Test Your ATT&CK Before the Attack With Guardicore Infection Monkey
https://www.guardicore.com/wp-content/uploads/2020/04/aatck-cover-header.jpg 501 2000 Shay Nehmad https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Shay Nehmad2020-04-27 16:10:562020-04-30 02:04:56Test Your ATT&CK Before the Attack With Guardicore Infection Monkey
https://www.guardicore.com/wp-content/uploads/2020/04/vmw-vul-blog-header-v2-3.jpg 551 1920 JJ Lehmann https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png JJ Lehmann2020-04-15 13:42:562020-04-16 04:03:36What’s a 10? Pwning vCenter with
Guardicore Labs provides a full, detailed technical analysis of the latest vulnerability from VMware – CVE-2020-3952. The bug, which hit the maximal score of CVSS 10.0, allows a malicious actor to take over the complete vSphere infrastructure, with all its machines and servers.
https://www.guardicore.com/wp-content/uploads/2020/03/vollgar-blog-header-logo-scaled.jpg 522 2560 Ophir Harpaz https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Ophir Harpaz2020-04-01 07:54:292020-06-29 11:47:10The Vollgar Campaign: MS-SQL Servers Under Attack
Guardicore Labs uncovers an attack campaign that’s been under the radar for almost two years, breaching MS-SQL servers and infecting them with remote-access tools and cryptominers.
https://www.guardicore.com/wp-content/uploads/2020/01/blog-cover.jpg 550 2000 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2020-01-15 11:32:032020-01-21 03:40:49January 2020’s Patch Tuesday
Guardicore Labs extracts what you need to know regarding the January 2020 Patch Tuesday and data centers.
https://www.guardicore.com/wp-content/uploads/2020/01/zoll-featured-image.png 500 1903 Guardicore Labs Team https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Guardicore Labs Team2020-01-13 06:27:282020-01-14 07:00:02Threats Making WAVs – Incident Response to a Cryptomining Attack
Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.
https://www.guardicore.com/wp-content/uploads/2020/01/Iran-2.jpg 500 1903 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2020-01-08 12:17:452020-01-14 06:07:57Iran Cyber Threats and Defenses
Guardicore Labs explains the danger and current status of online Iranian attacks
https://www.guardicore.com/wp-content/uploads/2019/12/win7eol-blog-cover-v1-80.jpg 500 2700 Daniel Goldberg https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Daniel Goldberg2019-12-15 17:25:402019-12-22 05:10:39Windows Server 2008 R2 and Windows 7 are End of Life
Discover the steps to harden machines running Windows 7, Windows Server 2008 and Windows Server 2008 R2 against the inevitable unpatched vulnerability that will be disclosed for these systems.
https://www.guardicore.com/wp-content/uploads/2019/12/Cloud-blog-4-Segmenting-Users-on-AWS-Workspaces-931x187.jpg 187 931 Avishag Daniely https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Avishag Daniely2019-12-03 00:04:372020-03-26 04:55:38Why You Should Segment Users on AWS WorkSpaces and How it Should be Done
I recently came across a Guardicore financial services customer that had a very interesting use case. They were looking to protect their Virtual Desktop (VDI) environment, in the cloud.
The customer’s setup is a hybrid cloud: it has legacy systems that include bare metal servers, Solaris and some old technologies on-premises. It also utilizes many Virtual environments such as VMware ESX, Nutanix and Openstack.
Concurrently with this infrastructure, the customer has started using AWS and Azure and plans to use containers in these platforms, but has not yet committed to anything specific.
One interesting element to see, was how the customer was migrating its on-premises Citrix VDI environment to AWS workspaces. The customer was happy using AWS workspaces and had therefore decided to migrate to using them in full production. AWS workspaces were especially useful for our customer since the majority of its users work remotely, and it was so much easier to have those users working with an AWS WorkSpace than relying on the on-premises, Citrix environment.
Working with an AWS WorkSpace – a Use Case
In Forrester’s Now Tech: Cloud Desktops, Q4 2019 report, cloud desktops and their various offerings are discussed. Forrester states that “you can use cloud desktops to improve employee experience (eX), enhance workforce continuity, and scale business operations rapidly.” This is exactly what our customer was striving to achieve with AWS WorkSpaces.
