News

Start-Up Has New Approach for SDN Security

• By David Ramel
• 08/19/2014

GuardiCore Ltd. doesn't think you can keep the bad guys out of your datacenter, so it's going to fight them after they get in, using software-defined networking (SDN) techniques to protect SDNs.

"Despite all tools deployed to fend off attacks, attackers' sophistication is growing and attacks do find their way into the datacenter," the company said. Most datacenter security efforts try to protect the perimeter, but numerous vulnerabilities exist, whether caused by human error, misconfiguration of security products, spear phishing, drive-by downloads or many other vectors. Just ask Google Inc., Yahoo Inc., Huawei Technologies Co., Ltd., RSA, Lockheed Martin Corp. and other victims of well-publicized datacenter breaches.

And those infiltrations are representative of attacks about which the public has learned. Many companies might want to keep such breaches secret -- if they even know about the attacks themselves. GuardiCore quoted a report from security company Mandiant that said it takes an average of 243 days to detect such breaches, and they're usually discovered outside of the victimized company.

"As the datacenter evolves to a more software-defined model, enterprises need to think about security in radically different ways," said Scott Tobin of company investor Battery Ventures. "Traditional security techniques have focused on keeping the bad guys out of the perimeter. But as we've seen in recent, high-profile security breaches, these methods are far from complete. GuardiCore's approach assumes you have already been compromised and provides levels of visibility and protection that were previously unattainable." Battery Ventures is leading an $11 million round of financing for the Israeli start-up that was founded last year, according to an announcement yesterday.

Because traditional security measures inside the datacenter are based on what can be done instead of what should be done, GuardiCore is touting its new approach to deal with the vast amount of traffic within a datacenter -- "east-west" traffic instead of "north-south" traffic going in and out of the perimeter. With huge amounts of traffic being moved around at incredible speed, the company said traditional context-aware security solutions such as IDS, IPS, sandboxing, deep packet inspection and threat emulation aren't effective.

The company is taking advantage of new capabilities offered by the exploding SDN technologies in its effort to provide security for software-defined datacenters.

"SDN is an opportunity to introduce advanced security controls and capabilities into the datacenter network in a way that can scale to the demands of a large datacenter and offer a dynamic and proactive security control framework, detecting and mitigating an attack at an early stage," the company said. "Using these principles, GuardiCore offers a security platform, targeting the detection and prevention of attack techniques used by hackers in the propagation and control phases of the attack’s 'kill-chain' inside datacenters."

The first component of the company's security platform is called Active Honeypot. It secretly counters attacks by dynamically re-routing network traffic to an "ambush" server or honeypot. That highly monitored stealth server can then quickly provide information about the attack and eliminate it immediately, the company said.

"GuardiCore is developing a completely new breed of network security," said CEO Pavel Gurvich. "Powered by SDN methodologies and recent advances in virtualization, our solution is scalable to multi-terabit traffic rates. GuardiCore's mission is simple: to provide security and IT executives with advanced tools to win the war against cyber-attacks."

To that end, Active Honeypot is now being evaluated in private cloud or datacenter environments by enterprise customers and datacenter services providers, the company said. No details on the general availability of the company's products were given.