Full Visibility to Halt CyberattacksBy Andrea Villar | Wed, 10/28/2020 - 06:00
Q: How do Guardicore’s services differ from those of other cybersecurity companies?
A: Guardicore was founded in 2012 in Israel, Tel Aviv. We are present in North America and in Latin America. The company was born out of the need to segment networks. We do this to provide complete visibility and understanding of what is happening in the customer's network. We can see the processes that are running on the servers and their dependencies on other assets within the environment so companies can make decisions based on the information they see. We provide visibility that no other competitor in the market has, whether it be firewall, endpoint or IPS. At Guardicore, we distinguish ourselves by easily and simply segmenting and micro-segmenting the assets and servers of a data center.
By having precise and exact control and visibility of how applications and servers communicate, we can detect if any new malicious process is trying to reach a site or if a person is trying to enter a server they do not have the credentials to access. We have the ability to stop this in a very exact way. Right now, there is a trend toward zero trust and we are able to quickly detect security breaches and attempts to attack through lateral movements. This facilitates a zero-trust environment because of the deception characteristics that the tool has for attackers from inside and outside the network.
This works with a three-layer architecture. An agent is installed on each of the servers or virtual machines in the data center. All this information is then concentrated on the client's network and reported to an administration console visible to the client. This makes it an easy tool to implement, allows no changes in the network and no movement. We do not need changes in the switches or firewalls and the client has complete visibility of all the information in their data center. I have many years of experience in this industry and I have sold all the solutions on the market. Guardicore is a first in the market as far as I know. It has no competition in Mexico because it is a unique solution.
Q: What are the main red flags Guardicore looks for in companies that point to lagoons in their cybersecurity and how do you address them?
A: Whenever malware is detected in the data center, the first thing Guardicore does is to scan the network. Once we know the number of devices in that segment, we start moving sideways. We try to reach neighboring machines to prevent any malware from moving laterally, which reduces the attack surface. This allows us to be very precise in detecting security breaches, infections and even false positives within the network. This is not available with Fortinet, Palo Alto or any other security solution.
When ransomware runs on the infected machine, it connects to a server to download a public key and encrypt the information. In other words, it hijacks the information. We prevent that from happening by stopping the communication when malware tries to connect to the controller server. In addition, we provide a detailed report to our clients about what happened. We have been successful in sectors as difficult as banking. Around the world, 60 percent of our customers belong to this sector, including Santander, Deutsche Bank, Orange and UBS.
Q: Has cybersecurity awareness improved among companies in other sectors?
A: Fortunately, it has. A few years ago, the IT department was in charge of this area and it was rare for a company to have its own cybersecurity department. Today, many companies have it and that is a reflection of the growing awareness of this risk. However, Mexico continues to be the third-most cyber-attacked country in Latin America and this means that there is still a long way to go. There are many companies that still do not measure the risk and consequences of an attack. Among the biggest challenges facing cybersecurity companies are budget and the inaction of companies, which prefer to take the risk.
The budget a company allocates to cybersecurity is equivalent to the risk it is willing to take. If a company's customer database costs US$10 million, investing US$100,000 is not a financial sin.
Q: What is needed for companies of all sizes to start taking cybersecurity seriously?
A: Being informed is the first step. There are many solutions in the market but they are very difficult to implement, complicated to manage and also very expensive. In my experience, the most expensive product is not always the best and sometimes it is not what a company needs. Finding a partner or a manufacturer to support and guide you is one of the best ways to understand and halt the attacks. A company cannot protect against what it cannot see and Guardicore helps clients visualize their entire data center to measure the risk.
Guardicore is an Israeli cybersecurity company with a software-only approach. It decouples from the physical network, providing a faster alternative to firewalls to offer security and visibility in the cloud, data-center and endpoint