Akamai has acquired Guardicore to extend its Zero Trust solutions and help stop ransomware. Read more

Blog

Your Best Defense Against Ransomware: Akamai + Guardicore

Written by

Ari Weil

October 21, 2021

Ari Weil is the VP of Product Marketing at Akamai Technologies .

For decades, Akamai has been focused on solving tough problems for our customers. We started by addressing the challenges of the “World Wide Wait,” and quickly started to leverage our edge network’s scale, proximity to users, and expert operations staff to mitigate security threats for our customers. Today, Akamai has category-leading solutions including DDoS, web app and API protection, bot management, and Zero Trust Network Access. Given the incredible surge in ransomware attacks, we are excited to be adding Zero Trust segmentation to our portfolio through the acquisition of Guardicore.

Guardicore offers a leading segmentation solution that is incredibly advanced, and the company has been poised for rapid growth. The company was recognized in the Forrester Wave Zero Trust eXtended Ecosystem Platform Providers, Q3 2020 report as “charging into the Zero Trust space, with an approach to enabling Zero Trust that is emblematic of the largest players in that the vendor offers easy visibility and insight into the core infrastructure configurations and the ability to apply dynamic policy control.” 

There are several elements that set Guardicore’s solution apart from others in the market. These include consistent coverage, flexibility in their deployment model, and simplicity of implementing segmentation policy and controls. Guardicore understands that effective Zero Trust security requires comprehensive coverage of the extended data center environment. This requires supporting as many deployment environments as possible, and the ability to manage consistent policy across as many servers, operating systems, cloud instances, and applications as possible. It also requires the flexibility to apply policy based on a business’s operating environment and workflows. Finally, an effective solution needs to be simple to implement and manage because teams are already grappling with server and data sprawl, a rapidly evolving threat landscape, and an increasing proliferation of tools.

A Lemongrass survey found that IT leaders were motivated to migrate systems to secure data, maintain data access, save money, optimize storage resources, and accelerate digital transformation. Security and compliance were listed by 59% of IT leaders as the top challenges facing enterprises when moving legacy systems to the cloud. No matter how aggressively a business attempts to modernize their infrastructure and adopt cloud technology, IT teams will be forced to manage a significant volume and variety of operating systems for years to come. Protecting legacy infrastructure and IT is one of the biggest challenges CISOs face. As enterprises digitally transform and adopt cloud, IoT, and DevOps, the legacy servers that are the backbone of a company are overlooked and represent a significant risk. These are the platforms that are no longer supported and cannot be patched, but also can’t be removed because they’re still driving revenues.

Some segmentation solutions claim to be superior because they leverage built-in operating system firewalls. However, there are several challenges with that approach: Not every operating system includes a built-in firewall, native firewalls offer different capabilities (which makes it difficult to impossible to apply policy consistently), and it is exceedingly difficult to create a distributed policy that takes application dependencies into account. Even if those challenges are addressed, setting consistent policy across an extended data center environment, in a way that allows IT staff to manage it, is prohibitively difficult.

Zero Trust segmentation projects are notoriously complex to implement. Implementing effective segmentation begins with mapping assets and ends with enforcing policy. Legacy hardware-based approaches include:

  • Creating IP-based firewall rules, or access control lists (ACLs), that require defining whether to accept or discard traffic over a network connection. This typically requires tens of thousands of rules just to set up basic communications between systems.

  • Establishing VLANs, which define a logical grouping of devices based on business logic — departments, applications, or similar. Hardware lacks context into workloads. This makes it complicated and difficult to go from basic access control to implementing actual workflow security policy.

Legacy hardware is not adaptable to modern deployment architectures. The playbooks most teams have established to work with hardware-based approaches degrade security by forcing teams to perform unnatural acts to adapt them to the cloud.

The challenge with these approaches is drift. They are both incredibly complex to manage, but moreover, they are siloed. There is no visibility across all of these policies, and therefore it is incredibly difficult to manage them consistently. So security teams are left to manually trace application behavior, and then attempt to coordinate controls. Multiply this by the number of servers, operating systems, cloud instances, and applications they manage, and the problem becomes operationally unscalable. ​​

Guardicore tackles both of these challenges through two separate but aligned processes. The first is the use of data analytics to suggest labels and policies, called AI labeling. This leverages advanced machine learning techniques that simplify the asset mapping phase. In effect, it acts as an assistant to the administrator, guiding them through a difficult process by making intelligent suggestions. Policy suggestions can improve enforcement by automatically suggesting the most impactful policies based on discovered workflows and dangerous or unnecessary traffic patterns. 

Guardicore technology also provides more consistent coverage by enabling cloud controls over more operating systems using their agent-based technology (out of date, don’t have firewalls, legacy systems). Some segmentation vendors end their support for operating systems when the operating system vendor ends theirs. This leaves gaping holes in their ability to cover a business’s extended data center infrastructure and exposes them to significant risk. Remember the WannaCry ransomware outbreak? Legacy systems were one of the main reasons that businesses were crippled by that ransomware. 

The agent-based approach also makes Guardicore massively scalable, as compared to network-based systems. Agent-based solutions scale with workloads without the need to layer in additional components or third-party services, such as load balancers. Guardicore is also flexible enough to operate in environments where an agent cannot be installed, therefore providing comprehensive coverage across the enterprise. These include operational technology (OT) environments, IoT devices, legacy mainframes, and medical devices.   

From its inception, Guardicore focused on making its solution as easy to use as possible. The ultimate goal is to make it faster and easier to reduce risk for a business. In addition, Guardicore built a single, highly intuitive user interface that provides both real-time and historical views into workloads and flows. 

Security is part of Guardicore’s DNA. The Guardicore Labs research team understands the criticality of threat detection and threat intelligence as integral components of a security solution. Other solutions treat security at more of a surface level, relying simply on more generic vulnerability scans. Guardicore also created Infection Monkey, an open-source breach and attack simulation (BAS) platform, to help businesses validate existing controls and identify how attackers might exploit network security gaps. That enables continuous testing and insights to make informed security decisions based on real data, not speculations.

Guardicore is joining Akamai’s category-leading security portfolio. We enable our customers to pursue a defense-in-depth approach to mitigating risk across DDoS, app and API protection, bot management and account takeover protection, and move to a Zero Trust architecture. That portfolio has evolved through a mix of organic development and strategic acquisitions, including Prolexic — which is part of our $191 million infrastructure protection business — and Cyberfend — which helped to accelerate our bot management product development with an annualized revenue run rate of nearly $200 million, almost 800 customers, and 40% growth in Q2 2021. Akamai’s security solutions are trusted by more than half of all Fortune 500 companies, and leading enterprises across the globe. We introduced our first application protection technology in 2005, and last year achieved a $1 billion run rate in a security business that is growing at 25% annually.  

In their latest DDoS Wave, Forrester research said “large enterprise clients that want an experienced, trusted vendor to make their DDoS problem go away should look to Akamai.” We are confident that with the focus and dedication of our teams, a similar statement will be made in the context of our Zero Trust segmentation solution — businesses that want to stop the spread of ransomware should look to Guardicore, now part of Akamai.



Written by

Ari Weil

October 21, 2021

Ari Weil is the VP of Product Marketing at Akamai Technologies .