An Affordable Approach for Reducing the Attack Surface of the Evolving Telecommunications Infrastructure

Telecommunications service providers are constantly launching new service offerings that require new infrastructures and cloud technologies. This requires managing the security posture in hybrid and complex environments, many times having to use different tools for each.

Guardicore has taken an entirely new approach that simplifies the challenge and makes the process significantly more effective. With Guardicore Centra, telecommunications service providers can segment their most important assets by focusing on three steps:

  • Visualize
  • Build
  • Enforce

Let’s look at each of these in-depth.

Visualize Telecommunications Infrastructure

Adonias Filho, Senior Sales Manager at Italtel, a leading telecommunications provider and Guardicore strategic partner, notes, “Segmentation is a need that has long been felt – but unfortunately never [previously] been achieved in an effective way. The micro-segmentation projects have been catastrophic, because it was not possible to segregate something if you don’t know exactly what it is.”

In other words, you can’t design an effective segmentation program if you don’t have complete visibility into application interdependencies and communication flows. Guardicore Centra rectifies that issue, making it quick and easy to visualize and secure on-premise and cloud workloads.

Adonias adds, “The main point Guardicore brings to this context is visibility. Starting out from visibility, one can propose rules for separation, segmentation, micro-segmentation, and nano-segmentation. With Guardicore, I was able to implement micro-segmentation rapidly and with stability – that is to say, without any problems.”

Centra collects and maps detailed information about application functionality, communication flows, and dependencies. These maps make it simple for security teams to assess potential for exposure and identify when assets have been compromised. They can also define expected behavior and identify areas where additional controls can be applied to reduce the attack surface.

Build Rules With Ease

Telecommunications service providers feel constant pressure from regulations and industry standards. In addition, they operate complex infrastructures. The two issues combine to create a challenging situation, wherein managing/enforcing security controls and reporting on risk across a diverse set of technologies on multiple platforms is resource intensive. Moreover, frequent reconfiguration needs can result in production downtime.

Because of these security challenges, telecommunications communities often end up with security gaps and broad attack surfaces. This leaves them vulnerable to illicit activities.

With a single click, Guardicore Centra generates automated rule suggestions and enables organizations to quickly build strong security policies. Intuitive workflows and a flexible policy engine allows for continuous policy refinement and reduces costly errors.

Enforce Consistent Security Controls

Guardicore Centra helps Telecommunications companies maintain consistent security controls, regardless of their underlying infrastructure. Leveraging software-based overlay segmentation technology enables telecommunications companies to achieve network segmentation in record time, with significant risk reduction across all types of infrastructure.

What’s more, Guardicore provides integrated breach detection and response capabilities, enabling businesses to see policy violations in the context of an active breach. Data exfiltration in particular – a threat which telecommunications services are vulnerable to due to the new infrastructure and technologies they support – requires the kind of protection that Guardicore provides.

All an attacker needs is an opening to a single network-connected resource in order to be able to move laterally across the network. At that point, they can access the entire infrastructure and destroy, ransom, or steal any data they want.

As Adonias comments, “Protection in data centers and clouds defends, at the origin, the companies that subcontract provider services. Why try to invade directly a large company, with its defenses up to speed, if there is an open door to it through a provider from whom it outsourced – for example its financial department?”

With Guardicore, organizations can contain this type of attack before it spreads across the company, keeping it from becoming a true disaster. Using Guardicore Centra, telecommunications providers have been able to dramatically shrink their attack surfaces across thousands of critical servers without service disruptions, significantly reducing risk and impact of security breaches.

Learn More About Protecting Telecommunications Infrastructures Today

Ready to learn more? Join the webinar, Simple and Fast Segmentation for Telecommunication Service Providers, to hear about:

  • Real-world security challenges facing Telecommunications CISOs, including:
    • Maintaining full visibility across all environments
    • Enforcing third-party access controls
    • Protecting 5G technology, cloud infrastructure, and legacy assets
  • How security and cloud infrastructure professionals can accelerate and simplify segmentation projects
  • Deutsche Telekom’s approach to segmentation and its enable of hyperscale in data centers and clouds

View the webinar.

What SANS Thinks About Guardicore’s Micro-Segmentation Solution

Gone are the days when perimeter security or traditional segmentation were all you needed to keep your crown jewels safe. As the speed of work and cloud integration increases, traditional security models no longer suffice. Instant visualization of your security posture with context is key. A software-defined segmentation will get you where you need to be in a faster, easier and in a more cost-effective manner. Moreover, it replaces other disparate, time-intensive segmentation methodologies with a single method that works across all environments seamlessly.

That’s where Guardicore Centra comes in.

