Guardicore at RSA: AI-Powered Segmentation, Cloud Native Security
Guardicore’s mission has always been about helping our users protect their critical assets everywhere. This week we’re announcing two new capabilities in our Centra Security Platform that further deliver on that mission: Support for cloud-native resources and AI-powered segmentation. Both capabilities are designed to help security architects segment their assets faster and protect their PaaS resources.
AI-powered segmentation
Centra’s AI-powered segmentation reduces the time it takes to create a segmentation policy for a new or existing application by making it easier to label assets and create the matching rules for them. While we have always been providing an intuitive and simplified segmentation workflow, with our upcoming Centra 5.0 release we’re leveraging AI to automate and further simplify this process.
Powered by real data
Our AI-based algorithm is capable of ‘learning’ tens of thousands of applications and millions of flows, allowing us to provide: 1) tailored policy templates based on the customer’s assets and 2) automatic labels tailored to the customer’s environment. Automatic labeling is done by an analysis of an asset’s network flows. The fact that our network flows have context up to the process level allows us to provide accurate suggestions.
Introducing Guardicore centra policy store
Our Policy Store offers out-of-the-box policy segmentation templates for known ‘household’ applications along with templates for common segmentation use cases. A partial list of household apps include Active Directory, Exchange, Splunk and even Windows operating systems. Common use cases currently include ringfencing, environment segmentation, whitelisting outbound flows etc.
To make it even simpler, we provide recommendations on which applications to segment first, based on our ability to ‘learn’ your environment. Our vision is to create a community around our Policy Store. By providing a flexible policy mechanism we’re hoping customers will upload their own templates to extend the power of the collective cloud. We’ve heard some great ideas for this community in RSA from people who are eager to start building and sharing their own templates. We’re looking forward to seeing the creative stuff our users come up with!
Automatic labeling suggestions
Guardicore Centra automatically discovers, scopes and provides recommendations for how to label an application which is typically the trickiest part of any segmentation project. Our auto labeling is based on network flows analysis down to the process level.
Automatic policy recommendations
Recommendations for segmentation rules are provided based on known application behavior and a predefined set of policy templates for common applications. For example, for Active Directory users, Guardicore Centra will detect your Active Directory servers and then provide a predefined set of rules for securing them, requiring minimal intervention on your side.
Security for cloud-native applications
Building on our broad security coverage across hybrid data center environments, we’re adding protection for cloud-native applications, including serverless computing and Platform as a Service (PaaS). This enables security teams to remove major blindspots in their environments and achieve the same deep level of visibility and control into their cloud-native applications with the Guardicore Centra Security Platform.
The ever-changing datacenter landscape requires security to adapt
Cloud-native is rapidly becoming the new standard for quickly building and scaling new business applications and optimizing existing ones. Until now, providing adequate protection of PaaS services such as AWS S3, Azure SQL, and GCP Cloud Run has required standalone security tools to gain visibility into these resources and understand access patterns. Guardicore has greatly simplified this by integrating cloud-native support into its Centra Security Platform, eliminating the need for processing data from multiple disparate resources.
Superior cloud-native visibility & access control
The Guardicore Centra Security Platform enables IT security teams to visualize access to PaaS services, providing a visual map of all interactions between those services, including end-to-end application flows.
Under the hood
We use multiple data collection methods for cloud-native applications, including cloud APIs, Guardicore agents, and code instrumentation mechanisms for serverless functions. This allows us to turn a collection of disparate logs into a single comprehensible map. We provide a single pane of glass to visualize all cloud resources in use, providing a way to apply a single access policy.
From network flows to application flows
We are able to provide our Centra customers the ability to map their cloud-native resources from the same console they’re using to manage other environments. Instead of trying to make sense of multiple cloud logs, our customers get a single map of their cloud application flows that is easy to understand and manage.
Connect with Us
We’ve gotten some great feedback from RSA visitors and are extremely excited to add these groundbreaking capabilities to make segmentation even easier and relevant to everyone. These features are in early availability for select customers today. If you have any further comments or questions contact us here.
