Please share with the community what you think needs improvement with Guardicore Centra.
What are its weaknesses? What would you like to see changed in a future version?
In our version, when using the terminal server, we cannot exclude user tasks for each session. When we upgrade, I expect that we can exclude user tasks for each session from the terminal.
The maps could go a bit faster. They are useful but slightly slow.
Sometimes, the speed needs improvement, especially when it comes to the generation of maps, where it can be a bit slow. For the reporting, I would like if they could make it easier to check what the agents are doing.
The integration with other tools could be improved. It would be a very good value to customers if Guardicore Centra could talk with other tools, like Palo Alto or Cisco Firewalls, or agents running on the machine, like anti-malware or the intrusion prevention systems.
They're really good at getting into the environment. But the long-term management of the security policies could be improved with some kind of automation platform, something like Chef or Puppet or Ansible, to help you manage the policies after day-one. Setting it up initially is really simple and getting going is really easy, but to then manage the policies and changes to those policies, going forward, through some type of automation process is not turning out to be really easy. It would help if they could either provide some guidance there or adjust the way that the API handles that a little bit, to make that simpler. Their API is clear. It's just proving difficult, from a code perspective, to manage the rule sets. You can build out a rule set really easily. You can deploy agents really easily. You can apply the rules, initially. The issue is then going back and adding a new rule to an old rule set or pulling one out and doing maintenance on it with code. It seems to take a lot of extra logical checks such as making sure we're not duplicating a rule or the like. That's really the only place where, although we're not stuck, we're having to put in more time than we anticipated. Everything else has been super-easy, but the maintenance and management of the rule sets with our automation tools has not proved to be as simple as we would've liked. It seems like it would have been really easy to put it in if we didn't have a lot of changes. But it seems that the long-term maintenance of it is a little bit difficult and could use some improvement.
Predominantly I have been working with firewalls and the UTM (Unified Threat Management) solutions for some time. Guardicore has to do something to add on features that help to do a better job of inspection. They should have policies based on users. Often we can only add user groups. I think they should offer the ability to assign policies to individual users. The ability to assign policies to both users and groups would make the area of creating policies more flexible. They should also have time-based rules in the policies which they currently do not have. They should also get into payload-level inspection. As of now, what they do for threat inspection is to look at the metadata of a packet. This is not in depth enough for proper inspection. They need to start inspecting the payload-level information of a packet or offer this as an option. So they should have payload-level inspections to do some deep investigation. Then they should have more user-level control of policies. I think if these two things are introduced, then I could probably change my rating of Guardicore to a nine-out-of-ten.
Needs more customization of honeypots and a vaster catalog of systems able to be mimicked. The netflow analytics (ML) focused in threat detection needs to be enhanced to provide more practical forms to detect network anomalies proactively. In huge and complex environments, it is also very challenging to keep the compliance of the agents.
The dashboard needs improvement. It should be more flexible so that I can easily see what I want or need to see.
The cost of licensing is the biggest issue for clients with GuardiCore. Several years ago it was much more costly to license. GuardiCore has changed the licensing to make it more available. Subsequently, they have improved that a lot. Clients continue to ask for improvements in cost. They would like to see that the security policies of GuardiCore can continue to be comparable to all the major firewall players out there. For example, you have Cisco CheckPoint, etc. For some of the products, the licensing is automatic, and for some, it's not. Our clients would like to see that the security policies can be immediately copied over and used by the various appliances that are in the market. GuardiCore needs to support the major appliances, like the top five guys: Fortinet, Palo Alto, etc. GuardiCore is working towards this. Our customers want universal integration.
What is the best solution for micro-segmentation?
Today we have a 100% Cisco + AlgoSec equipment base. I'd like to hear about Guardicore - what can you tell me about it?