GuardiCore’s Centra architecture is based on three tiers. Collectors are deployed at the infrastructure level while agents are deployed at the guest level. An optional aggregation tier is installed only when agents are deployed, and centralized management and deception is usually provided as SaaS but can also be deployed on-premises.

Native enforcement has Layer 4 and 7 controls, no reliance on firewalls, and consistency across operating systems. It comes DevOps-ready with agent and agentless options. Competitive advantages include visibility, micro-segmentation, breach detection and deception. Layer 7 visibility offers rich context, automatic application and common services discovery, flexible labeling, automated policy recommendations and Layer 4 and 7 enforcement for all platforms are part of GuardiCore’s microsegmentation. Breach detection encompasses multiple techniques, including reputation services and file integrity monitoring. Deception is distributed and dynamic with high-interaction, full platform integration and lateral movement focus.

GuardiCore Reveal provides infrastructure maps on service interaction and application location. Application Discovery works across clouds and shows different environments. This highlights application data sources, utilized ports and data destinations.

Maps can show past information to analyze a specified time period and all communications occurring down to individual server or process levels. Microsegmentation puts policies onto servers and is GuardiCore’s most important offering in our opinion. They push policies to servers. On existing servers and IP addresses, regardless of environment, you can enforce policies across all datacenters and clouds with agents like a massive distributed enforcement layer controlled from one centralized point.

Users choose between whitelist and blacklist models, or some combination of the two.

GuardiCore makes centralizing policies quick and easy with the ability to write global security rules. You can block ports from a single point. To prevent VM machines from communicating, just create the policies. This extreme flexibility even allows blocking non-PCI-compliant machine traffic from communicating with PCI-compliant machines.

When a server tries performing lateral movements, failed connections are tracked and permitted. Attackers’ attempts are redirected in real time to connect to their deception engine. This presents a Windows or Linux machine for the attacker to attack instead. When they try connecting to another machine, they are redirected to one belonging to GuardiCore. As soon as malicious behavior is confirmed, a real-time alert is sent to the user.

Tested by Matthew Hreben