Guardicore announced visibility and segmentation features in the Guardicore Centra platform that enable security teams to stop ransomware and lateral movement. Guardicore’s software-based approach enables security teams to segment the network faster than any other solution on the market, creating silos between servers, applications, operating systems, and cloud instances to prevent, detect, and remediate ransomware attacks.
Ransomware, once simply a nuisance strain of malware used by bad actors to restrict access to files and data through encryption, has morphed into a multi-faceted attack method that is costing businesses billions in damages. Recent attacks such as JBS and Colonial Pipeline prove it takes just seconds to breach an organization and exfiltrate data.
Guardicore Centra enables security teams to protect against lateral movement in ransomware attacks with software-based segmentation. Enterprises gain a single, scalable platform with real-time threat detection and response capabilities to detect lateral movement and minimize dwell time throughout the entire cyberattack kill chain.
“During a breach, restoring business operations is one of the top priorities. Ransomware suspends a company’s ability to operate, especially if it is unknown how the attacker gained footing within the environment and if he’s still active,” said Ben Harel, Chief Information Security Officer, Entara. “Guardicore enables us to restore operations twice as fast when compared to traditional IR engagements, allowing us to instantly create clean segmented environments to bring business operations online.”
Guardicore Centra empowers organizations to visualize and segment assets across the edge, data center, cloud, or hybrid cloud infrastructure to prevent, detect, and mitigate ransomware attacks. The platform’s visibility and segmentation capabilities enable security teams to isolate critical applications faster, block lateral movement, and reduce the time required to resolve an incident.
Prevent initial infection with full visibility across the network
Guardicore Centra allows network administrators, IT teams, and security personnel to visualize their entire network and easily detect assets — database servers included — that receive connections from anywhere, including the internet. Security teams gain full visibility, down to the process level, of communications and dependencies between every asset on a network, enabling security teams to protect critical assets and high-risk components from ransomware.
Isolate and contain lateral movement
Lateral movement is critical to an attack’s success. If malware can’t spread beyond its landing point, it’s ineffective. Guardicore Centra’s visibility and segmentation features enable security teams to set up policies for servers and desktops within a single console with a few clicks to prevent and contain an initial breach effectively.
Creating micro-perimeters around critical applications, backups, file servers, and databases, Guardicore Centra enables security teams to create zero-trust segmentation policies that restrict traffic between users, applications and devices to reduce the attack surface drastically. By implementing denialist rules, security teams can isolate threats quickly to shut down the malware before it gets out of hand.
Detect breaches faster to avoid the spread
Outdated technology and “good enough” defense strategies focused solely on perimeters and endpoints are not enough to stop today’s evolving ransomware campaigns. Guardcore Centra enables organizations to detect breaches up to 20x faster by pushing out alerts when lateral movement and other suspicious behaviors are detected. The platform’s AI-powered scan detection tools and threat hunting service alert you in real-time to any attempts to gain access to segmented applications and backups to minimize dwell time and catch attackers before they can move past the landing point.
Remediation without unplugging the router
Once ransomware is detected in the network, it’s imperative to shut it down immediately. Guardicore Centra provides an easy-to-use, pre-built ransomware recovery and response template to enable security teams to restrict traffic between infected machines and isolated clean machines. With the pre-built template, security teams easily maintain operational continuity of clean machines without fearing risk of (re)infection from isolated devices.
“Ransomware attacks shine the light on a problem that has been long overdue: stopping lateral movement,” said Rami Katz, VP Product, Guardicore. “Any organization that can detect and block unauthorized lateral movement early in the attack chain is better positioned to reduce the impact of ransomware and similar threats. Guardicore Centra is the solution to mitigate ransomware. Our powerful visibility and segmentation capabilities enable enterprises to isolate ransomware in just a few clicks and stay one step ahead of today’s cybercriminals.”