Posts

Are You up to Date with the Latest Guardicore Cyber Security Ecosystem News?

2019 was an incredible year of growth and innovation for Guardicore and the world-class technology ecosystem that passionately supports it. The future for software-defined cloud and data center security transformation looks more attainable than ever. A growing number of technology vendors, both large and small, now work with us to deliver joint solutions to solve some of the biggest cyber security pain points of today’s enterprise customers.

We are honored to have some of the world’s most well-known companies as our customers, and to work together with them to secure their most critical assets as part of their digital transformation strategy. These customers build, run and manage an integrated set of applications and services to deliver a unique experience for their own internal and external customers in turn. Guardicore, alongside our technology alliance partners provides a pragmatic enterprise-ready solution that allows our customers to embrace a complex and innovative hybrid cloud environment, both culturally and through technology. As we continue to evolve in this new year, I wanted to mention and highlight a few updates.

Cloud Updates:

Guardicore is now available on the Microsoft Azure marketplace as a preferred solution after earning an IP co-sell status. Customers worldwide can now gain access to the Guardicore Centra security platform directly from the Azure marketplace.

Guardicore was selected to join the AWS’ Outpost announcement. Outposts are developed, installed and deployed by AWS on customer premises and managed as if they are part of the cloud. Read more about it in our recent blog.

Don’t miss the recent AWS and Guardicore Webinar featuring our own Dave Klein and Moe Alhassan, Partner Solutions Architect at AWS, on securing and monitoring critical assets and applications on AWS.

Native Cloud Orchestration Updates:

Guardicore now provides out-of-the-box native integration with all large Cloud Service Providers: Amazon Web Services, Microsoft Azure, Google Cloud Platform and Oracle Cloud Infrastructure. This is in addition to VMware and OpenStack integration and support for other orchestration services via built-in RESTful API. This allows our customers to truly embrace and use a hybrid cloud infrastructure, allowing them to migrate from on-premises data centers to any cloud or clouds choosing the right technology that meet their needs, whether that’s hosted servers, IaaS, PaaS or hybrid.

New Eco-system Product Certifications:

We are happy to announce that the Splunk application for Guardicore has passed the Splunk certification process. The application and the add on are now available directly from Splunkbase. Guardicore integration is available for version 7.3 and above, including the newly released Splunk version 8.x

Guardicore Centra is now listed in the SUSE catalogue which you can find here, and is a proud member of the SolidDriver program. It is also available in the IBM Global Solution Directory.

Identity Management Updates

Guardicore completed an integration as well as product certifications with Privileged Access Management solution provider CyberArk (Centra Privileged Session Management plugin available from the CyberArk marketplace) and identity providers Okta, Duo, Ping Identity, Ilex International, and Redhat SSO using SAML and Active Directory Integration. To learn more about using Guardicore Centra with CyberArk read our blog on the integration.

On-premises Virtual Desktops and Desktop-as-a-Service

Guardicore Centra is validated as Citrix ready for Citrix Virtual Apps and Desktops and is listed in the Citrix Ready Marketplace. You can read more about it in this blog. In addition, we have shared information on how Centra can be used to segment users on Amazon Workspaces (DaaS).

We’re also excited about the future innovation that will be announced and demonstrated later this year. As our technology partners continue to work with us to deliver integrated solutions, you can expect more exciting announcements. Stay tuned and keep up with our blog for the most up-to-date information.

Want to learn more about how Guardicore micro-segmentation can help you protect AWS workloads? Download our white paper on supplementing cloud security and going beyond the shared security model.

Read More

When Firewalls & Traditional Segmentation Fail, What’s the Next Big Thing?

Ask many of today’s enterprise businesses what the most important factors are to remain competitive in their industry, and you’re likely to get an answer that includes both speed and innovation. There’s always another competitor snapping at your heels, and there aren’t enough hours in the day to get down your to-do lists. The faster you can go live with new features and updates, the better.

