Akamai Guardicore Segmentation Reviews

We are using Guardicore Centra mostly for security. I work in the cyber security department at MONEX, and we use this solution mostly for visibility. The product offers good visibility of what is going on in the network and the connections that the servers are making, regardless of the platform that they are on. They could be on-premise, on the cloud, or virtual.

I'm recently working on micro-segmentation of our principal payment applications, like SWIFT.

We use Guardicore Centra mostly in security, because I'm in charge of security. It helps provide us with some alerts about some suspicious behaviors on some of the systems that we have been able to correct right away. That is the main benefit that we have with Guardicore Centra, other than doing micro-segmentation. 

We use it most for visibility. It has even provided good information about some of the connections that I am making in and out of the system. So, we are able to correct some behaviors and kill some applications that are suspicious to the infrastructure.

Once you are familiar with the tool, you can make segmentation rules, then apply them to all the agents. We have been securing some of the machines that we are using in Azure. In that way, we are able to put segmentation rules in those machines. We are saving with the Azure Firewall because we are using the Guardicore Centra agents, which gives us some advantages.

The most valuable feature is the visibility that it provides. It does not have a dependency on a specific platform: It could be on the cloud, on-prem, or virtual. It works with most of the operating systems. 

It's very easy to install. It does not have any problems with other applications. So, it is very transparent. 

The interface is very easy to use and provides good visibility. It does not take you a long time to build rules or have control of your agents.

The integration with other tools could be improved. It would be a very good value to customers if Guardicore Centra could talk with other tools, like Palo Alto or Cisco Firewalls, or agents running on the machine, like anti-malware or the intrusion prevention systems. 

I have been using it for two years now.

The stability is very good. I do not face any problem with Guardicore Centra in terms of stability nor does it have trouble with other systems. It is very transparent.

It does not require any kind of windows where you have to put down the system or network. You can install it, making it run where applications are running. This is very important that we do not have any downtime in the installation of the agent. We can do it in real-time. 

Because we are using SaaS, it is very easy to upgrade or install more agents. Once you have the infrastructure, e.g., we have one server that communicates locally with the agents, then you use it to communicate to the cloud. Once you have that infrastructure, you can grow very rapidly.

We have over 500 agents. We are covering four payment applications, where we have been doing micro-segmentation. That has taken us about six months.

It has results the next day after you install the agents, because now the agents report to the cloud. You have visibility right away of what is going on in your system that next day after you installed the agent. For example, if you installed 100 agents today, then tomorrow they will start reporting to the cloud. Also, you would have visibility regarding what is going on in those machines: Where are they communicating? What processes are being communicated? What are the available reports?

I have two people who are responsible for making the segmentation rules. With those two people, we have been able to secure 500 systems in six months time.

It has very robust technical support. We have three or four people with whom we talk on a biweekly or monthly basis. They are very good. They take care of us. If we have any problems with the tools or rules, they are supportive.

We did not use another solution previously.

It is very easy to set up the agents. You have a script, and you run that script and install it on the system. Once you open the port that it needs for reporting to the cloud, then you have visibility right away.

Guardicore Centra's approach to implementing segmentation is a six or seven out of 10. It is not super easy. You need to take at least one course in preparation. Then, once you are familiar with the platform or where to find the tools, it is very easy. You can replicate those tools over other agents, which is very easy.

It has saved us a lot of time. We can secure around 500 systems. We are not growing in personnel. So, with our current personnel, I have been able to secure all the systems.

Guardicore Centra has reduced the number of human resources needed to deploy security solutions. We have two people working on segmentation rules as well as some agents taking care of the infrastructure. Before Guardicore Centra, we would have needed at least one more person.

It is not cheap. However, it provides you a good value for what you are buying. In relation to how much it costs, the tool is worth it for the value it gives you.

As soon as I saw what Guardicore Centra could do, I did not look at other tools. 

Guardicore Centra is very easy to install. We have very good technical support. The product itself is very good and robust. In security, there are not many products that can do what it can do in terms of visibility, seeing what is going on in the server, and using the type of mapping that it gives you with the application. With the segmentation part, that is saving us a lot of money with traditional firewalls.

It is a very good product. I would rate it a nine (out of 10). I think it lacks publicity. In my community, if you talk to another colleague and tell them about Guardicore Centra, they probably do not know what it is. 

Guardicore Centra is improving on its functionality. The company is putting a lot of effort into growing the tool. I would recommend trying it and giving it a shot, then you can see what the tool can do.

We have just begun to use the solution’s AI-powered segmentation feature.

In India, one use case is in the banking industry. In general, one customer used it for microsegmentation deployed across four locations. 

