Guardicore strengthens existing ransomware protection capabilities
Guardicore announced new features that reduce the complexity of segmentation policy creation and enforcement to more effectively secure complex enterprise environments against ransomware attacks.
According to Forrester’s New Tech: Microsegmentation, Q3 20211 report, “Ransomware, once it gets into a network perimeter via phishing or other threat vector, spreads internally through SMB exploits…and RDP exploits…microsegmentation will slow down the propagation of future ransomware.”
Yet, as organizations increasingly adopt cloud, hybrid and OT/IoT technologies, consistent segmentation policy enforcement across operating environments is a primary area of concern. Guardicore’s latest features simplify policy creation and enforcement and strengthen ransomware protection across any environment.
“Repeated headlines of successful ransomware attacks highlight the need for granular segmentation controls that prevent lateral movement and stop attackers from compromising high-value targets,” said Pavel Gurvich, SVP, Akamai Enterprise Security (former CEO of Guardicore). “Our agent-based solution has proven highly effective in stopping ransomware, but agents cannot be deployed in every modern environment. Guardicore Centra’s latest features strengthen existing ransomware protection capabilities, extending coverage to anywhere a business’ ‘crown jewels’ are held.”
Unlike many segmentation vendors, which have limitations on the operating systems and environments they support, Guardicore provides coverage for all environments using a single tool with minimum performance and operational impact. The company creates silos between servers, operating systems, cloud instances, and applications to prevent, detect, and remediate ransomware and advanced attacks. Guardicore’s latest features and benefits include:
- AI labeling and policy suggestion: Implementing effective segmentation begins with mapping assets and ends with enforcing policy. Neither are inherently simple tasks. Guardicore’s latest release tackles both of these challenges. AI labeling that leverages advanced machine learning techniques trivializes the asset mapping phase. Policy suggestions clear the road to enforcement by automatically suggesting the most impactful policies based on uncovered workflows and dangerous or unnecessary traffic patterns.
- Agentless visibility and control: Host-based agents are not always viable, such as in OT environments, IoT devices, legacy mainframes, and medical devices. In order to ensure protection in these types of environments, Guardicore has built an agentless solution, or collector, that offers both visibility and enforcement. Network administrators can configure their switches and flow aggregators like Gigamon, IXIA, and many others to share telemetry and flow data using this collector. Security policies can then be created and converted into ACLs that switches can natively and easily understand.
- DNS Security: The addition of DNS Security adds immediate protection against ransomware attacks at the earliest stage. With this new offering, any user’s DNS request is inspected, allowing the connection to the domain to be blocked at the source. Customers can curate deny lists, import them from a third party, or leverage Guardicore’s threat feed of known malicious domains associated with phishing, malware sites, CnC servers, and more.
“Like many complex hybrid organizations, we struggled with segmentation across modern and legacy systems. The projects were time consuming, costly, and delivered mixed results,” said Tim O’Neill CISM, Head of Information Security, Macmillan Cancer Support. “Guardicore has enabled us to fully complete segmentation projects in a far shorter time and with greater visibility of the complex communications between systems. This has allowed us to continue to adopt new technologies to accelerate organizational pace of innovation while stopping ransomware in its tracks.”