GuardCore Centra Security Platform
The GuardiCore Centra™ Security Platform provides real-time breach detection and response that leverages process-level visibility, micro segmentation policy monitoring and threat deception to quickly detect and respond to advanced threats inside data centers. And it does this with minimal performance impact on servers and with no disruption of legitimate data center traffic. This includes advanced persistent threats (APTs), insider threats and malware propagation. It identifies the attacker’s footprint, automatically quarantines infected machines for remediation and provides comprehensive visibility into application flows. And we can support virtually any data center infrastructure, whether workloads are running on bare metal, virtualized environments, containers or in private or public clouds. Bottom line: our security solution allows our customers to dramatically reduce the time to detect and respond to breaches in the data center — reducing the “dwell time” — potentially saving organizations millions of dollars in data theft, incident response and remediation.
Key Capabilities of GuardiCore Centra Security Platform:
Process-Level Visibility: GuardiCore discovers and tracks process-level activity across applications and correlates it with network events, providing a visual map of the entire data center network. It detects anomalies and generates incidents, allowing the administrator to get a quick view of all workloads, and the ability to deep-dive into specific assets, processes and time frames. This application layer visibility provides context for a given piece of traffic that is also valuable to define granular micro-segmentation policies.
Internal Breach Detection – GuardiCore makes it possible to detect, understand and scope illicit activity to identify security breaches inside the data center. Illicit activity includes backdoor installations, password harvesting, running exploits, policy violations, scanning of multiple, sequential IP addresses, manipulation of log files and attack tools. It provides breach scoping, impact and footprint across all data center environments, including virtualized and hybrid servers, hypervisors, containers, bare metal environments and public clouds.
Threat Deception & Attack Analysis – Guardicore automatically and transparently redirects suspected traffic to a highly monitored decoy environment to isolate and investigate illicit activity inside the data center. We essentially take this investigation out of band into an isolated environment and out of the production environment. Distributed agents seamlessly redirect access attempts to filtered/firewalled/closed ports on existing machines to a deception engine to capture and isolate suspect activity. Centralized management performs semantic analysis of suspect activity and alerts on any deviation from authorized and expected behavior. Attack information is provided in human-readable language.
GuardiCore Unique Advantages:
Most complete stack for breach detection and response in the data center – GuardiCore is the only platform that covers all of these five critical areas for securing east-west traffic in the data center in a single platform: Visibility, Micro-Segmentation, Breach Detection, Automatic Analysis, Response.
Focused on securing east-west traffic in the data center — Legacy security solutions like firewalls, intrusion detection and prevention and security information and event management (SIEM) tools are focused at monitoring north/south traffic (entering and leaving the perimeter) and are mainly focused on only finding an initial intrusion. They were never designed to be effectively deployed inside a high traffic, virtualized data center.
Lightweight architecture – GuardiCore’s lightweight, distributed architecture scales to cover all east-west traffic inside the data center without impacting performance.
High-interaction deception – GuardiCore deception technology employs real machines, services and IP addresses rather than far less effective emulation techniques. This ensures a high-interactive, believable deception environment that is more effective at luring and engaging confirmed attackers in the data center.
Supports virtually any data center environment – Support for a broad set of data center and cloud technologies including bare metal servers, virtualized servers, SDNs, containers and public or provide clouds enables GuardiCore to fully protect any environment.