What is an AWS WorkSpace, Anyway?
AWS Desktops are named “Amazon WorkSpaces”, and they are a Desktop-as-a-Service (DaaS) solution that run on either Windows or Linux desktops. AWS provides this pay-as-you-launch service all around the world. According to AWS “Amazon WorkSpaces helps you eliminate the complexity in managing hardware inventory, OS versions and patches, and Virtual Desktop Infrastructure (VDI), which helps simplify your desktop delivery strategy. With Amazon WorkSpaces, your users get a fast, responsive desktop of their choice that they can access anywhere, anytime, from any supported device.”
To get started with AWS workspaces click here.
AWS WorkSpace Infrastructure was missing something?
Our customer was using AWS WorkSpaces and scaling their utilization rapidly. This resulted in a need to add a security layer to these cloud desktops. In AWS when users access the WorkSpaces, upon access, they are automatically assigned a workspace, and a dynamic IP. Controlling this access is challenging using traditional network segmentation solutions that are IP based. Thus, our customer was looking for a solution with the following features:
- First and foremost within the newly adopted cloud platform
- Secondly, not just an understanding of traffic between legacy systems on-premises and in the cloud individually, but visibility into inter-platform communications, too.
- Special attention for Amazon WorkSpaces:
- User-level protection: Controlling which users from AWS workspaces should and could interact with the various applications the customer owned, on-premises or in the cloud.
- Single policy across hybrid-cloud: What was once implemented on-premises alone, now needed to be implemented in the cloud, and not only in the cloud, but cross cloud to on-premises applications. The customer was looking for simplicity, a single tool to control all policies across any environment.
Tackling User Segmentation with Guardicore Centra
Our customer evaluated several solutions, for visibility, segmentation and user identity management.The customer eventually choose Guardicore Centra, for the ability to deliver all of the above, from a single pane of glass, and do so swiftly and simply.
Guardicore was able to provide visibility of all workloads, on premises or in the cloud, across virtual, bare metal and cloud environments, including all assets, giving our customer the governance they needed of all traffic and flows, including between environments.
On top of visibility, Centra allowed an unprecedented amount of control for the customer. Guardicore policies were set to control and enforce allowed traffic and add an additional layer of user identity policies to control which users from the AWS workspaces could talks to which on-premises applications. As mentioned previously, upon access to AWS workspaces, users are automatically assigned a workspace, with a dynamic IP. Thus traditional tools that are IP based are inadequate, and do not provide the flexibility needed to control these user’s access. In contrast, Guardicore Centra enables creating policies based on the user’s identity to the datacenter and applications, regardless of IP or WorkSpace.
Work Safely on VDI with Centra
Guardicore Centra provides distributed, software-based segmentation, enabling user identity access management. This enables additional control of the network, among any workloads.
Centra enables creating policy rules based on the identity of the logged in user. Identities are pulled from the organizational Active Directory integrated with Centra. Centra requires no network changes and no downtime or reboot of systems. Policies are seamlessly created, and take real time effect, controlling new and active sessions alike.
This use case is just one example of how Guardicore Centra simplifies segmentation, and enables customers fine-grained visibility and control. Centra allows an enterprise to control user’s access anywhere, setting policy that applies even when multiple users are logged in at the same time to the same system, as well as managing third party, administrators and network users’ access to the network.
https://www.guardicore.com/wp-content/uploads/2019/10/zt-blog-cover-label-sticker.png 4801 15201 Shay Nehmad https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Shay Nehmad2019-10-29 04:08:262020-04-07 00:27:15Guardicore Infection Monkey for Zero Trust
Guardicore Labs releases new Zero Trust features to the Infection Monkey to help organizations assess their zero trust security posture quickly and easily.
https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-press-releases-logo-banner2.jpg 200 920 Dave Burton https://www.guardicore.com/wp-content/uploads/2019/02/guardicore-logo-white-space.png Dave Burton2018-04-17 05:43:422019-11-07 02:19:27Guardicore Enables Secure Rapid Container Deployment
Guardicore Centra Security Platform Reduces Compliance Risks, Enforces Security Policies Within Containerized Applications and Workloads