It’s a no-brainer that we think our micro-segmentation solution is pretty awesome. What has been more exciting to see, is the enthusiasm with which analysts and customers have embraced our solution as well. In fact, SANS analyst Dave Shackleford recently ran Guardicore Centra through its paces, testing the product across a wide variety of environments. After pummeling it with attack scenarios and trying out all its features, he uncovered some interesting insights.

Read the SANS evaluation report: Securing Assets Using Micro-Segmentation: A SANS Review of Guardicore Centra

Guardicore Centra is Comprehensive

Guardicore Centra replaces multiple, arduous security methods with a single agnostic approach. Attempting to find a separate solution for each new platform, infrastructure, operating system, etc. – and every legacy one as well – doesn’t work. Instead, Guardicore provides visibility and a single point of management across it all, supplying a context-rich, unified view from a single pane of glass.

“Guardicore provides assurances that we are locking down the environment properly while validating that Azure is doing its job in a very efficient and effective way.”

~Michael Lamberg, Vice President and Chief Information Security Officer with Openlink


  • Software company


  • Software-Defined Segmentation
  • Visualization of application dependencies and entire enterprise environment
  • Secure hybrid cloud adoption
  • Accelerate troubleshooting, threat detection and response


  • Visibility
  • Segmentation
  • Threat detection and response

Read the full story here.

Guardicore Centra is Simple and Easy to Use

Many companies using traditional security methods have found it difficult to implement zero trust, particularly because it is challenging to view and map assets, their behaviors, and their local components. And of course, if you can’t do that, you can’t create logical policies – and therefore, you can’t create effective segmentation rules.

Guardicore Centra makes micro-segmentation simple. With unparalleled flexibility and visibility – real-time and historical – you can quickly and easily visualize your entire environment. Centra offers a wide variety of unique views per use case/user role and intuitive policies so you can implement ring-fencing, internal micro-segmentation, and more.


  • Utility Company


  • Centralized policy management for SCADA and other assets
  • Updated outdated and inefficient third-party access controls
  • Streamlined compliance for regulations and consistent audit management


  • Required only ½ full-time equivalent to run the solution
  • Fully segmented within a few weeks

With Centra, You Can Work At the Speed of Business

Imagine if you could visualize your infrastructure, create policies, and update those policies as needed in weeks, not months or years. With Guardicore, you can! That’s the beauty of not requiring underlying network or infrastructure changes. It’s a real game-changer.

  • International bank


  • Superior visibility
  • Flexible, fast labeling – no IP address or VLAN changes needed
  • Mapping and segmenting more than 10,000 servers


  • 10x acceleration of compliance
  • Zero downtime
  • Significant cost and risk reduction

Beyond Segmentation: Breach Detection, Response Capabilities

Many businesses start using Guardicore Centra for its segmentation capabilities. That said, they often discover soon thereafter that we offer a variety of additional invaluable capabilities that enable them to discover the origin of breaches and respond in hours instead of weeks.

For example, we support such features as:

  • Dynamic detection and response capabilities
  • Reputation and monitoring services
  • Threat and intelligence data

“Guardicore enables us to enhance our overall data center security strategy and help our IT security team to avoid today’s advanced threats.”

~ Marino Aguiar, CIO, Santander Brasil

Learn More About SANS and Guardicore Micro-Segmentation Today
Ready to learn more? Watch the webinar featuring SANS’ analyst Dave Shackleton and our own Dave Klein to find out the detailed SANS analysis and review, or download the Guardicore Centra review paper today.

The Minimum Viable Controls (MVC) to Secure IaaS and PaaS

The mass move to the cloud over the last few months has been good for digital transformation, but challenging for security. While many companies have successfully transitioned to a more remote-friendly environment, there is still a lack of clarity around the minimum viable controls (MVC) needed to secure IaaS and PaaS.

Speeding the Move to the Cloud

In “ancient” days – as in a couple of months ago – it was obvious that the adoption of public clouds was inevitable. However, it seemed that it would take some time until every organization had a significant presence there. Then came COVID-19.

Even during a disaster, there are winners. Many organizations followed Winston Churchill’s famous quote “don’t waste a good crisis” and accelerated their journey to the cloud on a mission to transform their IT environment.

It was great that they could speed the migration process. It was not so great that many did so without paying enough attention to security requirements and risk mitigation.

Understanding Cloud Security Requirements

According to Gartner analyst Tom Croll, enterprises trying to implement on-premises data center security processes and tools for the cloud are actually inhibiting cloud adoption, slowing their own progress and increasing risk. Using yesterday’s tools to protect today’s cloud infrastructure is risky and creates more damage than benefits. It will not get you the desired results and may even risk your organization.

