Posts

What’s New in Guardicore Centra Release 31

With release 31 we’re continuing to expand our firewall capabilities while making it even simpler for you to build and enforce a segmentation policy.

We’re doing this with features such as identity and FQDN policies. With Identity-based policies, security administrators can set granular, per-user access policies to applications. Domain name (FQDN) rules allow you to set policies based on the target domain name and save time and hassle on typing lists of ever-changing IP addresses. We’ve also integrated a first of its kind Threat Intelligence Firewall that automatically feeds into Centra daily updated blacklists of known bad actors to create rules that alert and block these communications.

In this release we are also shipping many customer requested features that were evaluated on the merit of improving operational efficiency, reducing policy creation time and taking Guardicore usability to higher levels.

Here are some of the highlights of the version:

User-based Rules

One key feature introduced in v31 is user-based rules. With this new firewall capability, customers can create rules based on Active Directory user groups to provide granular per-user access to applications. This allows you to control user access to data center and cloud resources. By linking your Active Directory to Centra, Centra is able to retrieve user information. Based on user membership in those Active Directory security groups, we allow users different access to different resources. This way you can make sure that users only access what they are entitled to. For example, this can help allow just the Billing users in your environment to access Billing resources and just the HR users to access their HR resources. No additional infrastructure is required.

FQDN Rules

You can now create policies that allow access to a specific domain by its domain name rather than its IP addresses. For example, when you want to allow a server to access windowsupdate.com, instead of typing its IP or its IP lists, you can simply refer to it by its domain name. For example, when you want to allow a server to only access github.com, instead of typing its IP or its IP derivatives (dev.github.com, community.github.com, etc.) you can simply refer to it by its domain name – github.com or *.github.com. Select *.github.com to support wildcards. The ability to type a domain name saves the time and hassle of collecting all the possible IPs and keeping track of their validity.

Threat Intelligence Firewall

Guardicore is offering a threat intelligence-based firewall to Centra SaaS users. This feature uses Guardicore’s threat intelligence sensors, distributed across major cloud providers worldwide, to create blacklists of verified malicious IP addresses. Updated daily, these IP blacklists are automatically fed into Centra to create rules to alert and block communications via malicious IP labels: top attackers, top scanners, and top CnC. To get this feature, contact Guardicore Customer Success at support@guardicore.com.

Extended support for legacy systems

Since most of our customer environments include end of life Unix, Windows and Linux that can no longer be patched and therefore pose a risk to the organization, Guardicore has expanded its operating system coverage for those legacy systems and applications. With version 31, the Guardicore Agent supports more legacy operating systems such as Redhat, Oracle and Centos 5, and has also extended its support to AIX which is a proprietary UNIX operating system commonly used by enterprise customers. Now we have the ability to extend our policy coverage to these OSes and reduce the risk they may pose.

While we listed the features that seem to be the most important, there are many more enhancements. Fthe full list of enhancements and capabilities, see the release notes that can be accessed from our customer portal.

Virtual Desktop Infrastructure (VDI) Can be Used Safely

Show me an industry that isn’t increasing its usage of Desktop Virtualization (DV) and I’ll show you an industry that doesn’t exist. While different DV technologies are available, Virtual Desktop Infrastructure and Desktop-as-a-service are the clear choice, DaaS is essentially VDI hosted in the cloud. With VDI one deploys virtual desktops in her own on-premises data centers while DaaS takes the In-house IT burden and responsibilities to the cloud.

Learn More About User Identity Access Management

From Education and Healthcare, to Financial institutions and Governmental agencies, Remote application and DaaS is growing year on year. In fact, industry experts Gartner predict that by 2023 the combined number of on premises VDI users and cloud DaaS will grow by more than 50%.

Organizations are using different types of remote desktop technologies and solutions for a number of key reasons, including operational efficiency, improving their end-point compliance and remote access opportunities, enjoying the centralized management and security backups, as well as the end-user support supplied by market leaders such as Citrix. Newer deployment models provide a popular way to streamline costs, with no need to purchase software licenses, or individual workstations, items that can quickly add up. But what about keeping your data and applications secure? How does security measure up in a VDI environment?

