GuardiCore Centra Review

The efficiency of the security team was improved by over 100% in terms of analytics, monitoring, and responding to incidents


What is our primary use case?

We use GuardiCore for East-West data traffic in the data center, micro-segmentation, and security policies. We also use GuardiCore for ransomware protection and analyzing the East-West traffic in a data center.

How has it helped my organization?

For an example of the capability of GuardiCore, I know one client who immediately after installing it in their data center, within the first 30 days, discovered a major problem. Two internal employees were stealing their proprietary code. They were copying it to a USB drive. That discovery alone justified to the client the cost of implementing the solution.

The change control in GuardiCore has improved our efficiency by over 75% in terms of implementing security policies. The efficiency of the security team was improved by over 100% in terms of analytics, monitoring, and responding to incidents. 

Most of our clients are small teams. Most of our security teams are three people or less, so these uptake numbers are for them.

What is most valuable?

The first use case that was most valuable was the security policies and the micro-segmentation because it allows the clients to comply with their auditing requirements, keeping traffic separate internally. 

Additionally, it allows the security policies to be implemented in a minimum amount of time, under 10 minutes, compared to how they did it before, which took days. Those are the two primary justifications and goals of the clients.

What needs improvement?

The cost of licensing is the biggest issue for clients with GuardiCore. Several years ago it was much more costly to license. GuardiCore has changed the licensing to make it more available. Subsequently, they have improved that a lot. 

Clients continue to ask for improvements in cost. They would like to see that the security policies of GuardiCore can continue to be comparable to all the major firewall players out there. For example, you have Cisco CheckPoint, etc. For some of the products, the licensing is automatic, and for some, it's not.

Our clients would like to see that the security policies can be immediately copied over and used by the various appliances that are in the market. GuardiCore needs to support the major appliances, like the top five guys: Fortinet, Palo Alto, etc. GuardiCore is working towards this. Our customers want universal integration.

What do I think about the stability of the solution?

On a scale of one to 10, I would give GuardiCore an eight for stability. It's a great product. Several years ago when I looked at it, it was one of a kind in what they do, when you look at the entire set of functionality, especially the quarantine. 

In terms of the stability, GuardiCore is great. We did not have any issues of anything being missed. I am looking forward to continued integration with various API and networking manufacturers, especially with Nutanix and Mellanox. The latter was just bought out by Nvidia, so I think the best is yet to come.

What do I think about the scalability of the solution?

GuardiCore scales very easily. Normally it's managed by the security team. In terms of the roles, we have the security team: system administrators and security. I've had GuardiCore tested in local government and cities. We have one client that had a very large deployment with multiple data centers and financials too. 

The ones that we are now testing with are mostly in the financial sector. I've added a medium-sized deployment. We have one large, several mediums. With the new licensing, it's now easy for a small deployment because it scales both ways.

For deployment and maintenance, we require a minimum of one staff member. The current roles of those are security administrators. Those are the ideal jobs because of the integration with the security class at the data center. 

Where we have GuardiCore deployed, we use both system administrators and security administrators. In some of our deployments, they share the role. One to two is all that's required because of the reporting and the analytics. It's pretty simple.

Unfortunately, we have customers that still have multiple tools. We try to get the customers to consolidate. In terms of use, we are launching some of the latest innovations and partnerships from GuardiCore to our clients. 

We have clients that are still using GuardiCore and other tools because they have invested heavily in those areas. We would like to see them consolidate because GuardiCore does a lot of what these other tools offer. That's our challenge. Our challenge to customers is to improve their efficiency and lower costs.

Within the last 30 days, GuardiCore has released some increased functionality and partnerships with some leading manufacturers that we are now pushing to engage more clients. It is still slow, primarily because of the existing investments. 

What we notice is that for many clients, security is their smallest focus. That's the problem. The security group has the smallest budget in IT and that's our challenge.

How are customer service and technical support?

Technical support with GuardiCore is great. For all our clients, we haven't had any complaints as yet. I also know that GuardiCore is a great engineering team. On a scale of one to 10, I would put technical support at an eight, customer support at a seven.

That is primarily because I've seen increased rules. It's kind of caught us a little off guard. With GuardiCore, I have had to deal with their technical support and engineering team in Israel. They are amazing. They are very quick to adapt. 