IaaS and PaaS are provided by the Cloud Service Providers, which have to assure and secure the infrastructure of the cloud itself. We wrote a lot about it in the past, for example here and here. This “shared responsibility model” still leaves your data and critical application exposed and unprotected.

Luckily, modern security solutions – such as Guardicore Centra – are capable of providing the necessary controls required to protect the cloud. Micro-segmentation and zero trust network access (ZTNA) should be implemented when configuring cloud infrastructure, combined with strong IAM, robust encryption, and constant posture management.

The Five Most Important Security Controls You Need to Implement Today

Wondering how to put together an actionable plan for securing your infrastructure? Together with our ecosystem partner SecuPi, Guardicore has created a webinar sharing the five most important security controls that organizations should take in order to ensure that the IaaS and PaaS infrastructure they are using is secure and solid.

View the webinar today and you’ll be on your way to lowering risk and tightening security across your entire environment.

How to Do Micro-Segmentation the Right Way

The evolution of network segmentation and application segmentation has brought about the movement to micro-segmentation. Micro-segmentation adds flexibility and granularity to access control processes. This detail-oriented viewpoint is key, especially as businesses adopt cloud services and new deployment options like containers that make firewalls and other traditional perimeter security less relevant.

Infrastructure visualization plays an essential role in the development of a sound micro-segmentation strategy. When it’s done well, visualization makes both sanctioned and unsanctioned activity in the environment easier for IT teams to identify and understand.

In case you didn’t catch it, the key phrase there was, “when it’s done well.” That’s important, because many businesses don’t know where to start.

What we often hear is:

“We want to better secure our infrastructure by defining tight security policies  – but where do we even start? How can we build policies at the application level for thousands of existing machines, each one developed and deployed by a different person?”

This confusion is understandable in today’s complex environments! Let’s dive into the details and gain some clarity into how to do micro-segmentation the right way.

What is Micro-Segmentation?

Using legacy tools like VLANs for separation is no longer enough in today’s network environments. Every machine – virtual or physical – in every location – cloud or not – must have incoming and outgoing traffic limits. Otherwise, bad actors can easily take advantage of loose policies to move undetected between machines.

Micro-segmentation is the central IT security best practice response to overly-permissive policies. Software-defined segmentation allows companies to apply workload and process-level security controls to data center and cloud assets that have an explicit business purpose for communicating with each other. It is extremely effective at detecting and blocking lateral movement in data center, cloud, and hybrid-cloud environments.

Some solutions facilitate segmentation across physical and virtual data centers by doing distributed enforcement on all east-west traffic. Public cloud offerings also provide limited abilities, and other products fully integrate with these frameworks, moving existing firewall technologies into the data center.

Then there are solutions like Guardicore Centra, which was purpose-built to simplify micro-segmentation and increase agility, while simultaneously increasing security. Centra creates human-readable views of your complete infrastructure – from the data center to the cloud – with fast and intuitive workflows for segmentation policy creation.

So the technology is there, but the question of how to set these policies up remains. How can administrators tell the role of thousands of machines in their data center and decide which specific ports to open to what other machines?

The Old-Fashioned Way to Build Policies

This is how the usual process for building application-specific policies works:

  1. Discover a specific application and the machines it’s running on.
  2. Build security groups for each of the different application tiers (i.e., web/application/logging/DB servers).
  3. Define a tight policy between the different security groups, so only the ports necessary for the application’s proper functioning are open.
  4. Rinse and repeat.

This can be a long and burdensome process, especially without deep visibility into data centers – all the way down to the process level. Administrators and security teams are required to browse endless logs or chase app developers. Obviously, not the ideal way to do things.

A (tiny bit of a) typical firewall log. How easy is it to build a security policy using these?

How to Do Micro-Segmentation Right

Guardicore decided that there had to be a better way to simplify segmentation. That’s why we built a wonderful feature into Centra: Reveal. This feature enables teams to avoid the above-mentioned pain.

Guardicore Reveal provides a full visual map of the entire data center, all the way down to the process level. By using Reveal to focus on specific parts of the data center and identify relations between different servers, admins and security teams can easily discover the running applications, one by one.

A typical 3-tiered application. Note the process information which shows the underlying Tomcat->MongoDB traffic.

Process-level visibility allows users to do a number of things, including:

  • Identify servers with similar roles (which belong to the same tier).
  • Group them together.
  • Push the resulting security groups to a micro-segmentation framework.

The same application — grouped.

Once the users create policy rules tying the discovered applications and security groups, they can see these policies overlaid on Reveal’s visual map. This allows users to test, monitor and optimize their created policies.

Watch the video below to see how it works.

