GuardiCore - Centra
Strengths: Very strong feature set, complete coverage of security functionality in a hybrid microsegmented environment.
Weaknesses: None that we found.
Verdict: This is the 800-pound gorilla in this space. It has just about everything – and what it doesn’t have it certainly soon will. We make this our Best Buy this month.
This product is the Full Monty for its type. First, it supports, as do all our products this month, microsegmentation and is based upon workloads. But the similarities stop there.
In addition to performing the usual policy tests on a workload, Centra does a whole lot more. The product includes a built-in honeypot with deception, threat detection based upon reputation, automated policy recommendations, adaptive policy automation and enforcement, and dynamic analytics across the entire cloud footprint including applications, users and workloads. Automation and enforcement is through a centralized policy compute and control engine.
It automatically discovers applications and flows to understand application behavior to the process level. Several of its functions participate in breach detection and automated analysis of attacker methods assists with incident response.
We dropped into the main Centra dashboard and were presented with four broad categories of information: lateral movement, policy violations, network scans and bad reputation. On the same screen were some additional details about each category. This dashboard is intended to answer the question, "Is there anything about which I should be concerned happening on my enterprise?"
Next, we moved to the Reveal screen. This provides a map for all data centers and workloads converged into a single map. Reveal shows a sort of macro view of the enterprise from an application perspective including flows, addresses and other topographical information. From there we could drill down successively to the process level in several steps, each offering more focused information.
Policy development is a snap. To write a microsegmentation policy for a workload simply right click on the application to control how traffic behaves inside the application to create a policy that limits attacker's movement inside the application. This process also works for tweaking microsegmentation rules. From the data center level of Reveal you can click on a non-functioning link - such as a disallowed port - and Centra can create a policy for allowing the connection and push it out to the enterprise. At this point it alerts but does not block or allow... it simply does a what-if to show the impact on the enterprise of deploying the change. Once you are satisfied you can deploy the change with a mouse click.
There are multiple ways to deploy depending upon your environment. Typically, sensors are on-premises and everything else is in the GuardiCore cloud but a full on-prem deployment is available for sensitive environments.
Basic no-cost support is available and there are fee-based support packages as well. Premium support is priced at 25% for 7X24X365 and increased SLA response. A full summary is neatly laid out in table form on the support page of the web site. The web site is clean and well-thought-out. Pricing is reasonable for just about any environment, especially given the packed feature set.
Deployment is straightforward, especially given the product's functionality. Documentation is complete and available on the support portal. We liked this product overall and were especially impressed with its feature set. We have watched GuardiCore develop and we have been impressed with its vision and execution of that vision. We look forward to more good products in the future.