For many, this comes at a severely high price – security. If speed and innovation are the top items on the agenda, how can you balance this with keeping your sensitive information or critical assets safe? Of course, pushing security onto the back burner is never a solution, as increased risk, compliance and internal governance mandates will continually remind us.

A fellow cybersecurity evangelist Tricia Howard and I discussed this conundrum a while back. She came up with a terrific visual representation of this dilemma which can be seen in the Penrose Triangle, below. This diagram, also known as the ‘impossible triangle’ is an optical illusion. In this drawing, the two bottom points, speed and innovation, make the top point, security, seem like it’s further away – but it’s not.

penrose triangle

Penrose “Impossible” Triangle. Used in an analogy to modern IT challenges as proposed by cyber evangelist Tricia Howard.

First, let’s look at how organizations are achieving the speed and innovation corners of this triangle, and then we can see why securing our IT environments has become more of a challenge while still an ACHIEVABLE one.

Understanding the Cloud and DevOps Best Practices

There are two key elements to the DevOps process as we know it today. The first one is simplifying management by decoupling it from underlying platforms. Instead of managing each system/platform separately, DevOps and Cloud best practices seek solutions that provide an abstraction layer. Using this layer, enterprises can work across all systems, from legacy to future-focused, without impediment. It’s streamlining that has become essential in today’s enterprises which have everything from legacy, end of life operating systems and platforms, to modern virtualized environments, clouds and containers.

Secondly, DevOps and Cloud best practices utilize automated provisioning, management and autoscaling of workloads, allowing them to work faster and smarter. These are implemented through playbooks, scripts like Chef, Puppet and Ansible to name a few.

Sounds Great, but not for Traditional Segmentation Tools

These new best practices allow enterprises to push out new features quickly, remain competitive, and act at the speed of today’s fast-paced world. However, securing these by traditional security methods is all but impossible.

Historically, organizations would use firewalls, VLANs and ACLs for on-premises systems, and then virtualized firewalls and Security Groups in their cloud environments. Without an established external perimeter, with so many advanced cyberattacks, and with dynamic change happening all the time, these have now become yesterday’s solution. Here are just some of the problems:

  • Complex to manage: Having multiple systems just isn’t realistic. Using Firewalls, VLANs and ACLs on-premises and security groups in the cloud for example means that you have multiple systems to manage, which add to management complexity, are resource intensive and do not provide the seamless visibility required. The rule-sets vary, and can even contradict one another, and you don’t know if you have gaps that could leave you open to unnecessary risk.
  • Increased maintenance: Changes for these systems need to be carried out manually, and nothing less than automation is enough for today’s complex IT environments. You may have tens of thousands of servers or communication flows to handle, and it’s impossible to do this with the human touch.
  • Low visibility: For strong security, your business needs to be able to see down to process level, include user/identity and domain name information across all systems and assets. With a lack of basic visibility, your IT teams cannot understand application and user workflows or behavior. Any simple change could cause an outage or a problem that slows down business as usual.
  • Platform-specific: For example, VLANs do not work on the cloud, or Security Groups won’t help on-premises. To ensure you have wide coverage, you need a security solution that can visualize and control everything, from the most legacy infrastructure or bare metal servers all the way through to clouds, containers and serverless computing.
  • Coarse controls: The most common traditional segmentation tools are port and IP-based, despite today’s attackers going after processes, users or workloads for their attacks. Firewalls are innately perimeter controls, so cannot be placed between most traffic points. While companies attempt to fix this by re-engineering traffic flows, this is a huge effort that can become a serious bottleneck.

Introducing Software-Defined Segmentation: An Approach That Works with DevOps From the Start

With these challenges in mind, there are security solutions that take advantage of DevOps and cloud best practices, and allow us to build an abstraction layer that simplifies visibility and control across our environment in a seamless, streamlined fashion. One that allows us to take advantage of DevOps and cloud automation to gain speed as well.