The Easy Way to Achieve First-Class Protection

Micro-segmentation is an essential building block for data center security. By using Guardicore Reveal along with the real-time threat detection provided by the Guardicore Centra platform, data centers can now do micro-segmentation the right way. The result: first class protection, without the hassle.

Why Micro-Segmentation Needs to be a Priority for Banks

Micro-segmentation allows financial institutions to achieve a number of key goals while protecting their crown jewels through a single, straightforward approach.

Financial institutions have a strong requirement for cost-savings through automation, resources optimization, and agile technologies. They need a solution that can increase security while also promoting operational efficiency.

Moreover, financial institutions have always been prime targets for crime. According to Forbes, cyberattacks cost financial institutions more to address than firms in any other industries. Given that remote and indirect transactions are the norm these days, attackers have even more opportunities to break through perimeter security. This further increases the risk of breach and the remediation costs.

How can banks use micro-segmentation to solve these issues? Let’s take a look.

What are the cyber-security challenges banks face?

Managing cyber security controls in financial services is a complex task. There are numerous drivers that make the work time-consuming and resource-heavy, such as:

  • There are country- and state-level cyber security requirements that need to be followed, not to mention vendor security mandates and various privacy regulations. Altogether, they impose a vast number of reporting and risk-management challenges.
  • Modern banking heavily relies on a large number of third-party applications, partners, and outsourcing vendors accessing the data center via a variety of access routes.
  • The evolving network infrastructure leaves organizations with a cloud technology and legacy systems mix, in a tangled environment that is hard to visualize, audit, and protect.

All those factors combined with a multitude of tools, users, and outside pressures makes financial institutions especially vulnerable to cybercrime.

Enabling digital transformation for better customer service and availability leads to even more ways for banks to be vulnerable to fraud and unauthorized transactions. Customers are well aware of these growing issues and want reassurance that their privacy and finances are protected.

“Customers are becoming increasingly aware of cybersecurity threats and they expect their banks and credit unions to secure and protect their private financial information.”
~ Credit Union Council (CUC), FS-ISAC, 2019

“Banks have validated this trend by reporting that losses due to operational disruption and losses in customer trust are more financially damaging than losses due to regulatory fines.”
~ Deloitte and FS-ISAC Cybersecurity Benchmarking Analysis, 2019

Four ways banks can benefit from micro-segmentation

The best way to address these challenges is to create a single pane of glass for security, with complete network traffic visibility and full isolation of the digital crown jewels. Using flexible, quickly deployed, and easy-to-understand micro-segmentation controls, financial institutions can protect their core assets simply and effectively.

In order to get the most from a micro-segmentation solution, there are four critical steps to take:

1. Simplify and accelerate regulatory compliance

To achieve this goal, start by mapping everything and isolating all compliance-related applications and systems. Granular visualization will help you understand how best to reduce the risk of breaches quickly and easily.

2. Protect your essential systems

Separate critical applications such as money transfers, payments, and customer applications from the general IT infrastructure.

3. Prevent unauthorized lateral movement

Properly isolate IoT and third-party access. In addition, manage access routes and terminate access at the target applications, preventing further movement within the data center.

4. Adopt Cloud, PaaS, and other emerging technology cost-effectively and securely

Use a single pane of glass for visibility and setting security policy across all infrastructures. In addition, be sure you enforce security via a unified set of tools.

How micro-segmentation works in real life

Need proof that the micro-segmentation approach works? Here is an example of a Guardicore customer – a US regional bank – which was able to produce vast improvements utilizing Guardicore Centra’s visualization and micro-segmentation capabilities.

This bank had a few initiatives in place:

  • Comply with the Fedline mandate to isolate any Fedline Service-connected application from general IT.
  • Ring-fence ten of their most critical applications to significantly reduce cyber risks and ensure business continuity in case of breach.
  • Limit third-party access to enforce Zero Trust access controls.
  • Make it possible to migrate applications securely to the cloud.
  • Maintain a single set of security controls across the entire hybrid infrastructure.

With a single security architect, over the course of two months, the customer was able to meet all of their goals beyond original expectations. Ultimately, they were able to:

  • Achieve granular east-west traffic visibility.
  • Ring-fence their business critical applications.
  • Restrict and properly route third-party access.
  • Map applications’ dependencies for seamless cloud migration.
  • Achieve full process automation with the DevOps integration.

Looking for more? Here’s what some of our other customers have to say:

“Guardicore enables us to enhance our overall data center security strategy and help our IT security team to avoid today’s advanced threats.”
~ Marino Aguiar, CIO, Santander Brasil

“Deutsche Bank is committed to the highest standards of security, and a high priority for us is implementing tight network segmentation in our on-premises and cloud environments. Guardicore gives us an effective way to protect our critical assets through segmentation.”
~ Alan Meirzon, Director, Chief Information Security Officer

Use micro-segmentation to protect your crown jewels today

With simple and easy to manage micro-segmentation controls, financial institutions can reduce attack surface and quickly detect breaches within the data center. Deep visibility into applications’ dependencies and traffic flows helps to enforce precise network and process-level policies that isolate critical applications and systems.

