What is our primary use case?
In our company, we have a data center that has approximately 200 servers running Nutanix. We wanted to protect these servers from both internal and external attacks. By implementing Guardicore Centra, it has given us defense against attacks from the outside, as well as those that originate from inside of the organization.
We protect Microsoft machines, as well as some that are running Linux. We also have an SAP HANA database that is protected by Guardicore.
How has it helped my organization?
We have no downtime when we use Guardicore Centra for segmentation. This is important to us because we're an industrial company and we operate 24/7. We cannot afford to have even one minute of downtime, which is one of the reasons that we chose this solution.
We bought this system several months before the trouble with COVID happened. During that time, a lot of people started to work from outside of the organization. With all of the staff starting to work from home, other companies started to think about how to protect their servers when the users are outside. Also, attacks against endpoints and the data center were on the rise, so it was important to better protect them. I felt safe knowing that I had this kind of defense for the data center.
One example of this happened a few months ago when we received a letter that said we needed to update the on-premises Exchange server. It was a problem from Microsoft and it required that our server be updated to be more secure. Guardicore called us to say that they have witnessed cases where people from other countries were trying to use this exploit to get into the data center, so we blocked it immediately.
All of our servers are now behind Guardicore. The clients are not. From my perspective, the endpoint clients are attackers and my intention is to protect the servers.
What is most valuable?
The most valuable feature is the visibility of processes and connections. In addition to the defense it provides, Guardicore gives us a view of each connection that exists on each server. Using this, we can identify things like unused connections, or processes that are using too much in terms of resources. Knowing this, we have the opportunity to block such connections and in turn, improve server performance.
Guardicore supports the operating systems that we require. Primarily, it covers our Microsoft platform, but we have some Linux systems as well. We also used it to protect our SAP HANA database.
I have not compared the range of operating systems that it supports to its competitors because of our use case. We are most interested in LAN segmentation, in particular between the data center and the users' network, so I compared it with other solutions in that context.
It is a benefit that Guardicore supports legacy operating systems, and I have used it with such servers. However, in the long term, it is more important that I have something protecting my data center and having the visibility of what endpoint is initiating connections.
We use the AI-powered segmentation functionality and it affects the time required to design by a lot. It gives us a large number of views and without that, you cannot design the system properly. The AI helps because it shows you what you need to do. Without the AI, either you will not be able to implement the system, or it will take a long time and be very difficult. For us, using this feature saved us a couple of months in implementation time.
What needs improvement?
In our version, when using the terminal server, we cannot exclude user tasks for each session. When we upgrade, I expect that we can exclude user tasks for each session from the terminal.
For how long have I used the solution?
We have been using Guardicore Centra for approximately 10 months.
What do I think about the stability of the solution?
We have had zero downtime, so the stability is good.
Having no downtime is important to us because of the damage that can occur if we're down for even two minutes. For example, if a company is selling drinks like beer, and a reseller asks for Heineken but they can't buy it because the data center is down, the reseller will purchase it from another company. This can result in a lot of damage so our data center has to work all of the time.
What do I think about the scalability of the solution?
We have implemented Guardicore on several servers without any problems. We have implemented it on our newer servers, as well, and didn't have any trouble. Scalability-wise, we haven't had any kind of difficulty.
Depending on the growth of our company, our usage will expand in the future.
We have 1,200 employees but the solution does not affect the users directly. Rather, it affects the company. The important part is to keep the data center working and to make sure that it does not go down for even a minute. With this in mind, when I talk about scalability, I'm not talking about the number of users.
How are customer service and technical support?
We have been in contact with technical support and they are excellent. They are responsive and knowledgeable.
Which solution did I use previously and why did I switch?
This product did not replace a similar system. Also, I did not require human resources for this same task. Our company is approximately 70 years old and our network started very small. As the company grew, we maintained the same flat network that included both the data center and the users. When I looked at it, I considered two solutions for separating them. The first was the traditional firewall and a physical LAN, whereas the second approach was using Guardicore. I felt that this was the easier approach.
How was the initial setup?
In terms of the initial setup, it is of medium complexity. It's not complex but not simple. You need to understand your network. You cannot do it without understanding what you want and what your strategy is. When you understand the policy and the strategy that you want to implement on the network, it's very easy.
Our implementation strategy was to start with machine learning. Our plan was to run this for one or two days, get it working, and then understand what kind of information they're getting from me and then to continue on from that. The initial deployment will take a maximum of two days.
Implementing segmentation is not difficult but it is more from our side. First, you need to understand the strategy that you want to implement on the network. Then, you need to complete it step-by-step, so that you do not harm anything or block things improperly. You have to give the software time to learn about the connections that you have. Overall, it is very easy to do.
In terms of how long it took us to implement, we have approximately 200 servers and it took a couple of months to implement. This is what I expected because I wanted to take it slowly and make sure that I understand which systems I needed to block, or not.
What about the implementation team?
We worked with a third-party, DNA IT, who assisted with our deployment. I am still working with them, as they take care of updating the system. They are very good and have helped us a lot.
Most of the implementation was done on our side, as we wanted to take our time and learn the solution. We did not want to take down any servers or block things improperly, for example.
A system engineer from our company and one person from DNA IT were involved. Our system engineer is also responsible for maintenance and can contact DNA IT if needed.
What's my experience with pricing, setup cost, and licensing?
This is not a cheap solution but you have to consider the bigger picture, which is what it is giving you. It provides functionality that is similar in some ways to traditional firewalls and with that considered, it is similar in terms of pricing.
In terms of cost-effectiveness, I can say that it's like insurance. You never know the value if it's working properly. To us, if it prevents downtime, it's priceless. Personally, if it's working, I call it 100% success.
Which other solutions did I evaluate?
I did not evaluate other similar options.
What other advice do I have?
We have been a little behind in updating our version. We have been using version 31 but today or tomorrow, we will upgrade to version 35 or 36.
This product represents the next generation of protection. A lot of people have asked us, "What is the next generation of solution for protecting your internal network?" and the answer is this kind of segmentation. It may seem easier to stick to using traditional firewalls and LAN protection, but this next-generation tool is easier to implement and gives you a more effective network defense.
Every time we see an area of improvement, they give us a new update or platform to fix it. Things are regularly fixed and updated between versions.
The biggest lesson that I have learned by working with this system is the knowledge of what happens in my network, in terms of connections between users and the server. I have seen lots of connections from devices, other than PCs, to the server.
This is a system that works for me. I'm not working for the system.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?