Guardicore Microsegmentation Training

4 Important Learnings

More than a year ago, Akamai has acquired Guardicore to strengthen its Enterprise Security offering with Guardicore’s Software Based Microsegmentation Technology. The Security Engineers at Evolane are excited to share a couple of the most outstanding Guardicore-features with you all. But first things first!

The team has been introduced to Guardicore and every single one of them was surprised of the ways that organizations could benefit from the platform. Guardicore’s technology is here to stop the lateral movement of ransomware by putting a kink in the ransomware kill chain. But of course, being convinced is not enough to bring quality solutions and services to our customers. This is where the hard work comes in!

An intensive, technical training

Last month, our Application Security team, had the opportunity to follow an intensive Guardicore GCSA (Administrator) and GCSE (Engineering) training developed and provided by Akamai. It was a technical deep-dive experience that left us with a lot of useful learnings and an amazing opportunity to bond with our Akamai-colleagues. Want to find out what the key take-aways were? When our Akamai Engineers were asked about the topics they found to be most interesting. This is what they answered:

  1. Ring Fencing
  2. Guardicore Deception Service
  3. Protected Guardicore uninstall Windows option
  4. Guardicore Insight

“Guardicore’s technology stops ransomware-attacks

by breaking the ransomware kill chain”

1. Ring-Fencing

During the training, we learned more about the topic Ring-fencing, which in the context of microsegmentation means as much as “drawing a ring around an application to block all the traffic to other applications, except for the traffic flow that is known and legit”. Guardicore provides a ring-fencing template which allows organizations to enable segmentation in only a few clicks. This by allowing only the known ports and even allow these ports on process level. .

 

Meaning that any other process trying to open this connection (for example netcat, wget, curl or any other library) will be blocked, as they are not not specifically allowed. Guardicore enables unimaginable visibility through “Guardicore Reveal” (a visual representation in the form of a map which allows you to easily zoom into applications and their known traffic flows). This makes modifying the policy rules in a complex environment easy to manage.

“Ring-Fencing you apply to block all traffic to other applications except what is known and legitimate”

2. Guardicore Deception Service

Guardicore’s deceptive technology is an intelligent cybersecurity defence practice that “deceives” attackers with imitations of genuine assets, with the distribution of traps and decoys. This innovative technology enables security teams to collect large amounts of data from malicious actors. Consequently, this information can be used to understand the attacker’s methods, behavioral patterns, motives and even identity. That’s why Guardicore helps to identify and stop actors before they can cause any kind of damage.

How Guardicore does this? It provides complete process-to-process visibility for the entire data center, across multiple VMs, creating a map of application flows between assets (public or private). This is the ultimate proof that Guardicore is a leader in Internal Data Center Security and Breach Detection. An ideal addition to our security offering at Evolane.

3. Protected Guardicore uninstall Windows option

A security solution is as strong as its coverage. Especially on Windows the ‘smarter’ Administrator guys may find a security software installed on ‘their’ servers annoying. Guardicore makes it possible to separate the Windows administrator role from the enterprise wide Guardicore Administrator security role by providing an Agent with the Admin Lock enabled.

“Guardicore’s deception service provides visibility across all data centers and VMs, mapping application flows between assets.”

4. Guardicore Insight

Guardicore Insight provides powerful endpoint visibility and better security value. Based on the well-known OSQuery, Insight enables writing SQL queries to explore running processes, loaded kernel modules, open network connections, browser plugins, hardware events, file hashes, and more. Users can use SQL queries to extract data from hundreds of tables. Using Insight, users can perform SQL queries on a vast number of Agents and aggregate the results to create labels, build policies, and obtain valuable network forensics. Insight is baked into Guardicore’s Windows and Linux Agents and appears in the Centra UI as Insight. For example, as you can see in the image, Guardicore Insight will tell you if your Windows system is up to date.

Overall Experience

During this hands-on training, led by an experienced and passionate Guardicore instructor, we were given enough time between each chapter so that we could try out what we learned. This made the training very effective. It allowed us to use the Guardicore lab setup for various exercises and learn the ins and outs of the product in just five days. This hands-on training was led by an experienced Guardicore teacher, who clearly is passionate about the product. Using Zoom and with sufficient time in between each chapter, so we could try out what we had learned we found the training very effective. In only five days, we were able to use the Guardicore lab setup for several exercises and to learn the ins and outs of the product. 

During the course we were able to gain first-hand experience with the product, discuss specific use cases and take both the GCSA and GCSE certification exams. Guardicore was new to all of us, but we ended up with a team of four Guardicore Certified Engineers.

We look forward to using the solution and finding new ways to protect our customers from the growing threats of ransomware. Want to know more about these and other features? Curious about what Guardicore can do for your business? Give us a call, and we’ll be happy to sit down with you!

 

 

.

Read our other blogs

Knowledge Sharing Microsegmentation

Knowledge Sharing Microsegmentation

Cybersecurity Experience The Netherlands and IT Leadership Belgium 2022At Evolane we are firm believers in the power of collaborations and knowledge sharing! And which place is better to meet new people than specialized networking events? In the fall of 2022, we were...

read more
A Day In The Life Of

A Day In The Life Of

Our Customer Success Manager DaveCurious about how Evolane works? Interested in a job in our team? Dave guides you through his day as a Customer Success Manager at Evolane. Because who is better placed to tell you about this workplace than one of your possible future...

read more
Kinepolis Success Ride

Kinepolis Success Ride

Success fit for a global purposeKinepolis is a brand we all recognize instantly, being a household name in the best movie experiences, as well as a world-class set of professionals, fun to work with. We acted – and are still acting – as their go-to team in bringing...

read more