Don’t forget to look for a tool that provides complete security coverage for applications, regardless where they reside. After all, most financial institutions need to protect workloads that span across platforms and environments: on-premise, legacy and bare metal, VMs, containers, and public and private clouds (including Amazon Web Services, Microsoft Azure, Google Cloud and Oracle Cloud Infrastructures).

Want to delve into more details? Watch the Regional Banking Webinar and learn more about how Guardicore can help you today!

Securing the Edge with Micro-segmentation and NVIDIA EGX

In recent years, the “Edge” has taken on a vital role in cloud computing. The Edge represents the growing need to deliver a better cloud model that enables locations and methods to place workloads, compute, storage, applications and data closer to the point of action.

Cloud edge computing moves the processing closer to the user and IOT devices, where the data is generated and consumed. This solves the problem caused by these highly distributed edge sites, by minimizing latency, maximizing bandwidth, and performing computation and data compression right at the point of action. Edge computing even addresses compliance requirements which can vary between different states and countries.

The Edge is decentralizing the cloud itself and creating a better model to support emerging use cases like self-driving cars, augmented reality (AR) and virtual reality (VR), connected homes and offices, 5G and more.

Guardicore is excited to partner and work together with NVIDIA to leverage their high-performance, cloud-native NVIDIA EGX Edge AI platform to deliver AI, IoT and 5G-based services efficiently, powerfully, and securely.

  • There are many verticals that can benefit from Edge computing. Here are just two examples:
    Healthcare organizations can run machine learning and analytics models on their health management platforms, especially where low latency processing requirements dictate that they remain on-premises. When it’s time to retrieve data, this information is stored locally and therefore quick to retrieve.
  • Financial services are another vertical that can leverage edge computing to handle the real-time processing of data that must reside within the confines of local data requirements.

Decentralizing the cloud has many benefits, but it also creates and amplifies the security challenges that are already present in the cloud. The distributed cloud edge creates a larger attack surface, spread across diverse IOT technologies and multiple unprotected physical locations. This provides attackers more opportunities to penetrate the organization and achieve their malicious goals.

Edge-related security challenges are compounded by the accelerating pace of change of infrastructure and the more dynamic application deployment models required to support the Edge. (But this is a topic for a different blog post).

In other words, the security of the cloud, which has always been a top priority, is becoming even more important with Edge.

To address these unique challenges, security must be built into the edge to ensure quality and transparent operations across the entire extended organization: at the core data center, public cloud, and the Edge.

Ironing security into workloads, compute, storage, critical application, and data in any environment and any platform is considered a huge challenge.

Fortuitously micro-segmentation has recently become available, and when implemented correctly, addresses the security challenges inherent in the distributed and decentralized nature of the Edge. Gartner recently named micro-segmentation as one of their top 10 security initiatives. They cited micro-segmentation’s ability to reduce risk and protect the critical assets and information that matter most to the business.

Gartner also described micro-segmentation as being well suited for thwarting “the spread of data center attacks in both on-premises and cloud environments.”

Micro-segmentation is a granular way to create secure zones in data center and cloud deployments, allowing workload isolation and protection. Since legacy perimeter protection is painfully inadequate, micro-segmentation is an essential technology to implement a zero-trust security model. Furthermore, it provides both real-time and historical visibility to understand application dependencies and then easily create network and application security policies based on various business owner contexts.

The cloud killed the enterprise’s legacy perimeter and the Edge is killing the cloud’s perimeter, making micro-segmentation more important for securing the distributed, hybrid cloud that includes an Edge component.

Micro-segmentation, when well-executed, provides benefits at the earliest stages of deployment. Many enterprises start out with easily implemented and achievable projects that eliminate the most fundamental risks first. Whether separating development environments from production, isolating a compliance-driven infrastructure or series of applications from the non-compliant ones, or merely segmenting most critical applications first, these early-stage projects provide the enterprise with immediate value and measurable gains.

It’s important to select a micro-segmentation approach that works consistently across multiple cloud providers. By decoupling security from the cloud infrastructure provider, organizations can prevent vendor lock-in from driving costs up and avoid unnecessary complexity when mergers and acquisitions create mixed cloud environments.

