SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Guardicore steps in against ransomware attacks with latest release
Fri, 19th Nov 2021
FYI, this story is more than a year old

Guardicore has released new features to reduce the complexity of segmentation policy creation and enforcement to more effectively secure complex enterprise environments against ransomware attacks.

According to Forrester's New Tech: Microsegmentation, Q3 2021 report, “Ransomware, once it gets into a network perimeter via phishing or other threat vector, spreads internally through SMB exploits... and RDP exploits... microsegmentation will slow down the propagation of future ransomware.

However, Guardicore states that as organisations increasingly adopt cloud, hybrid and OT/IoT technologies, consistent segmentation policy enforcement across operating environments is a primary area of concern.

Addressing this issue, Guardicore's latest features are designed to simplify policy creation and enforcement, and strengthen ransomware protection across any environment.

Guardicore states it provides coverage for all environments using a single tool with minimum performance and operational impact.

The company creates silos between servers, operating systems, cloud instances, and applications to prevent, detect, and remediate ransomware and advanced attacks.

Guardicore's latest features and benefits include the following:

AI labelling and policy suggestion: Implementing effective segmentation begins with mapping assets and ends with enforcing policy. Neither are inherently simple tasks.

Guardicore's latest release tackles both of these challenges. AI labelling that leverages advanced machine learning techniques trivialises the asset mapping phase.

Policy suggestions clear the road to enforcement by automatically suggesting the most impactful policies based on uncovered workflows and dangerous or unnecessary traffic patterns.

Agentless visibility and control: Host-based agents are not always viable, such as in OT environments, IoT devices, legacy mainframes, and medical devices.

In order to ensure protection in these types of environments, Guardicore has built an agentless solution, or collector, that offers both visibility and enforcement.

Network administrators can configure their switches and flow aggregators like Gigamon, IXIA, and many others to share telemetry and flow data using this collector.

Security policies can then be created and converted into ACLs that switches can natively and easily understand.

DNS Security: The addition of DNS Security adds immediate protection against ransomware attacks at the earliest stage. With this new offering, any user's DNS request is inspected, allowing the connection to the domain to be blocked at the source.

Customers can curate deny lists, import them from a third party, or leverage Guardicore's threat feed of known malicious domains associated with phishing, malware sites, CnC servers, and more.

Akamai Enterprise Security (former CEO of Guardicore) SVP, Pavel Gurvich, says, “Repeated headlines of successful ransomware attacks highlight the need for granular segmentation controls that prevent lateral movement and stop attackers from compromising high-value targets.

“Our agent-based solution has proven highly effective in stopping ransomware, but agents cannot be deployed in every modern environment.

"Guardicore Centra's latest features strengthen existing ransomware protection capabilities, extending coverage to anywhere a business' ‘crown jewels' are held.