The startup, based in San Francisco and Tel Aviv, has now raised $33 million total.
Founded in 2013, GuardiCore was relatively early in preaching the need to secure east-west traffic in the data center — that is, the server-to-server traffic that occurs entirely inside the security perimeter.
The startup’s platform, Centra, redirects suspicious traffic to Active Honeypot, a quarantined zone that serves as a decoy. There, the attacker is allowed to “succeed” in breaking into the network after a realistic number of failed attempts. Analysts can grab the popcorn, observe, and learn more about the attacker.
The way GuardiCore identifies dicey traffic is by looking at failed attempts to gain access to something — a sign that an attacker might have breached the perimeter. That’s different from the more common tactic of leaving “lures” around the network, says Dave Burton, GuardiCore’s vice president of marketing.
It’s also different from the approach of watching absolutely everything that the network does, using big data tools to sniff out trouble. AT&T and startup Vectra are two examples of companies taking that approach.
Another difference GuardiCore claims involves what you do after an attacker is revealed: The information can help a data center operator set better policies for microsegmentation. In other words, the startup believes Centra can be the basis for making network virtualization behave more securely.