Software-defined segmentation is built to address the challenges of traditional tools for the hybrid cloud and modern data center from the start. Just like with cloud or DevOps processes, the visibility and policy management is decoupled from the underlying platforms, working on an abstraction layer across all environments and operating systems. On one unique platform, organizations can gain deep visibility and control over their entire IT ecosystem, from legacy systems through to the most future-focused technology. The insight you receive is far more granular than with any traditional segmentation tools, allowing you to see at a glance the dependencies among applications, users, and workloads, making it simple to define and enforce the right policy for your business needs. These policies can be enforced by process, user identity, and FQDN, rather than relying on port and IP that will do little to thwart today’s advanced threats.

Software-defined segmentation follows the DevOps mindset in more ways than one. It incorporates the same techniques for efficiency, innovation and speed, such as automated provisioning, management, and autoscaling. Developers can continue to embrace a ‘done once, done right’ attitude, using playbooks and scripts such as Chef, Puppet and Ansible to speed up the process from end to end, and automate faster, rather than rely on manual moves, changes, adds or deletes.

Embrace the New, but Cover the Old

Software-defined segmentation is a new age for cybersecurity, providing a faster, more granular way for enterprises to protect their critical assets. Projects that in the past may have spanned many years can now be done in a matter of a few weeks with this new approach, quickly reducing risk and validating compliance.

If your segmentation solution is stuck in the past, you’re leaving yourself open to risk, making it far easier for hackers to launch an attack, and you’re unlikely to be living up to the necessary compliance mandates for your industry.

Instead, think about a new approach that, just like your DevOps practices, is decoupled from any particular infrastructure, and is both automatable and auto-scalable. On top of this, make sure that it provides equal visibility and control across the board in a granular way, so that speed and innovation can thrive, with security an equal partner in the triangle of success.

Securing modern data centers and clouds needs a whole new approach to segmentation. To learn more about it, check out our white paper.

Download now

January 2020’s Patch Tuesday

Guardicore Labs extracts what you need to know regarding the January 2020 Patch Tuesday and data centers.

Threats Making WAVs – Incident Response to a Cryptomining Attack

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.

Iran Cyber Threats and Defenses

Guardicore Labs explains the danger and current status of online Iranian attacks

Windows Server 2008 R2 and Windows 7 are End of Life

Discover the steps to harden machines running Windows 7, Windows Server 2008 and Windows Server 2008 R2 against the inevitable unpatched vulnerability that will be disclosed for these systems.

Guardicore Centra Security Platform Verified as Citrix Ready

Micro-segmentation Solution Enables Strong Security for Citrix Virtual Apps and Desktops by Isolating Workloads and Preventing Lateral Movement

Boston, Mass. and Tel Aviv, Israel – November 12, 2019 – Guardicore, a leader in internal data center and cloud security, today announced its solution has been verified as Citrix® Ready. The Citrix Ready technology partner program offers robust testing, verification, and joint marketing for Digital Workspace, Networking, and Analytics solutions – with over 30,000 verifications listed in the Citrix Ready Marketplace. Guardicore completed a rigorous testing and verification process for its Guardicore Centra security platform to ensure compatibility with Citrix Virtual Apps and Desktops, providing confidence in joint solution compatibility.

“Using Guardicore Centra’s micro-segmentation capabilities, Citrix customers can now more effectively create and enforce policies that isolate Citrix Virtual Apps and Desktops securely, delivering a Zero Trust approach and preventing unauthorized access as well as lateral movement,” said Sharon Besser, Vice President of Business Development, Guardicore. “By integrating with critical technologies from Citrix and other members of our partner ecosystem we enable customers to maximize the value of existing investments while transforming security in the cloud and software-defined data center.”

“The Guardicore Centra security platform delivers a simple and intuitive way to apply micro-segmentation controls to reduce the attack surface, detect, and control breaches,” said John Panagulias, Director, Citrix Ready. “With this integration and Citrix Ready validation, we can offer customers integrated security solutions that combine Guardicore Centra with Citrix Virtual Apps and Desktops to protect virtual workloads while enhancing productivity.”