We have had clients that required some customization and GuardiCore has shown that their team in Israel is quick to respond to customization requests.

Which solution did I use previously and why did I switch?

We were not able to find a different solution that does what GuardiCore can in one box. There were multiple solutions combined that had to be adopted. We had multiple solutions that were meant to address what GuardiCore does. That's how I was able to justify the cost.

Before choosing this product, we worked with auditors and compliance. They could not find a comparable product. We looked at other solutions, but we could not find a better alternative.

How was the initial setup?

The initial setup was straightforward in terms of time to deploy. With knowledge transfer, four hours was a good timeframe, it was complete in less than a day. For reporting and analytics, there's a lot of features and functionality, but within a day the clients were able to get acclimated quickly. They're satisfied with that.

The learning curve on deploying security policies was very low. Those are easy to deploy. Within an hour they were deploying security policies. The ability of GuardiCore to learn the East-West traffic is excellent, within an hour, it was reporting.

I tested the first deployment of GuardiCore four years ago. I left it automated for a full week and it learned everything. Today it's 500% faster, within hours it sees everything.

The ideal implementation strategy that we found that works would be for the client to be initially engaged in a proof of concept demonstration. This allows GuardiCore to set up the system on the client side before purchase. 

That allows the client and the team to see the benefits of it, learn how to use the product, get the reporting, get the analytics, etc. Those clients that did that, once they decided to buy it, it was literally like flipping a switch. Those were the easiest ones. 

The best use case is to engage GuardiCore for a POC before to justify and quantify the purchase, then activate and deploy. It takes less than a day. 

What about the implementation team?

One client did a Webex and had GuardiCore engineers on a Webex do the deployment. That was a two-hour Webex for a POC, followed by another one-hour phone call. We used a remote view for the deployment and completed the reporting several days later.

Typically that's the way we do it, where we engage GuardiCore on the phone. Some clients have no problem doing it themselves, but in all my cases we have engaged GuardiCore online to go live. I only had one instance where they came on-site, but that was a complex client.

What was our ROI?

We do have ROI. First, one client found theft of data that alone justified to the client the cost. They invested heavily, well over a $100,000 in GuardiCore. That was a big purchase with an extensive setup. That discovery led to court cases. GuardiCore provided evidence that they required. It was invaluable.

The second, in terms of the ROI, was for clients using GuardiCore for the first time. We showed clients what occurs during patch updates, Windows updates, anti-virus updates, etc. GuardiCore shows the traffic. You see your anti-virus going through the updates. Some clients they thought they were being attacked until we showed them that these are the patch monitoring servers. 

For many years, clients set up updates. They do change control. They set GuardiCore up, they check the lock, and they assume its all done. GuardiCore shows them that it was done. The clients have proof that their applications will be filtered appropriately.

In terms of the return on investment, it was an invaluable tool to demonstrate that the client's internal practices will be implemented automatically. That blew away a lot of clients the first time they saw it. 

What's my experience with pricing, setup cost, and licensing?

GuardiCore has made some new changes to the license now. We've seen monthly and annual licenses based on a subscription. We have a few clients that pay anywhere from $25,000 a year. 

The new license is based on what requirements you take. It's very hard to put a cost on it without attaching a cause to the features that you activate. It's unfair to talk about costs without looking at the scenarios.

Other than the cost of the licensing, GuardiCore does not integrate well, especially if you have some of the real manufactures. You have no additional licensing costs.

What other advice do I have?

The first major piece of advice is to initiate a robot to review the solution. Second, go on YouTube. There are quite a few demos on YouTube. The most important point is to schedule a proof of concept on the site, which is done online. It is very easy and the proof of concept is normally followed with a quote.

Just those two items, a proof of concept with a quote, allows a client to justify the cause either way. You should not deploy GuardiCore or any solution without the proof of concept, not anymore, not today. It's very easy now to get a proof of concept and look at those things.

I would rate GuardiCore an eight out of ten based on the product visibility in an area that IT is completely blind about. The product needs improvement in change control and compliance. GuardiCore also needs to improve the ability to respond to annual audits, especially now that many institutions are required to do at least an annual audit.

Based on the ability to monitor and manage these newer standards, I would give GuardiCore a ten. It's been dramatically improved.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Add a Comment
Guest
Sign Up with Email