Our solutions are able to address both the security and performance requirements by taking advantage of the advanced hardware capabilities of NVIDIA Mellanox BlueField and NVIDIA Mellanox ConnectX SmartNIC technology, which include dynamically reconfigurable firewall offloads in hardware, encryption offloads and the ASAP2 flow engine for virtual switching offloading. We are excited to see secure NVIDIA Mellanox ConnectX adapters being integrated into the new NVIDIA EGX Edge AI platform, and look forward to the benefits that secure, accelerated computing will bring to the edge.

How to Stop Human and Computer Viruses In Their Tracks

Viruses of any type can spread frighteningly quickly. As we are seeing today with COVID-19, the impact that can have is both widespread and frightening. It’s especially difficult to stop the spread of viruses if you don’t already have the right structures and protocols in place.

While computer viruses don’t have life-changing effects, they can certainly have business-altering ones. Not only do they spread in similar ways to human viruses, but they also can be stopped by implementing similar measures to those we are using to halt the spread of coronavirus.

Test To Gain Visibility

Testing those people who evidence symptoms of a virus like COVID-19 gives you insight into the breadth, location, and volume of an outbreak. Similarly, gaining visibility into what is happening in your network environment enables you to manage your assets in general and to understand the what, where, and extent of issues when they occur.

Getting a clear view into what is happening on your network also empowers you to develop a fast and informed response. For instance, with NotPetya (targeted ransomware), those businesses that mapped all their SMB connections before they were compromised had a better chance of responding intelligently once they were under attack.

Quarantine / Segment

The more you can isolate infected people or applications, the faster you will be able to to limit the spread of any virus, including COVID-19. In cybersecurity, the equivalent of quarantine is segmentation.

Without a tool like Guardicore Centra, segmentation can be quite complex. Moreover, it’s difficult to implement once your systems are already infected. That’s where people who have already implemented Centra have the advantage: the better prepared a business is ahead of time, the faster a compromise can be halted.

Protect Vulnerable and Critical Resources

There is no doubt that some resources/people are more vulnerable to viruses’ effects than others. Those who have compromised immunity and the elderly in particular need to be careful.

In the cybersecurity world, the parallel is legacy systems, which can hold unknown vulnerabilities. They therefore need to be carefully protected (for instance, by ringfencing them), and, if possible, removed from any virus exposure.

Moreover, it makes sense to secure your critical resources with better protections as well. In the case of humans, this may include those running a company, medical personnel, or government officials. In the cybersecurity world there are also critical resources protecting your most sensitive data. With the right protocols in place, you can ensure their survival even under the most aggressive attack.

Using Guardicore Centra, you can quickly enforce policies when you need them, for swift protection of vulnerable and critical resources.

Implement Controls

Biological and computer viruses both often use known propagation methods. For example, viruses that attack humans often propagate through person-to-person contact. Therefore, sanitizers, hand washing, and no handshake policies are effective at slowing the spread.

Similarly, for NotPetya attacks, for instance, SMBs were the propagation paths and restricting SMB access to a bare minimum helped a lot. That’s why it’s key to be able to speedily apply the right type of policy at the right time, anywhere it’s needed. This will provide strong protections against current vulnerabilities as well as future attacks.

Use Common Sense

There really is nothing shocking about any of this advice. Most of it is common sense. Yet not every business (or person) follows these steps, and that’s when we all pay a price.

That said, if you apply these basic steps even when a virus isn’t active, you will be prepared to handle issues when they arise. Even during critical events, you will be prepared to swiftly deploy policies anywhere and keep your business – and communities – safe and running smoothly.

How To Protect Your Systems Against Critical SMB Vulnerabilities (CVE-2020-0796)

Microsoft has issued its latest set of cumulative updates for Windows for the month of March. There are a total of 117 vulnerabilities, 25 of which are rated critical.

One particular vulnerability stands out from the crowd: CVE-2020-0796. This is a critical vulnerability in the Server Message Block (SMB) protocol in new versions of Windows operating systems. This SMB vulnerability could cause a wide range of wormable attacks and potentially a new Eternal Blue. Without going into the gory details, a flaw in the new SMBv3 compression mechanism potentially allows an attacker to take down or take over a Windows system.

Potentially affected operating systems include:

  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)

Advisories on this CVE suggest patching your systems (which you should be doing regardless) as well as “Block TCP port 445 at the enterprise perimeter firewall,” which should be the case in any network. If you can’t patch your Windows system, you can manually disable the SMBv3 compression feature. That is the root of all evil in this case.

A powershell command to disable SMBv3 compression is:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Why Are SMB Vulnerabilities Problematic?

SMB vulnerabilities are not more common than any other Windows vulnerability. The SMB protocol is amazingly useful, but also one of the easiest ways to move laterally in an organization’s data center. All an attacker needs to do is gain access to one system in order to spread across the whole data center. In fact, the WannaCry campaign and EternalBlue vulnerability are great examples of how an SMB vulnerability can have a wide and crippling impact on organizations worldwide.

