Build A Wall Perimeter wall 1 // Guardicore Spoiler Alert: Wall - - PowerPoint PPT Presentation

build a wall
SMART_READER_LITE
LIVE PREVIEW

Build A Wall Perimeter wall 1 // Guardicore Spoiler Alert: Wall - - PowerPoint PPT Presentation

Dec 24, 2022 353 likes •532 views

Security Common Practice: Build A Wall Perimeter wall 1 // Guardicore Spoiler Alert: Wall Will be Breached 2 // Guardicore The answer: Micro-segmentation Welcome To Zero Trust 3 // Guardicore Micro-segmentation : Walls don t work

slide-1
SLIDE 1

1 // Guardicore

Security Common Practice:

Build A Wall

Perimeter wall

slide-2
SLIDE 2

2 // Guardicore

Wall Will be Breached

Spoiler Alert:

slide-3
SLIDE 3

3 // Guardicore

The answer:

Micro-segmentation

Welcome To Zero Trust

slide-4
SLIDE 4

4 // Guardicore

Micro-segmentation: Walls don’t work in data centers

Constant Change Multiple Locations Roaming Requirements Diverse Protection Needs

Hybrid cloud environments span multiple physical locations Fixed walls (e.g., firewalls, VLANs) can’t follow moving assets Modern and legacy deployment models have different protection requirements Manual rule management can’t keep pace with DevOps and IT automation

slide-5
SLIDE 5

5 // Guardicore

▪ Provide full visibility ▪ Abstract enforcement from

infrastructure

▪ Policy based on context,

not IPs The solution:

Guardicore’s approach

slide-6
SLIDE 6

6 // Guardicore

Provide full VISIBILITY

See Critical IT Assets Through a Human Lens

slide-7
SLIDE 7

7 // Guardicore

Abstract enforcement from infrastructure

Create Granular, Platform-Independent Policies, Based on context, not IP

Bare Metal Virtual Machines Cloud Containers

slide-8
SLIDE 8

8 // Guardicore

Environment Segmentation

slide-9
SLIDE 9

9 // Guardicore

Critical Application Ring-Fencing

slide-10
SLIDE 10

10 // Guardicore

Third-Party Access Control

slide-11
SLIDE 11

11 // Guardicore

Identity-Based Access Control

slide-12
SLIDE 12

12 // Guardicore

Architecture:

Agent-based overlay

slide-13
SLIDE 13

13 // Guardicore

With Mellanox:

No agent on workload

▪ Policy Enforcement on NIC ▪ Complete network level visibility ▪ Automatic Policy updates ▪ Single centralized managed policy

slide-14
SLIDE 14

14 // Guardicore 14 // Guardicore Confidential

What is it used for?

Use Cases

slide-15
SLIDE 15

15 // Guardicore

Restricted Appliances / 3rd-Party OSs

Challenges

  • Locked-down OS
  • Managed exclusively by the 3rd party

vendor

  • You need to “Trust” it
  • Requires separate security controls,

implemented by:

  • Firewalls
  • Top of rack switches
  • Network appliances

Agentless Segmentation

✓ OS agnostic ✓ Participates in the same network policy ✓ Zero Trusted - Ring fence your

appliance

✓ Complete traffic visibility for the entire

environment

✓ No performance impact ✓ No reliance on the 3rd party vendor ✓ No network changes, no downtime

slide-16
SLIDE 16

16 // Guardicore

Bare-Metal as a Service

Challenges

  • OS belongs to the customer, with full

access and control

  • Cannot trust the OS
  • Separation between tenants by

configuring top-of-rack switches and network appliances

  • Limited amount of rules
  • Managed individually
  • Hard to maintain and control

Agentless Segmentation

✓ Distributed policy ✓ Centrally managed ✓ Built for scale ✓ DevOps ready - support automation ✓ Detached from the OS, controlled by

the provider

✓ No network changes, no downtime

slide-17
SLIDE 17

17 // Guardicore

High Performance Computing

Challenges

  • Overall performance as key factor
  • Dropping everything that does not

support performance

  • As a result, security is compromised

Agentless Segmentation

✓ Offload the security to the hardware ✓ Make “space” for the things that

matter the most on the OS

✓ Securing every server individually ✓ Use the power of the high-

performance DPU to reduce latency and improve throughput