Akamai Guardicore Segmentation

We want segmentation for a data center, and we have the problem that we cannot change IP addresses within the data center. So we need a solution. With the Guardicore solution, we can keep the IP addresses. 

Additionally, we get agent-based segmentation, and we don’t have to change anything on the network. These are the main reasons why we chose Guardicore for micro-segmentation.

The enforcement points under the agent, the firewalling has been most beneficial for your customers’ cybersecurity needs specifically. We do not need any further security features like IDS, IPS, or whatever. For us, it’s only the firewall feature, and that’s part of the enforcement point of the Guardicore agent. So that was completely enough for us.

I like the visibility of the communication, so that we really see which communications the assets have to the other assets. We don’t need a further sensor or firewall to see the traffic to these devices. That’s the main reason. 

And Guardicore makes its own rule set automatically, so we can work fast when creating a rule set. We don’t have a long phase of monitoring or whatever, so we can go straight to rules where we drop unwanted data traffic.

We don’t do micro-segmentation for each asset. We work with the ring-fencing function, and we have really good visibility on the dashboard with the rings. We can see which asset is in which segment, zone, or ring. That’s the main thing, that we can see this really easily. 

We can also give this view not only to the administrator of the Guardicore components but also to the application owner, so they can see where their application is placed in the ring-fencing and what communication is there. This makes incident management easier because we get incidents in a more authenticated way from the application owner. That’s also a big benefit from the visibility of the Guardicore solution.

In the firewall, only the administrator has a deep look into the architecture, the logs, and the segmentation. In the Guardicore solution, we can give more visibility to the application owner on their own application. This makes it easier to manage incidents and the overall management of the application and network. The application owner has a view of the actions happening on the network with their assets or applications.

When we have more than one interface, we can only have one policy for both interfaces. Normally, you have assets with a production interface and a server interface that are only for management. 

But in the Guardicore architecture, you cannot give the production interface its own rule set and the management interface another rule set. You have to combine these rule sets into one. It’s a lack because security standards suggest a different way to secure management interfaces.

So, I would like to have two separate rule sets for the basis of the device.

We started planning last year, and we are now in the implementation phase. So, since April this year, we have been working directly with Guardicore and the Guardicore management systems.

We [my company] work with the latest version. 

I would rate the stability a six out of ten, where one is low and ten is high stability.

The difficulty is when you start with such a project, it’s not only with Guardicore, it’s with all other micro-segmentation windows. You have to change your mindset from a network-centric to a label-centric approach, which is not based on the network. That’s the difficulty for the people, the customer, and the administrator. 

There should be more support to change the mindset of the customer. They are all used to the old way to do segmentation. With other micro-segmentation tools, it’s a new technology, and it’s not about thinking in IP segments and IP networks anymore. You have to think in labels and ring fencing. That’s what makes it difficult to start with such a technology. It’s not the vendor, it’s the technology.

I would rate the scalability an eight out of ten. It is good for our use case. So, scalability is at a satisfactory level.

I make projects with my customers. I do not have any view about my other colleagues and what they have in their projects with Vendor. Myself, it was the third customer where we have placed the Guardicore product.

My customers are  enterprise businesses.

The response time should be better. Sometimes it’s good, but sometimes it could be better. You have a problem, you need an answer, and then you have to wait. Sometimes they do not talk with an administrator who knows anything about Guardicore. When my colleagues call support, I think my colleagues are experts. And then the support starts with really easy questions. That’s not funny.

So, I want them to be more skilled, like, more educated on the matter.

Neutral

I would rate my experience with the initial setup a seven out of ten, where one is difficult and ten is easy to set up.

The technical setup was easy. It becomes more challenging when you start labeling the assets and doing the ring-fencing. You have to go deep into the architecture of the network, the application, and whatever. That’s more difficult, but in the end, it’s easier than doing classic segmentation with a firewall.

The data architecture took one week, but the segmentation logic took months. We are not finished. We started in April, and we are not finished. So, like almost half a year. 

We start to define the ring for the ring fences, and then we start with a part of the network with the test environment. We test and then go. The last will be the production. We label the assets, then start a monitoring period to see the data traffic between the assets. Then we go into an alerting phase and finally to a block period.

I would rate the pricing a six out of ten, where one is cheap and ten is expensive.  I know other micro-segmentation tools like Cisco or Illumio, and so I think they are in the middle.

Overall, I would rate the product a seven out of ten. We use Akamai because they have their own enforcement point. This was important for us. 

Other micro-segmentation tools use the desktop firewall of Windows or the Linux iptables firewall, but Guardicore has its own enforcement point and its own agent. This was a key factor. When you start with the implementation, you have to have a clear picture about your labeling. I think it’s really important. You have to know what you want to separate from each other. You could go into very deep detail, but the more detail you have, the more complex it becomes. You have to find a balance between detail and complexity. You need the middle way.

In India, one use case is in the banking industry. In general, one customer used it for microsegmentation deployed across four locations. 

Another used it for telemetry and microsegmentation. These were deployments for customers in India and the Philippines.

The workloads have been seamlessly integrated for segmentation. The network has been transited smoothly. So, the integration was straightforward and without major issues.

Our customers use the solution for micro-segmentation within the data center or cloud environments.

One customer uses it for their on-premises infrastructure, deployed at the code level across their massive network. 

