Environment-agnostic Microsegmentation with Benefits

A few years back, zero trust microsegmentation seemed like one of the hottest new market segments (pun not entirely intended). At least it did to me, as I was working in the space. There were at least half a dozen new companies and a bevy of established vendors fighting it out and trying to make the case for eliminating lateral movement and simplifying management of highly-complex, highly-dynamic hybrid network environments on which apps were becoming the primary component of traffic flow.

Over the last 2-3 years, a few vendors have been acquired by bigger brands, a few are staying the course, and a few are disappearing as commercial contenders. And then there is Guardicore, which is actively building on its core competency and aiming to become a robust network solution. In 2017, Ed wrote about Guardicore and the company's approach to data center microsegmentation. Today, Guardicore Centra, the company's flagship product, remains an agent-based platform which provides customers the ability to visualize process workflows, analyze traffic for anomalous activity, microsegment network environments (on-prem, in the cloud, virtual, containers, hybrid), detect breaches, and respond to incidents.

Speaking recently with Chris Gaebler (CMO), Dave Burton (VP, Marketing), and Dave Klein (Sr. Director, Architecture & Engineering), the Guardicore team told me and Ed that the company currently has two goals: biting off a piece of the firewall market and continuing to establish Guardicore as the leader in the microsegmentation space. Since the last time they spoke with TAG Cyber, the company has built out additional use cases and expanded the ability to apply granular access controls by users and identities (more on that in a bit) versus application-specific policies only, while keeping things simple for customers.

Away from the perimeter

“There are lots of companies still using VLANS and traditional firewalls to segment their networks,” said Klein, “but [doing so is] complicated. It's messy. There are too many steps involved and network infrastructure is impacted. And those tools just don’t work across hybrid environments!” Consequently, Guardicore touts Centra as “a better, software-defined way to segment, without obstructing access.”

Deployed on the workload itself, Centra automatically tracks process-level communication between applications and workflows, correlates movement with network events, and allows admins to apply policies and monitor activity from one single pane of glass. “Because Centra’s policies are application-aware,” said Gaebler, “and they are independent of infrastructure, our customers can create one policy set and apply it seamlessly across environments without experiencing any downtime at all.” The team then went on to tell us that the top use remains prevention of lateral movement, but more and more, customers are seeing how Centra helps protect “the crown jewels,” assists in compliance efforts, and allows development teams to innovate faster.

Expanding core competency

One of the newer aspects of Centra is the proprietary firewall. Because their firewall is built into the agent, not orchestrated via API and not making use of the OS’ own firewall or other integration with a third-party vendor, it can consistently enforce across all workloads on a granular level without contention. The firewall also uses Guardicore’s own cyber threat intel feed to protect against known malware and known-bad IPs.

Other new features include the ability for users to create blacklist policies and block risky communication by process, anywhere and on any port; the ability to integrate with Active Directory to control policies via user identity; and enforce policy by domain name rather than IP, which is helpful in autoscaling environments or when an organization uses geographically-dispersed IP address ranges.

Overall Guardicore has demonstrated nice growth in a crowded sector. As the market for independent microsegmentation tools consolidates, we will be keen to see what new capabilities are added to Centra to help customers gain better control over and simplify management of networks.