More than a year ago, Akamai has acquired Guardicore to strengthen its Enterprise Security offering with Guardicore’s Software Based Microsegmentation Technology. The Security Engineers at Evolane are excited to share a couple of the most outstanding Guardicore-features with you all. But first things first!
The team has been introduced to Guardicore and every single one of them was surprised of the ways that organizations could benefit from the platform. Guardicore’s technology is here to stop the lateral movement of ransomware by putting a kink in the ransomware kill chain. But of course, being convinced is not enough to bring quality solutions and services to our customers. This is where the hard work comes in!
An intensive, technical training
Last month, our Application Security team, had the opportunity to follow an intensive Guardicore GCSA (Administrator) and GCSE (Engineering) training developed and provided by Akamai. It was a technical deep-dive experience that left us with a lot of useful learnings and an amazing opportunity to bond with our Akamai-colleagues. Want to find out what the key take-aways were? When our Akamai Engineers were asked about the topics they found to be most interesting. This is what they answered:
- Ring Fencing
- Guardicore Deception Service
- Protected Guardicore uninstall Windows option
- Guardicore Insight
During the training, we learned more about the topic Ring-fencing, which in the context of microsegmentation means as much as “drawing a ring around an application to block all the traffic to other applications, except for the traffic flow that is known and legit”. Guardicore provides a ring-fencing template which allows organizations to enable segmentation in only a few clicks. This by allowing only the known ports and even allow these ports on process level. .
Meaning that any other process trying to open this connection (for example netcat, wget, curl or any other library) will be blocked, as they are not not specifically allowed. Guardicore enables unimaginable visibility through “Guardicore Reveal” (a visual representation in the form of a map which allows you to easily zoom into applications and their known traffic flows). This makes modifying the policy rules in a complex environment easy to manage.
2. Guardicore Deception Service
Guardicore’s deceptive technology is an intelligent cybersecurity defence practice that “deceives” attackers with imitations of genuine assets, with the distribution of traps and decoys. This innovative technology enables security teams to collect large amounts of data from malicious actors. Consequently, this information can be used to understand the attacker’s methods, behavioral patterns, motives and even identity. That’s why Guardicore helps to identify and stop actors before they can cause any kind of damage.
How Guardicore does this? It provides complete process-to-process visibility for the entire data center, across multiple VMs, creating a map of application flows between assets (public or private). This is the ultimate proof that Guardicore is a leader in Internal Data Center Security and Breach Detection. An ideal addition to our security offering at Evolane.
3. Protected Guardicore uninstall Windows option
A security solution is as strong as its coverage. Especially on Windows the ‘smarter’ Administrator guys may find a security software installed on ‘their’ servers annoying. Guardicore makes it possible to separate the Windows administrator role from the enterprise wide Guardicore Administrator security role by providing an Agent with the Admin Lock enabled.
4. Guardicore Insight
Guardicore Insight provides powerful endpoint visibility and better security value. Based on the well-known OSQuery, Insight enables writing SQL queries to explore running processes, loaded kernel modules, open network connections, browser plugins, hardware events, file hashes, and more. Users can use SQL queries to extract data from hundreds of tables. Using Insight, users can perform SQL queries on a vast number of Agents and aggregate the results to create labels, build policies, and obtain valuable network forensics. Insight is baked into Guardicore’s Windows and Linux Agents and appears in the Centra UI as Insight. For example, as you can see in the image, Guardicore Insight will tell you if your Windows system is up to date.
During this hands-on training, led by an experienced and passionate Guardicore instructor, we were given enough time between each chapter so that we could try out what we learned. This made the training very effective. It allowed us to use the Guardicore lab setup for various exercises and learn the ins and outs of the product in just five days. This hands-on training was led by an experienced Guardicore teacher, who clearly is passionate about the product. Using Zoom and with sufficient time in between each chapter, so we could try out what we had learned we found the training very effective. In only five days, we were able to use the Guardicore lab setup for several exercises and to learn the ins and outs of the product.
During the course we were able to gain first-hand experience with the product, discuss specific use cases and take both the GCSA and GCSE certification exams. Guardicore was new to all of us, but we ended up with a team of four Guardicore Certified Engineers.
We look forward to using the solution and finding new ways to protect our customers from the growing threats of ransomware. Want to know more about these and other features? Curious about what Guardicore can do for your business? Give us a call, and we’ll be happy to sit down with you!
Read our other blogs
our Perfomance Engineer DylanMeet Dylan! He started at Evolane five years ago as a newbie, as part of an internship… Today, Dylan is a permanent member of the Performance Monitoring Team. And what a member! As a Dynatrace performance engineer, he plays a critical role...
During Cybersec Europe 2023The threat of ransomware attacks is at an unprecedented peak. By 2022, half of all organisations will experience an attack of this category. This came as a total surprise to half of them, because they were convinced that they were...
on Perform 2023 in Las VegasDuring the Cloud Observability Conference “Perform 2023”, organized by our partner Dynatrace, the theme this year was “IT automation”. Dynatrace has announced a series of platform improvements that offer a lot of benefits in efficiency!...