Posts

I Know What We Did Last Summer, You Should Too: See What’s New with GuardiCore Centra

As our CTO Ariel Zeitlin mentioned in his recent post , the GuardiCore field team has been very busy over the past several months working with some of the world’s largest corporations on different hybrid cloud security projects. More specifically, the GuardiCore Centra solution has been helping these large companies achieve greater visibility and assisting them in creating micro-segmentation policies.

At the same time, the GuardiCore product teams were busy developing the next wave of innovation for GuardiCore Centra. Some of our customers told us that the ability to quickly innovate and introduce new capabilities is one of our key differentiators as a company, and we take this feedback and the responsibility to push the boundaries of our technology seriously.

I have selected a couple of important highlights of the recent releases that I wanted to share with you, to give you a glimpse of the exciting progress we are making. The overview below is only partial. For the complete list of new release features and release content, please see the documentation on our customer portal (login required).

Of note – we are currently on release 28, and soon will EA release 29 and start the development of release 30. We are in continuous motion, upgrading, optimizing and pushing out the best improvements for our customers and if I may add a personal note – setting an example for the industry.

Reveal

GuardiCore Reveal provides visibility into application flows and processes. When visualizing assets, one can now perform asset grouping according to multiple, nested keys. This allows a much clearer view of large data centers and communication flows between environments, applications and roles. In addition, Centra now supports defining segmentation rules according to complicated logic of labels. Want to know more? Watch the demo to learn about Centra and visibility.

Some of the other recent enhancements include the following capabilities:

Nested Grouping

Users can now define map groupings that consist of multiple keys to form a nested map structure. For example, a user can define a default “Environment” → “Application” → “Role” grouping; Reveal maps will then show the different environments by default. When expanded, each environment will reveal its underlying applications, and correspondingly when an application is expanded, Reveal will show its underlying Roles.

3-tier GuardiCore Centra product update

 

AND Segmentation Rules

Segmentation rules now support specifying the result of a logic “AND” operation on label criteria as a rule’s source or destination. As in previous versions, users can get these suggestions directly from the Reveal map or enter them manually in the Segmentation Policy screen.
AND rules are directly related to nested groups. For example, when suggesting rules from the eCommerce application node in the Production environment, to the Data Processing application in the Production environment, the resulting rules will have a source of “Environment: Production AND Application: eCommerce” and a destination of “Environment: Production AND Application: Data Processing”.

One-Click Daily Maps

This new feature produces daily Reveal maps, generated automatically every 24 hours. Clicking “Explore” on the Reveal menu displays the most recent map by default. Maps are created once and are automatically updated based on your configuration.

Time estimation – We added a progress bar to indicate how long it takes the map to build. When you create a new map on an extended time frame (a week, a month etc’) or activate the Accurate connection times option on the Create New Map window, you will get an ETA indication on the Saved Maps page.

Tighter Process Level Policy Enforcement

To enable more granular and secure policies , we added the ability to explicitly specify the full path of the process as part of the Allow/Block rules. For example, when creating a policy for application “nginx”, Centra will suggest to allow /usr/local/nginx instead of  /tmp/nginx.

Cloud Native Visibility, More Multi-Cloud UI Controls

We simplified the way users activate multiple orchestration providers: AWS, vSphere and Kubernetes (K8s) simultaneously. Asset inventory and metadata will be continuously fetched from all defined orchestration providers.

We also added the ability to display orchestrations data from multiple sources for the same Kubernetes asset. All the data about a specific node is now collected both from the Kubernetes API and the compute providers’ APIs.

For GuardiCore customers who are using agentless, managed cloud solutions such as AWS, GCP and Azure, we provide a visibility and ‘soft’ enforcement solution with AWS inherent virtual private cloud (VPC) flow logs. VPC flow logs provide a way to inspect all the flows between all the different cloud assets within a given cloud network. Policy-wise this means that only alerts are supported without enforcement.

Private Threat Feeds Integrated into GuardiCore Reputation Services

Our users have asked us to enable them to use their own existing threat feeds (IoCs) with the GuardiCore Reputation Service. Now GuardiCore users can add their internal threat feed and enjoy the same rich visual incident experience as with all GuardiCore incidents. The IoC types that are supported are file and IP. The IoCs are uploaded in a JSON format to Centra REST API. Once uploaded, Centra will alert on the presence of these IoCs across the entire customer’s data center.

Who’s Afraid of ETW? GuardiCore Guide to Building a Robust Windows Agent

As true believers in collaboration in the cyber industry, we continue to open a window to our interesting projects. We hope it will benefit the community and encourage others to do the same.  Several months ago we published the source code for our Infection Monkey project and today we are revealing how we built our Windows Agent to support GuardiCore Reveal, the data center and cloud visibility and segmentation policy component of our flagship product, GuardiCore Centra.
Read more

Centra Celebration

East West traffic at a glance

East West traffic at a glance

The first week of July provides a great opportunity to celebrate.

At GuardiCore we like to celebrate, especially with new releases and product achievements. Several weeks ago we started deploying the latest version of our flagship product Centra, with first controlled upgrades taking place for our SaaS customers. The new Centra 2.0 release 16 is loaded with great and many enhancements, including important Reveal features. For those of you who were unable to review the upgrade or read the entire release notes, here’s a very short list:

We introduced major enhancements to Reveal to better handle large data center scale flow analysis and advanced queries (check this cool video here).

Reveal now includes numerous new filtering methods to allow you to quickly get to what matters most: Detect applications, find anomalies or make sure that only allowed connections are made between servers. Reveal data center process level flows can be filtered by applications, asset names, port numbers, ESX folders, inbound and outbound Internet connections, user-defined labels and more.

Read more