Israeli startup GuardiCore isn’t just thinking about what SDN security can do, but what it should do. And with software-defined networking (SDN), virtualized data centers might stand a better chance against threats.

Operating under the radar for months, GuardiCore was founded by Vice President of Marketing Dror Sal’ee alongside CEO Pavel Gurvich and CTO Ariel Zeitlin. Together, they bring years of experience working in cyber security, including defense forces and industry.

Today, GuardiCore announced a new round of financing. With $1.6 million from previous investors, it has brought in $11 million in funding from Battery Ventures, Greylock IL, as well as undisclosed strategic investors.

Despite being tight-lipped about its work (easily seen from the company’s web site), GuardiCore is aiming to enhance security in data centers, in order to detect and break attackers’ “kill chains” before it’s too late.

Since sensitive enterprise data and critical business applications are often housed in an organization’s data center, they have become prime targets for attacks. Sal’ee noted the rising sophistication of attacks, which leave data centers vulnerable and creates a problem that many companies have yet to address.

GuardiCore’s product, Active Honeypot, uses SDN security to find attacks before they pose serious issues for data centers and their companies. GuardiCore capitalized on the realization that data centers were there first to adopt SDN capabilities, as most are already virtualized. Seeing the pertinence of data center security and the lack of companies focusing on SDN-driven security infrastructure, GuardiCore got to work.

“Our team has intensive background in security, and we know from our experience that data centers are extremely unprotected in contrast to their value,” said Sal’ee. “Theft, manipulation or destruction of data center assets can take a company out of business.”

GuardiCore installs its product within the data center network and secures it from the inside. It can detect an attack once inside the data center, and neutralize the threat in real time. It does this by detecting a blocked connection attempt, redirecting to an ambush server, and then allowing an attacker to “succeed” after several failed attempts within a closely monitored environment. In doing this, not only are data centers more protected, but it also provides insights on attack tools and techniques to help amplify future security measures.

“We need to rethink network security,” said Gurvich. “Do what you should do and not what you can do.”