Virtual desktop infrastructure deployments require effective security controls that can scale without losing visibility and control. Unlike traditional deployments where end-user machines can be physically isolated from the data center and controlled and monitored, securing virtual environments requires a different approach, especially when applying principles of Zero Trust. Micro-segmentation is central to the network virtualization paradigm. It enables better security for these environments by isolating workloads from each other, controlling and enforcing security policies that prevent lateral movement attacks. Guardicore augments Citrix Virtual Apps and Citrix Virtual Desktops with micro-segmentation, using its advanced capabilities for flows, applications and users to create secure zones that enhance the application of Zero Trust without compromising productivity or user experience.

Available now, Guardicore Centra supports Citrix Virtual Apps and Desktops, and older versions of Citrix XenApp and Citrix XenDesktop. Guardicore Centra for Citrix products can be found immediately in the Citrix Ready Marketplace.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Where to Start? Moving from the Theory of Zero Trust to Making it Work in Practice

Going back many years, perimeter controls were traditionally adequate for protecting enterprise networks that held critical assets and data. The hypothesis was that if you had strong external perimeter controls, watching your ingress and egress should be adequate for protection. If you were a more sophisticated or larger entity, there would be additional fundamental separation points between portions of your environment. However these were still viewed and functioned as additional perimeter points, merely concentric circles of trust with the ability, more or less, to move freely about. In cases where threats occurred within your environment, you would hope to catch them as they crossed one of these rudimentary borders.

The Moment I Realized that Perimeters Aren’t Enough

This practice worked moderately well for a while. However, around fifteen years ago, security practitioners began to feel a nascent itch, a feeling that this was not enough. I personally remember working on a case, a hospital – attacked by a very early spear phishing attack that mimicked a help desk request for a password reset. Clicking on a URL in a very official looking email, staff were sent to a fakebut official looking website where these hospital professionals were prompted to reset their credentials – or so they thought. Instead, the attack began. This was before the days of the Darknet and we even caught the German hacker boasting about what he had done – sharing the phishing email and fake website on a hacker messaging board. I worked for a company that had a fantastic IPS solution and upon deploying it, we were able to quickly catch the individual’s exfils. At first, we seemed to be winning. We cut the attacker off from major portions of a botnet that resided on the cafeteria cash registers, most of the doctors machines and to my horror, even on the automated pharmacy fulfillment computers. Two weeks later, I received a call, the attacker was back,trying to get around the IPS device in new ways. While we were able to suppress the attack for the most part, I finally had to explain to the hospital IT staff that my IPS was merely at the entrances and exits of their network and that to really stop these attacks, we needed to look at all of the machines and applications that resided within their environment. We needed the ability to look at traffic before it made its way to and from the exits. This was to be the first of many realizations for me that the reliance on perimeter-based security was slowly and surely eroding.

In the years since, the concept of a perimeter has all but completely eroded. Of course, it took quite a while for the larger population to accept. This was helped along by the business and application interdependencies that bring vendors, contractors, distributors and applications through your enterprise as well as the emergence of cloud and cloud like provisioning utilized by Dev Ops. The concept of being able to have true perimeters as a main method of prevention is no longer tangible.

It was this reality that spurred the creation of Forrester’s Zero Trust model- almost a decade ago. The basic premise is that no person or device is automatically given access or trusted without verification. In theory, this is simple. In practice, however, especially in data centers that have become increasingly hybrid and complex, this can get complicated fast.

Visibility is Foundational for Zero Trust

A cornerstone of Zero Trust is to ‘assume access.’ This means that any enterprise should assume than an attacker has already breached the perimeter. This could be through stealing credentials, a phishing scam, basic hygiene issues like poor passwords, account control and patching regimen, an IoT or third-party device, a brute force attack, or literally limitless other new vectors that make up today’s dynamic data centers.

