guardicore Cyber Security Ecosystem News?

2019 was an incredible year of growth and innovation for Guardicore and the world-class technology ecosystem that passionately supports it. The future for software-defined cloud and data center security transformation looks more attainable than ever. A growing number of technology vendors, both large and small, now work with us to deliver joint solutions to solve some of the biggest cyber security pain points of today’s enterprise customers.

We are honored to have some of the world’s most well-known companies as our customers, and to work together with them to secure their most critical assets as part of their digital transformation strategy. These customers build, run and manage an integrated set of applications and services to deliver a unique experience for their own internal and external customers in turn. Guardicore, alongside our technology alliance partners provides a pragmatic enterprise-ready solution that allows our customers to embrace a complex and innovative hybrid cloud environment, both culturally and through technology. As we continue to evolve in this new year, I wanted to mention and highlight a few updates.

Cloud Updates:

Guardicore is now available on the Microsoft Azure marketplace as a preferred solution after earning an IP co-sell status. Customers worldwide can now gain access to the Guardicore Centra security platform directly from the Azure marketplace.

Guardicore was selected to join the AWS’ Outpost announcement. Outposts are developed, installed and deployed by AWS on customer premises and managed as if they are part of the cloud. Read more about it in our recent blog.

Don’t miss the recent AWS and Guardicore Webinar featuring our own Dave Klein and Moe Alhassan, Partner Solutions Architect at AWS, on securing and monitoring critical assets and applications on AWS.

Native Cloud Orchestration Updates:

Guardicore now provides out-of-the-box native integration with all large Cloud Service Providers: Amazon Web Services, Microsoft Azure, Google Cloud Platform and Oracle Cloud Infrastructure. This is in addition to VMware and OpenStack integration and support for other orchestration services via built-in RESTful API. This allows our customers to truly embrace and use a hybrid cloud infrastructure, allowing them to migrate from on-premises data centers to any cloud or clouds choosing the right technology that meet their needs, whether that’s hosted servers, IaaS, PaaS or hybrid.

New Eco-system Product Certifications:

We are happy to announce that the Splunk application for Guardicore has passed the Splunk certification process. The application and the add on are now available directly from Splunkbase. Guardicore integration is available for version 7.3 and above, including the newly released Splunk version 8.x

Guardicore Centra is now listed in the SUSE catalogue which you can find here, and is a proud member of the SolidDriver program. It is also available in the IBM Global Solution Directory.

Identity Management Updates

Guardicore completed an integration as well as product certifications with Privileged Access Management solution provider CyberArk (Centra Privileged Session Management plugin available from the CyberArk marketplace) and identity providers Okta, Duo, Ping Identity, Ilex International, and Redhat SSO using SAML and Active Directory Integration. To learn more about using Guardicore Centra with CyberArk read our blog on the integration.

On-premises Virtual Desktops and Desktop-as-a-Service

Guardicore Centra is validated as Citrix ready for Citrix Virtual Apps and Desktops and is listed in the Citrix Ready Marketplace. You can read more about it in this blog. In addition, we have shared information on how Centra can be used to segment users on Amazon Workspaces (DaaS).

We’re also excited about the future innovation that will be announced and demonstrated later this year. As our technology partners continue to work with us to deliver integrated solutions, you can expect more exciting announcements. Stay tuned and keep up with our blog for the most up-to-date information.

Want to learn more about how Guardicore micro-segmentation can help you protect AWS workloads? Download our white paper on supplementing cloud security and going beyond the shared security model.

Read More

When Firewalls & Traditional Segmentation Fail, What’s the Next Big Thing?

Ask many of today’s enterprise businesses what the most important factors are to remain competitive in their industry, and you’re likely to get an answer that includes both speed and innovation. There’s always another competitor snapping at your heels, and there aren’t enough hours in the day to get down your to-do lists. The faster you can go live with new features and updates, the better.

For many, this comes at a severely high price – security. If speed and innovation are the top items on the agenda, how can you balance this with keeping your sensitive information or critical assets safe? Of course, pushing security onto the back burner is never a solution, as increased risk, compliance and internal governance mandates will continually remind us.

A fellow cybersecurity evangelist Tricia Howard and I discussed this conundrum a while back. She came up with a terrific visual representation of this dilemma which can be seen in the Penrose Triangle, below. This diagram, also known as the ‘impossible triangle’ is an optical illusion. In this drawing, the two bottom points, speed and innovation, make the top point, security, seem like it’s further away – but it’s not.

penrose triangle

Penrose “Impossible” Triangle. Used in an analogy to modern IT challenges as proposed by cyber evangelist Tricia Howard.

First, let’s look at how organizations are achieving the speed and innovation corners of this triangle, and then we can see why securing our IT environments has become more of a challenge while still an ACHIEVABLE one.

