Security Common Practice: Build A Wall Perimeter wall 1 // Guardicore
Spoiler Alert: Wall Will be Breached 2 // Guardicore
The answer: Micro-segmentation Welcome To Zero Trust 3 // Guardicore
Micro-segmentation : Walls don ’ t work in data centers Diverse Multiple Roaming Constant Protection Locations Requirements Change Needs Hybrid cloud Fixed walls (e.g., Modern and legacy Manual rule environments span firewalls, VLANs) can’t deployment models have management can ’ t keep multiple physical follow moving assets different protection pace with DevOps and IT locations requirements automation 4 // Guardicore
The solution: Guardicore’s approach ▪ Provide full visibility ▪ Abstract enforcement from infrastructure ▪ Policy based on context, not IPs 5 // Guardicore
Provide full VISIBILITY See Critical IT Assets Through a Human Lens 6 // Guardicore
Abstract enforcement from infrastructure Create Granular, Platform-Independent Policies, Based on context, not IP Bare Metal Cloud Virtual Containers Machines 7 // Guardicore
Environment Segmentation 8 // Guardicore
Critical Application Ring-Fencing 9 // Guardicore
Third-Party Access Control 10 // Guardicore
Identity-Based Access Control 11 // Guardicore
Architecture: Agent-based overlay 12 // Guardicore
Policy Enforcement on NIC ▪ With Mellanox: Complete network level visibility ▪ No agent on workload Automatic Policy updates ▪ Single centralized managed policy ▪ 13 // Guardicore
Use Cases What is it used for? 14 // Guardicore 14 // Guardicore Confidential
Restricted Appliances / 3 rd -Party OSs Challenges Agentless Segmentation ✓ OS agnostic • Locked-down OS ✓ Participates in the same network policy • Managed exclusively by the 3rd party ✓ Zero Trusted - Ring fence your vendor appliance ✓ Complete traffic visibility for the entire • You need to “ Trust ” it • Requires separate security controls, environment ✓ No performance impact implemented by: ✓ No reliance on the 3rd party vendor • Firewalls ✓ No network changes, no downtime • Top of rack switches • Network appliances 15 // Guardicore
Bare-Metal as a Service Challenges Agentless Segmentation ✓ Distributed policy • OS belongs to the customer, with full ✓ Centrally managed access and control ✓ Built for scale • Cannot trust the OS ✓ DevOps ready - support automation • Separation between tenants by ✓ Detached from the OS, controlled by configuring top-of-rack switches and the provider network appliances ✓ No network changes, no downtime • Limited amount of rules • Managed individually • Hard to maintain and control 16 // Guardicore
High Performance Computing Challenges Agentless Segmentation ✓ Offload the security to the hardware • Overall performance as key factor ✓ Make “ space ” for the things that • Dropping everything that does not matter the most on the OS ✓ Securing every server individually support performance ✓ Use the power of the high- • As a result, security is compromised performance DPU to reduce latency and improve throughput 17 // Guardicore
Recommend
More recommend