Protecting your digital crown jewels through this complex landscape is getting increasingly tough. From isolating sensitive data for compliance or customer security, to protecting the critical assets that your operation relies on to run smoothly, you need to be able to visualize, segment and enforce rules to create an air-tight path for communications through your ecosystem.

As John Kindervag, founder of Zero Trust once said, in removing “the Soft Chewy Center” and moving towards a Zero Trust environment, visibility is step one. Without having an accurate, real-time and historical map of your entire infrastructure, including on-premises and both public and private clouds, it’s impossible to be sure that you aren’t experiencing gaps or blind spots. As Forrester analyst Chase Cunningham mandates in the ZTX Ecosystem Strategic Plan, “Visibility is the key in defending any valuable asset. You can’t protect the invisible. The more visibility you have into your network across your business ecosystem, the better chance you have to quickly detect the tell-tale signs of a breach in progress and to stop it.”

What Should Enterprises Be Seeing to Enable a Zero Trust Model?

Visibility itself is a broad term. Here are some practical necessities that are the building blocks of Zero Trust, and that your map should include.

  • Automated logging and monitoring: With an automated map of your whole infrastructure that updates without the need for manual support, your business has an always-accurate visualization of your data center. When something changes unexpectedly, this is immediately visible.
  • Classification of critical assets and data: Your stakeholders need to be able to read what they can see. Labeling and classification are therefore an integral element of visibility. Flexible labeling and grouping of assets streamlines visibility, and later, policy creation.
  • Relationships and dependencies: The best illustration of the relationships and dependencies of assets, applications and flows will give insight all the way down to process level.
  • Context: This starts with historical data as well as real-time, so that enterprises can establish baselines to use for smart policy creation. Your context can be enhanced with orchestration metadata from the cloud or third-party APIs, imported automatically to give more understanding to what you’re visualizing.

Next Step… Segmentation!

Identifying all resources across all environments is just step one, but it’s an essential first step for a successful approach to establishing a Zero Trust model. Without visibility into users, their devices, workloads across all environments, applications, and data itself, moving onto segmentation is like grasping in the dark.

In contrast, with visibility at the start, it’s intuitive to sit down and identify your enterprise’s most critical assets, decide on your unique access permissions and grouping strategy for resources, and to make intelligent and dynamic modifications to policy at the speed of change.

Want to read more about visibility and Zero Trust? Get our white paper about how to move toward a Zero Trust framework faster.

Read More

Guardicore Infection Monkey for Zero Trust

Guardicore Labs provided assistance in a ransomware investigation. We analysed the decryption process of the IEncrypt ransomware and provided a safe-to-use version of the attackers’ decryptor.

Guardicore Partners with Mellanox to Deliver Agentless and High-Performance Micro-Segmentation in Data Centers

Combination of Guardicore Centra Security Platform with Mellanox’s BlueField SmartNICs Enables Organizations to Combine the Benefits of Hardware Acceleration, Micro-segmentation and Advanced Networking at Wire Speed

Boston, Mass. and Tel Aviv, Israel – September 5, 2019 – Guardicore, a leader in internal data center and cloud security, today announced that it has partnered with Mellanox Technologies, Ltd. (NASDAQ: MLNX), a leading supplier of high-performance, end-to-end smart interconnect solutions for data center servers and storage systems, to deliver the first agentless and high-performance, low latency micro-segmentation solution for high speed 10G-100G networks. The solution leverages both the Guardicore Centra security platform and Mellanox BlueField SmartNIC solutions to provide customers with hardware-embedded micro-segmentation security. This integration allows customers using BlueField SmartNICs to support micro-segmentation requirements for high speed networks or when other agent-based solutions cannot be used. The new solution is fully integrated and managed centrally by Guardicore Centra.