What is the Risk of Using a Shared Infrastructure?

Traditional data centers allow for servers to be monitored for signs of threat, and isolated where necessary. However, in a VDI environment, you’ll often find that all servers and applications are on the same infrastructure, even end-user applications and those which need more security and control. Desktops are likely to be shared among a large number of users, perhaps only a step away from critical assets, applications, and data. As all of this takes place inside the data center, you’re not covered by traditional security solutions such as perimeter firewalls that only protect the entrance to your network.

An added element to consider is traffic inspection. Most end-user application traffic is encrypted using SSL or TLS, and compliance mandates require a high level of data privacy. At the same time, for security you need to have insight into traffic and communications.

For many organizations, these risks of VDI are too great. If just one VDI machine is compromised, the attacker can make movements elsewhere within the data center, and may well go undetected because of the complex environment.

Step 1: Apply User Identity Access Management

Two powerful technologies can be used together to allow enterprise organizations to leverage VDI without worrying about security concerns. First, let’s look at User Identity Access Management.

This solution often comes hand in hand with a Zero Trust model, as the idea is that any user can only access what they need for their role or activity, and no more. Rather than simply rely on initial authentication, smart User Identity Access Management allows you to create policy based on the identity of the user that is logged in, even when multiple users are connected to the same system at the same time.

Identities can be pulled from the Active Directory, and policy will control both new sessions, and ones that are currently active. Even before a user has logged into an application, protection is in place.

active directory app protection

Step 2: Combine with Application Segmentation

A micro-segmentation solution with granularity can create control over even the most complex environment, helping you to build out your infrastructure in a secure way that gives you peace of mind when using VDI, even defining policy based on a process, label, or other asset information.

For example, using application segmentation, you can ensure that all applications and users within the VDI environment are segmented away from specific business-critical or sensitive applications in the wider data center. You can also ring-fence the VDI environment so that no attackers can achieve lateral movement elsewhere, even in case of a breach.

application segmentation and VDI

Together, you now have a powerful, unbeatable solution. First, your user is limited to only the applications and servers they are allowed to access as mandated by your User Identity Access Management policy. Secondly, each user cannot move outside of their relevant environment, an added layer of defense, without added reliance on any specific network or location.

Reducing Complexity with Visibility

Still in fear of attacker dwell time? Make sure that your security solution comes with real-time visibility into all of your active VDI sessions and their connections. You should be able to see:

    • What specific users are doing, with identification
    • Which processes are currently running and for what purposes
    • How and where the processes are communicating
    • The exact flows that are being generated
    • Which specific applications are being used, and by whom

Another Zero Trust model mandate is to ‘Assume Access’. In this situation, when the assumed breach occurs, your IT team has accurate visibility into the source of the attack, and can see in seconds, (and without any physical or virtual taps) any lateral movement attempts from the original VDI environment to the main data center.

Lose the Fear of a VDI Environment

First, restrict the access from your VDI environment. Secondly, block access by user identity. In two steps, you’re done.

Guardicore Centra makes it simple to say yes to the benefits of a VDI environment. It integrates with Citrix Virtual Apps and Desktops, and Active Directory to reduce the attack surface and improve visibility, even when considering the complex security reality of Virtual Desktop Infrastructure.

Learn More About User Identity Access Management

7 Reasons to Use Guardicore Centra for VDI Deployment

The Virtual Desktop Infrastructure (VDI) continues to gain popularity among our customers due to its many advantages and benefits when deployed within the modern data center infrastructure. However, those deployments lack some of the capabilities that are needed to address the threats that are introduced when moving away from hardware desktops to a virtual environment or remote desktops. Thus, many organizations are still hesitating about VDI and remote desktops in view of security concerns, especially due to the increased attack surface and the fact that endpoint devices, which are vulnerable by nature, share compute resources with the organization’s most critical and important servers inside the data center.

Learn More About User Identity Access Management

Read more