The question that many ask is, “How do SMB vulnerabilities still happen if we patch and deny all the SMB traffic from external networks?” Moving from theory to reality, we know that not 100% of hosts get patches. In fact, most companies are still struggling with this basic task today. In addition, networks are complex animals that can’t simply be wrangled by placing a box in an arbitrary location.

Moreover, the main reason for widespread damage in most SMB-related incidents we’ve encountered is the fact that hosts within the network can freely move laterally on any port (and specifically on 445 AKA SMB). There is no real justification for allowing this type of behavior inside the network. SMB inside the network should usually only be allowed to communicate with the DC and, in some cases, dedicated file share and backup services. In most cases, servers shouldn’t be communicating with one another over SMB.

So why not just deny the SMB traffic? The answer is that it’s hard for organizations that rely on legacy technologies like gateway firewalls. These tools only enforce traffic going between network zones, not what’s inside.

How Can SMB Vulnerabilities Be Stopped?

One of the first things we recommend to our customers is to improve their network hygiene by implementing basic best practices policies. For example, you can allow only DC, backup, and files SMB traffic. The rest of the traffic should be blocked, regardless of VLANS or network topology. More explicitly, you should deny lateral SMB traffic.

Guardicore Centra helps prevent SMB vulnerabilities by providing a simple and fast way to create and apply policies across the network. These policies allow only legitimate SMB traffic, while blocking the rest of the lateral movement between the hosts.

For example, see how this screenshot demonstrates how only legitimate SMB traffic is allowed within the network:

And here, Centra blocks the rest of the 445 traffic:


A simple common protocol like SMB can pose a great risk to the datacenter. However the risk of SMB vulnerabilities can be easily mitigated with three rules. Simply apply segmentation policies using a tool like Guardicore Centra to prevent lateral SMB traffic inside the datacenter.

Contact us to learn how to reduce your attack surface and prevent lateral movement with fast and simple segmentation that works everywhere.

Additional Resources

  1. Preventing SMB traffic from lateral connections and entering or leaving the network
  2. CVE-2020-0796

Secure and Cost-Efficient Work-From-Home at Scale

The outbreak of the coronavirus has created a new reality of work-from-home at scale. To cope with this, companies are required to quickly provide open access to a sizeable number of people holding varying roles and different access requirements. 

Learn More About User Identity Access Management

The result is an increased attack surface for the companies and greater risk to their business-critical applications. Protecting access to these applications can help reduce attack surface, prevent potential breaches from escalating and stop lateral movement early on.  And user identity access management can provide a fine-grained policy, identifying and enforcing exactly which users can access which applications. 

Remote Work – Security and Economic Challenges

Remote work introduces new identity assurance challenges. Companies need to make sure employees access only what they’re authorized to access. 

Aligned with the zero trust least privilege access principle, employees should only be able to access applications they need for their daily activities based on their role. This means, for example, ensuring that the SPLUNK teams connect to the SPLUNK servers only, while the Accounting teams connect only to their respective Accounting servers.

Cost is another key consideration. To handle the increased volume of remote workers, companies need to deploy more resources and increase the amount of servers used for VDI and Terminal Servers environments.

Strong User Identity Access Solution Leads to Cost Savings

To provide secure, least privilege access to users, security and network policies should be adapted to match user role and access permissions. 

Application segmentation is commonly used to make sure that users access only the applications they’re authorized to access and no more. Coupled with user identity access management, a solutions of the type Guardicore offers, it allows setting user-specific segmentation policies for each user connecting through VDI, terminal server or jumpbox. This way, each user on these shared resources is only able to access applications specific to his/her role.

This allows organizations to consolidate the use of their VDI or terminal servers while gaining significant savings, requiring no change to the infrastructure or downtime.

To allow each group of users (HR team, Billing team, etc.) access to their own application, Guardicore enforces a different network policy for each user based on their Active Directory group memberships. For example, when connecting remotely, HR team members will only be able to access HR servers and Billing team members will only be able to access their Billing servers. 

One Terminal Server, Different Access Policies


Cost reduction is another key benefit of using this user-based segmentation. 

Instead of a dedicated terminal server or VDI cluster per each user group, often required with traditional segmentation solutions, companies can consolidate the use of these servers for several groups of users, each with their own access policy. This way HR teams can only access HR servers, Billing teams can only access Billing servers etc’, while sharing the same infrastructure. 


Consolidated Use of Terminal Servers for Cost Reductions

“One of our Advisory Board customers told us that last year, they were able to cut costs on terminal servers by nearly 60 percent using Guardicore’s solution” said Lior Neudorfer, VP Product for Guardicore. “There was no longer a need for separate terminal servers for each client or contractor, which resulted in significant savings.”