Another customer uses it in a data center to monitor microsegmentation for their 500-node workload.

Moreover, Akamai Guardicore Segmentation has helped our customers manage and secure traffic between different applications or workloads.

Earlier, they were using VMware NSX-v, which offered good logging for distributed services on an analytical level. 

However, Akamai Guardicore Segmentation provides them with better overall visibility and granular control over-segmentation, even for inter-application and inter-routing traffic.

Initially, I liked the telemetry part. But later, we used the micro-segmentation features that we were able to deploy and found that they really stood out from other vendors.

It allows us to see microsegmentation as a distributed service.

The ease of policy creation and management in Akamai Guardicore Segmentation has impacted security operations. No other product offers more customization. It has some complexity at the initial configuration level, but later on, it becomes easy. If I were to rate it on a scale of ten, I'd give it at least a nine. It is highly mature. 

Incident tagging could be improved. Other vendors offer semi-automatic tagging, which Guardicore doesn't yet have.

The rest of the features are already industry standard.

I have been using it for two and a half years. The latest version I worked with was v6.7.92.

I recently enrolled for it for one of my customers, so that requirement was fulfilled, and we purchased the product.

There are sometimes issues when new versions are updated. I would rate the stability a seven out of ten. 

Whenever there's an update, there always seem to be things needing adjustment.

I would like to see the stability level improved. 

In terms of scalability, the more features offered, the more devices it can handle. So, I'd rate it around eight out of ten.

We only have two customers who are using it because it's not widely marketed in the Indian region. One is a BFSI enterprise, a customer in the banking industry.

I didn't use technical support as that's maintained by the customer anyway.

I would rate my experience with the initial setup an eight out of ten, with ten being easy. 

It was pretty straightforward. It didn't take too long to deploy. And it was roughly done within an hour. So implementation isn't overly complex.

We're a system integrator and partner with Akamai. 

The initial deployment was completely handled by the team. I was involved, but the SOP wasn't managed by me.

The pricing is too high. Based on market standards, I'd recommend lowering the price.

I would rate the pricing a five out of ten, with ten being affordable. 

The DQE feature increases the license cost based on usage. Also, prices vary depending on the customer and region, and taxes can add up. This makes it a bit unclear from a hypervisor perspective.

Micro-segmentation should be a specific requirement because, nowadays, many built-in solutions offer similar functionality. Akamai provides Guardicore as an external SaaS service for those needing it in a SaaS environment. 

However, for on-premises installations, integration with network vendors like Cisco is crucial. This could be done by customers themselves or through partnerships with other network vendors.

Overall, I would rate the solution a seven out of ten. 

We use the solution for micro segmentation.

The most valuable features of the solution are the maps and ring fencing that help monitor events.

It's not easy to learn to use this program. It would be very helpful for beginners if the solution had more windows to help with the terms inside instead of going to the documentation.

I have been using Akamai Guardicore Segmentation for six months.

I rate Akamai Guardicore Segmentation a nine out of ten for stability.

Around four people are working with the solution daily in our organization.

I rate Akamai Guardicore Segmentation a nine out of ten for scalability.

The solution's initial setup is not hard. However, you have to learn it because it's not plug-and-play.

I, an integrator, and the Akamai staff implemented the solution.

Overall, I rate Akamai Guardicore Segmentation a nine out of ten.

We use the product in the production environment of server infrastructure. 

The tool's most valuable feature is its visibility. 

Kubernetes is not installed in the way we need it. 

I have been using the product since October. 

We faced some minor issues, but overall, the product is stable. I rate it an eight to nine out of ten. 

I rate the tool's scalability an eight out of ten. My company has four to six users. 

Akamai Guardicore Segmentation's deployment is smooth. The deployment team promised us that the implementation would be completed in three weeks, but the product was available within two weeks. 

Akamai Guardicore Segmentation is expensive. 

I rate Akamai Guardicore Segmentation an eight out of ten. Adopting the product often involves a greenfield approach, requiring adjustments and careful planning.

It's micro-segmentation.

The label-based segmentation is the most valuable feature.

There are always areas for improvement. It doesn't support a PAAC solution (Platforma as a service) in the cloud. So that could be improved.

In future releases, I would like to see more integration with other products. 

I have been offering this solution for more than three years. 

It's very stable.

It's very scalable. It's primarily the larger customers with thousands of servers.

The customer service and support are very good. 

Positive

Akamai is much better than other solutions, such as ColorTokens and Illumio. It is more user-friendly and has more features. In fact,  Illumio is actually implementing a lot of the features that Guardicore has had for years.

The initial setup is very easy. It's a safe solution, so you can actually install it in five minutes. So it's very easy to install.

So installation is fast. But then you have to roll it out to all these servers that the customer has, and that would take a couple of days or a week or a month perhaps and require, let's say, four people to do it.

We don't maintain it because it's safe. So it's very easy.

The price is the same as other products in the market. There's no price argument to choose one or the other product, it will cost the customer approximately the same.

You pay for a year, two years, or three years, how many years you want, but you don't actually buy the product; you lease it for a year. And then you can buy it for another year and so on. 

The support is included in the license. 

I would say that you should use it for micro-segmentation instead of trying to use firewalls. Because some customers try to use other solutions like firewalls, and it's not the best solution. 

Overall, I would rate the solution a nine out of ten. It is an amazing solution.