“The exponential growth of the global datasphere is fueling demand for data centers that can keep pace with the speed, scale and security necessary to support digitally driven business,” said Pavel Gurvich, CEO and Co-founder, Guardicore. “We have long been committed to applying micro-segmentation techniques to help enterprise security teams cost-effectively reduce risk and limit the attack surface inside the data center without impacting performance. Partnering with Mellanox to offer an integrated solution is a natural extension of the many use cases we already support and allows us to address another set of specific customer requirements to protect data in high-speed, complex environments.”

“The first agentless and high-performance micro-segmentation solution in the IT security industry, the combination of Guardicore Centra and BlueField enables ease of deployment and operations in both new and existing environments,” said Ariel Levanon, VP Cyber Security, Mellanox Technologies. “The combined Guardicore and Mellanox solution enables enhanced visibility and policy enforcement without installing agents on compute nodes. Agents are integrated into the BlueField SmartNIC in a manner fully isolated from the application workload, while also complying with strict regulations and embracing DevOps automation. As a high-speed SmartNIC, BlueField delivers unmatched performance that enforces micro-segmentation policies in 100Gb/s networks at full wire speed.”

Unleash The Full Potential of Micro-segmentation

The joint Guardicore-Mellanox solution addresses the challenges faced by enterprises seeking to gain visibility and to protect application workloads in high-speed networks where it is not possible or practical to deploy and operate agents across their infrastructures, such as in cases of high-frequency trading, multi-tenant hosting with cloud providers, or management of third-party appliances. The solution runs on the Mellanox BlueField SmartNIC, considered a computer on its own, and not on the enterprise infrastructure. It uses hardware offload to support high-speed and low-latency requirements. Deploying Guardicore technology on BlueField provides protection without compromising either the host or the compliance regulations in any way. Additionally, running the Guardicore solution integrated on BlueField delivers unmatched enforcement performance – allowing or blocking traffic at wire speed and without any impact to server performance. The solution gives enterprises the freedom to deploy Guardicore on every workload in any environment and at any scale, including private, public and hybrid cloud instances, while supporting the following deployment options:

  • Agentless with BlueField SmartNIC – fully isolated from the host
  • Hybrid – agent running on the compute node while taking advantage of the BlueField SmartNIC for hardware acceleration
  • Native – the agent runs directly on the compute node on the host operating system or in a guest VM/container, which is the traditional type of deployment for microservices.

The best choice of deployment options varies based on the environment and type of workloads, etc., for every enterprise. BlueField is perfectly positioned for bare-metal and Kubernetes deployments; running agents on the SmartNIC removes the need to deploy and maintain agents in these environments, enabling enterprise DevOps automation. BlueField also enhances the out-of-box experience for enterprises as they roll out microservices across their infrastructures, delivering improved agility, resiliency and business continuity.

Resources

Please join our Guardicore and Mellanox experts on September 10 at 9:00 a.m. ET for a webinar to learn how Mellanox BlueField SmartNICs unleash the full potential of micro-segmentation. Topics addressed will include agentless micro-segmentation, security enforcement in hardware at full wire-speed, and full isolation. Register here to attend this session.

Availability

The joint Guardicore-Mellanox solution is available immediately from both vendors’ network of value-added resellers.

About Mellanox

Mellanox Technologies (NASDAQ: MLNX) is a leading supplier of end-to-end Ethernet and InfiniBand smart interconnect solutions and services for servers and storage. Mellanox interconnect solutions increase data center efficiency by providing the highest throughput and lowest latency, delivering data faster to applications, unlocking system performance and improving data security. Mellanox offers a choice of fast interconnect products: adapters, switches, software and silicon that accelerate application performance and maximize business results for a wide range of markets including cloud and hyperscale, high performance computing, artificial intelligence, enterprise data centers, cyber security, storage, financial services and more.

About Guardicore

Guardicore is a data center and cloud security company that protects your organization’s core assets using flexible, quickly deployed, and easy to understand micro-segmentation controls. Our solutions provide a simpler, faster way to guarantee persistent and consistent security — for any application, in any IT environment. For more information, visit www.guardicore.com.

Portfolio Items