Protect Your Critical Applications In Your Remote Workforce

If you would like to speak with one of our security experts about how to manage your application protection during times of change in your organization’s remote workforce, please contact us.

Learn More About User Identity Access Management

Guardicore at RSA: AI-Powered Segmentation, Cloud Native Security

Guardicore’s mission has always been about helping our users protect their critical assets everywhere. This week we’re announcing two new capabilities in our Centra Security Platform that further deliver on that mission: Support for cloud-native resources and AI-powered segmentation. Both capabilities are designed to help security architects segment their assets faster and protect their PaaS resources.

AI-Powered Segmentation 

Centra’s AI-powered segmentation reduces the time it takes to create a segmentation policy for a new or existing application by making it easier to label assets and create the matching rules for them. While we have always been providing an intuitive and simplified segmentation workflow, with our upcoming Centra 5.0 release we’re leveraging AI to automate and further simplify this process. 

Powered by Real Data 

Our AI-based algorithm is capable of ‘learning’ tens of thousands of applications and millions of flows, allowing us to provide: 1) tailored policy templates based on the customer’s assets and 2) automatic labels tailored to the customer’s environment. Automatic labeling is done by an analysis of an asset’s network flows. The fact that our network flows have context up to the process level allows us to provide accurate suggestions.

Introducing Guardicore Centra Policy Store

Guardicore Centra Policy Store

Our Policy Store offers out-of-the-box policy segmentation templates for known ‘household’ applications along with templates for common segmentation use cases. A partial list of household apps include Active Directory, Exchange, Splunk and even Windows operating systems. Common use cases currently include ringfencing, environment segmentation, whitelisting outbound flows etc.

To make it even simpler, we provide recommendations on which applications to segment first, based on our ability to ‘learn’ your environment. Our vision is to create a community around our Policy Store. By providing a flexible policy mechanism we’re hoping customers will upload their own templates to extend the power of the collective cloud. We’ve heard some great ideas for this community in RSA from people who are eager to start building and sharing their own templates. We’re looking forward to seeing the creative stuff our users come up with!

Automatic Labeling Suggestions

Guardicore Centra automatically discovers, scopes and provides recommendations for how to label an application which is typically the trickiest part of any segmentation project. Our auto labeling is based on network flows analysis down to the process level.

Guardicore Centra Auto-Labeling

Automatic Policy Recommendations

Recommendations for segmentation rules are provided based on known application behavior and a predefined set of policy templates for common applications. For example, for Active Directory users, Guardicore Centra will detect your Active Directory servers and then provide a predefined set of rules for securing them, requiring minimal intervention on your side.

Guardicore Centra Policy Rules Dashboard

Security for Cloud-Native Applications

Building on our broad security coverage across hybrid data center environments, we’re adding protection for cloud-native applications, including serverless computing and Platform as a Service (PaaS). This enables security teams to remove major blindspots in their environments and achieve the same deep level of visibility and control into their cloud-native applications with the Guardicore Centra Security Platform.

The Ever-Changing Datacenter Landscape Requires Security to Adapt

Cloud-native is rapidly becoming the new standard for quickly building and scaling new business applications and optimizing existing ones. Until now, providing adequate protection of PaaS services such as AWS S3, Azure SQL, and GCP Cloud Run has required standalone security tools to gain visibility into these resources and understand access patterns.  Guardicore has greatly simplified this by integrating cloud-native support into its Centra Security Platform, eliminating the need for processing data from multiple disparate resources. 

Superior Cloud-Native Visibility & Access Control

The Guardicore Centra Security Platform enables IT security teams to visualize access to PaaS services, providing a visual map of all interactions between those services, including end-to-end application flows.

Visualizing Session Flow across Cloud Native Resources

Under the Hood

We use multiple data collection methods for cloud-native applications, including cloud APIs, Guardicore agents, and code instrumentation mechanisms for serverless functions. This allows us to turn a collection of disparate logs into a single comprehensible map. We provide a single pane of glass to visualize all cloud resources in use, providing a way to apply a single access policy.

From Cloud Logs to Guardicore Centra Map

From Network Flows to Application Flows

We are able to provide our Centra customers the ability to map their cloud-native resources from the same console they’re using to manage other environments. Instead of trying to make sense of multiple cloud logs, our customers get a single map of their cloud application flows that is easy to understand and manage.

Connect with Us

We’ve gotten some great feedback from RSA visitors and are extremely excited to add these groundbreaking capabilities to make segmentation even easier and relevant to everyone. These features are in early availability for select customers today. If you have thoughts or feedback or if you want to see a demo, talk to us.