GuardiCore Centra provides visibility, protection through advanced micro segmentation

Micro segmentation is one of the most advanced security methods that organizations can employ to protect critical assets, users, and data from both outside hackers and malicious insiders. Authorizing every process, app, user and service within a network, and what each of them can do and how they can interact, while denying everything else, is a heck of a gauntlet to throw down. It’s difficult not to use an adjective like bulletproof when describing good micro segmentation, even though we know the bad guys always seem to find a way around security eventually.

The biggest problem with micro segmentation is that it requires a huge amount of insight and visibility into a network to be protected, at both layer 4 and layer 7, which almost no organization currently has. It’s also by its nature very limiting, tightly restricting what users can do and how they can do it. Unless there is some relatively smooth procedure for authorizing new, or modifying old, processes on a network as needed, micro segmentation could accidentally restrict valid users from doing their jobs.

What GuardiCore Centra offers

The GuardiCore Centra solution takes these factors into account, eliminating much of the complexity normally associated with micro segmentation from the initial installation to ongoing program management. It’s even designed to be installed in stages if desired, existing as a robust but scaled down, agentless protection program at layer 4, or as a full-scale micro segmentation solution with agents employed on all assets in a layer 7 enabled protection suite.

Centra is also flexible enough to be deployed in virtually any configuration including on premises, within a cloud environment, or as software as a service (SaaS) running in the GuardiCore cloud. In the SaaS model, no proprietary information leaves the host network, only metadata. It can even operate in clouds that employ heavy software-defined networking, constantly adapting and tracking the shifting network topography. Pricing for Centra is likewise designed to fit into any environment and generally follows a scaled annual subscription model with costs starting at $2,500 per physical server protected and $250 per virtual machine.

Users get access to the entire Centra suite with their subscription, including the ability to operate at layer 4 or layer 7, a discovery and visibility component, and even a dynamic deception tool to capture rogue users or apps attempting to violate segmentation rules. GuardiCore Centra was tested on virtual machines running in a cloud environment.

Visibility into network assets and activity

Because there can be no micro segmentation without visibility, GuardiCore Centra concentrates first on providing an extremely deep view of network assets and activity. In can do this in one of two ways. First, a virtual collector appliance can be deployed to collect traffic and application data. This gives a lot of insight as to activity, including the ports that various applications are using, and the data can be a good starting point to defining new policies as part of segmentation.

GuardiCore

Centra also provides a visual map to help make all those interactions easier to comprehend and trace. Using Centra this way provides good visibility, but not all the extremely fine details needed for true micro segmentation. Even though it only protects at layer 4 this way, that data can be used by organizations that don’t want, or which are not yet comfortable, deploying agents.

The true strength of Centra becomes evident when moving to layer 7 protection, which can be activated at any time by deploying agents onto every virtual machine, container, and bare metal hypervisor. The network map made by the collectors looking at layer 4 traffic will likely remain about the same, just with many more details once the agents are in place and able to see absolutely everything. This added functionality was tested as part of this evaluation.

Setting up micro segmentation and rules

Once visibility is gained, administrators can begin setting up segmentation and micro segmentation. The first step is working on deny rules, and the first thing they will likely want to start with is compliancy. Every industry likely has some form of compliancy or best practices that are either suggested or enforced on those working within it. These rules are generally not that detailed, more of a commonsense type of thing, but are nonetheless important.

GuardiCore

For this test, we implemented the Payment Card Industry Data Security Standard (PCI DSS) as our first step in deny rules creation. Because this includes having no open protocols, it immediately locked down quite a few clear violations once the rule was activated. From the main console, it was easy to see what users and apps were affected. This allowed us, if we wanted, to build alternative allow rules to let folks do their jobs, but in a safe way that could be authorized and monitored by the program moving forward.

GuardiCore

After the deny rules are in place, implementing the allow rules is the next step. Here again Centra is great in that it shows every process down to the protocol level that is happening within the network. It was extremely easy to walk through every step the app took within the network and when communicating with the outside world, authorizing those individual actions and locking them down so there could be no variation from them in the future. Centra shows green lines in the interface to designate processes that are specifically allowed by micro segmentation.

To test the segmentation, an extremely stealthy attack was employed where a malicious program was installed on a valid server. The program attempted to initiate an authorized process using the same pathway and port as its authorized twin, even using the same protocol which had been allowed by Centra. Even monitoring at layer 4, this would have probably been allowed, but the layer 7 visibility offered by Centra detected this attack even though it was mirroring an authorized process and pathway to the letter. Why? Because the hash of the initiating process was different from the authorized one. Centra spotted this doppelganger and could take appropriate action, blocking it altogether or sending it to a deception point. Violation reports can also be bundled using open-source protocols and sent do any connected SIEM.

The addition of a deception component makes the micro segmentation offered by GuardiCore Centra even more powerful. Instead of blocking illegal processes, Centra can redirect them to dynamic deception points where it records every action the malicious program or user takes, including a series of screenshots that makes auditing every easy. The deception network is state-aware, so if, for example, a valid server goes offline for maintenance, users who try to access it at that time are not sent to deception points by accident.

GuardiCore

Even given the extremely helpful visibility and graphical interface of the GuardiCore Centra Solution, setting up deep micro segmentation could still be a lengthy process for extremely complex networks. The difference here is that the program itself won’t multiply that timeframe. It’s extremely user-friendly, a real surprise given its power. Users will probably not require much more than a day of training.

The GuardiCore Centra solution offers one of the most efficient ways to begin implementing powerful security using micro segmentation. The fact that it is so easy to use, reasonably priced, and can be dropped into any physical or virtual environment is just icing on the cake for this impressive security toolset.

More on segmentation

• Illumio 2.0 takes the complexity out of micro-segmentation
• How vArmour restores the security perimeter
• The 6 phases of adopting cloud security practices
• Old Windows Server machines can still fend off hacks. Here’s how
• Realistic ways to lock down IoT