With release 31 we’re continuing to expand our firewall capabilities while making it even simpler for you to build and enforce a segmentation policy.
We’re doing this with features such as identity and FQDN policies. With Identity-based policies, security administrators can set granular, per-user access policies to applications. Domain name (FQDN) rules allow you to set policies based on the target domain name and save time and hassle on typing lists of ever-changing IP addresses. We’ve also integrated a first of its kind Threat Intelligence Firewall that automatically feeds into Centra daily updated blacklists of known bad actors to create rules that alert and block these communications.
In this release we are also shipping many customer requested features that were evaluated on the merit of improving operational efficiency, reducing policy creation time and taking Guardicore usability to higher levels.
Here are some of the highlights of the version:
One key feature introduced in v31 is user-based rules. With this new firewall capability, customers can create rules based on Active Directory user groups to provide granular per-user access to applications. This allows you to control user access to data center and cloud resources. By linking your Active Directory to Centra, Centra is able to retrieve user information. Based on user membership in those Active Directory security groups, we allow users different access to different resources. This way you can make sure that users only access what they are entitled to. For example, this can help allow just the Billing users in your environment to access Billing resources and just the HR users to access their HR resources. No additional infrastructure is required.
You can now create policies that allow access to a specific domain by its domain name rather than its IP addresses. For example, when you want to allow a server to access windowsupdate.com, instead of typing its IP or its IP lists, you can simply refer to it by its domain name. For example, when you want to allow a server to only access github.com, instead of typing its IP or its IP derivatives (dev.github.com, community.github.com, etc.) you can simply refer to it by its domain name – github.com or *.github.com. Select *.github.com to support wildcards. The ability to type a domain name saves the time and hassle of collecting all the possible IPs and keeping track of their validity.
Threat Intelligence Firewall
Guardicore is offering a threat intelligence-based firewall to Centra SaaS users. This feature uses Guardicore’s threat intelligence sensors, distributed across major cloud providers worldwide, to create blacklists of verified malicious IP addresses. Updated daily, these IP blacklists are automatically fed into Centra to create rules to alert and block communications via malicious IP labels: top attackers, top scanners, and top CnC. To get this feature, contact Guardicore Customer Success at firstname.lastname@example.org.
Extended support for legacy systems
Since most of our customer environments include end of life Unix, Windows and Linux that can no longer be patched and therefore pose a risk to the organization, Guardicore has expanded its operating system coverage for those legacy systems and applications. With version 31, the Guardicore Agent supports more legacy operating systems such as Redhat, Oracle and Centos 5, and has also extended its support to AIX which is a proprietary UNIX operating system commonly used by enterprise customers. Now we have the ability to extend our policy coverage to these OSes and reduce the risk they may pose.
While we listed the features that seem to be the most important, there are many more enhancements. Fthe full list of enhancements and capabilities, see the release notes that can be accessed from our customer portal.