Understanding the Cloud and DevOps Best Practices

There are two key elements to the DevOps process as we know it today. The first one is simplifying management by decoupling it from underlying platforms. Instead of managing each system/platform separately, DevOps and Cloud best practices seek solutions that provide an abstraction layer. Using this layer, enterprises can work across all systems, from legacy to future-focused, without impediment. It’s streamlining that has become essential in today’s enterprises which have everything from legacy, end of life operating systems and platforms, to modern virtualized environments, clouds and containers.

Secondly, DevOps and Cloud best practices utilize automated provisioning, management and autoscaling of workloads, allowing them to work faster and smarter. These are implemented through playbooks, scripts like Chef, Puppet and Ansible to name a few.

Sounds Great, but not for Traditional Segmentation Tools

These new best practices allow enterprises to push out new features quickly, remain competitive, and act at the speed of today’s fast-paced world. However, securing these by traditional security methods is all but impossible.

Historically, organizations would use firewalls, VLANs and ACLs for on-premises systems, and then virtualized firewalls and Security Groups in their cloud environments. Without an established external perimeter, with so many advanced cyberattacks, and with dynamic change happening all the time, these have now become yesterday’s solution. Here are just some of the problems:

  • Complex to manage: Having multiple systems just isn’t realistic. Using Firewalls, VLANs and ACLs on-premises and security groups in the cloud for example means that you have multiple systems to manage, which add to management complexity, are resource intensive and do not provide the seamless visibility required. The rule-sets vary, and can even contradict one another, and you don’t know if you have gaps that could leave you open to unnecessary risk.
  • Increased maintenance: Changes for these systems need to be carried out manually, and nothing less than automation is enough for today’s complex IT environments. You may have tens of thousands of servers or communication flows to handle, and it’s impossible to do this with the human touch.
  • Low visibility: For strong security, your business needs to be able to see down to process level, include user/identity and domain name information across all systems and assets. With a lack of basic visibility, your IT teams cannot understand application and user workflows or behavior. Any simple change could cause an outage or a problem that slows down business as usual.
  • Platform-specific: For example, VLANs do not work on the cloud, or Security Groups won’t help on-premises. To ensure you have wide coverage, you need a security solution that can visualize and control everything, from the most legacy infrastructure or bare metal servers all the way through to clouds, containers and serverless computing.
  • Coarse controls: The most common traditional segmentation tools are port and IP-based, despite today’s attackers going after processes, users or workloads for their attacks. Firewalls are innately perimeter controls, so cannot be placed between most traffic points. While companies attempt to fix this by re-engineering traffic flows, this is a huge effort that can become a serious bottleneck.

Introducing Software-Defined Segmentation: An Approach That Works with DevOps From the Start

With these challenges in mind, there are security solutions that take advantage of DevOps and cloud best practices, and allow us to build an abstraction layer that simplifies visibility and control across our environment in a seamless, streamlined fashion. One that allows us to take advantage of DevOps and cloud automation to gain speed as well.

Software-defined segmentation is built to address the challenges of traditional tools for the hybrid cloud and modern data center from the start. Just like with cloud or DevOps processes, the visibility and policy management is decoupled from the underlying platforms, working on an abstraction layer across all environments and operating systems. On one unique platform, organizations can gain deep visibility and control over their entire IT ecosystem, from legacy systems through to the most future-focused technology. The insight you receive is far more granular than with any traditional segmentation tools, allowing you to see at a glance the dependencies among applications, users, and workloads, making it simple to define and enforce the right policy for your business needs. These policies can be enforced by process, user identity, and FQDN, rather than relying on port and IP that will do little to thwart today’s advanced threats.

Software-defined segmentation follows the DevOps mindset in more ways than one. It incorporates the same techniques for efficiency, innovation and speed, such as automated provisioning, management, and autoscaling. Developers can continue to embrace a ‘done once, done right’ attitude, using playbooks and scripts such as Chef, Puppet and Ansible to speed up the process from end to end, and automate faster, rather than rely on manual moves, changes, adds or deletes.

Embrace the New, but Cover the Old

Software-defined segmentation is a new age for cybersecurity, providing a faster, more granular way for enterprises to protect their critical assets. Projects that in the past may have spanned many years can now be done in a matter of a few weeks with this new approach, quickly reducing risk and validating compliance.

If your segmentation solution is stuck in the past, you’re leaving yourself open to risk, making it far easier for hackers to launch an attack, and you’re unlikely to be living up to the necessary compliance mandates for your industry.

Instead, think about a new approach that, just like your DevOps practices, is decoupled from any particular infrastructure, and is both automatable and auto-scalable. On top of this, make sure that it provides equal visibility and control across the board in a granular way, so that speed and innovation can thrive, with security an equal partner in the triangle of success.

January 2020’s Patch Tuesday

Guardicore Labs extracts what you need to know regarding the January 2020 Patch Tuesday and data centers.