Another used it for telemetry and microsegmentation. These were deployments for customers in India and the Philippines.

The workloads have been seamlessly integrated for segmentation. The network has been transited smoothly. So, the integration was straightforward and without major issues.

Our customers use the solution for micro-segmentation within the data center or cloud environments.

One customer uses it for their on-premises infrastructure, deployed at the code level across their massive network. 

Another customer uses it in a data center to monitor microsegmentation for their 500-node workload.

Moreover, Akamai Guardicore Segmentation has helped our customers manage and secure traffic between different applications or workloads.

Earlier, they were using VMware NSX-v, which offered good logging for distributed services on an analytical level. 

However, Akamai Guardicore Segmentation provides them with better overall visibility and granular control over-segmentation, even for inter-application and inter-routing traffic.

Initially, I liked the telemetry part. But later, we used the micro-segmentation features that we were able to deploy and found that they really stood out from other vendors.

It allows us to see microsegmentation as a distributed service.

The ease of policy creation and management in Akamai Guardicore Segmentation has impacted security operations. No other product offers more customization. It has some complexity at the initial configuration level, but later on, it becomes easy. If I were to rate it on a scale of ten, I'd give it at least a nine. It is highly mature. 

Incident tagging could be improved. Other vendors offer semi-automatic tagging, which Guardicore doesn't yet have.

The rest of the features are already industry standard.

I have been using it for two and a half years. The latest version I worked with was v6.7.92.

I recently enrolled for it for one of my customers, so that requirement was fulfilled, and we purchased the product.

There are sometimes issues when new versions are updated. I would rate the stability a seven out of ten. 

Whenever there's an update, there always seem to be things needing adjustment.

I would like to see the stability level improved. 

In terms of scalability, the more features offered, the more devices it can handle. So, I'd rate it around eight out of ten.

We only have two customers who are using it because it's not widely marketed in the Indian region. One is a BFSI enterprise, a customer in the banking industry.

I didn't use technical support as that's maintained by the customer anyway.

I would rate my experience with the initial setup an eight out of ten, with ten being easy. 

It was pretty straightforward. It didn't take too long to deploy. And it was roughly done within an hour. So implementation isn't overly complex.

We're a system integrator and partner with Akamai. 

The initial deployment was completely handled by the team. I was involved, but the SOP wasn't managed by me.

The pricing is too high. Based on market standards, I'd recommend lowering the price.

I would rate the pricing a five out of ten, with ten being affordable. 

The DQE feature increases the license cost based on usage. Also, prices vary depending on the customer and region, and taxes can add up. This makes it a bit unclear from a hypervisor perspective.

Micro-segmentation should be a specific requirement because, nowadays, many built-in solutions offer similar functionality. Akamai provides Guardicore as an external SaaS service for those needing it in a SaaS environment. 

However, for on-premises installations, integration with network vendors like Cisco is crucial. This could be done by customers themselves or through partnerships with other network vendors.

Overall, I would rate the solution a seven out of ten. 

Our clients look for server-to-server segmentation that includes both inbound and outbound ringfencing. 

The tool is easy to use and simple to deploy to achieve segmentation objectives. It offers a graphical view of real-time workflows and traffic patterns into server-to-server communications. Also, the amount of process, service level visibility the agents deployed on the servers provide via network logs is very informative.

Guardicore Centra should incorporate automation so that we aren't required to write custom scripts by leveraging APIs quite often. The tool also has limitations on overall policy rules that can be configured on the platform (60k rules) which seems a lot but with big chatty applications and a huge application count to segment, this limit can turn out to be small if the goal is to segment a lot of application servers. Operationally there are too many clicks and analyses needed to do quick and safe changes (for e.g. label replacement) in the production environment. I think that the incorporation of automation templates for some standard use cases can help clients make changes with confidence and without the possibility of human error. 

I have been working with the solution for close to an year. 

I would rate the tool's stability a seven out of ten due to the capacity limit. Once we reach 70-80 percent of the maximum rules, the system becomes slow in terms of response. The backend processes being a SaaS solution need to be more robust. 

I would rate the product's scalability a five out of ten due to the current limits on the number of agents, labels, and rules. Around 5000 servers use Guardicore Centra in my organization. 

The product's support takes more time to respond back. 

Neutral

Guardicore Centra's setup was straightforward and I would rate it a seven out of ten. The tool's setup is straightforward as long as you identify the servers and establish the right processes. The tool came with an installation guide and setup took about four to five hours to complete. The deployment depends on the solution size and if the POC is small, the setup is easier and quicker. If you plan for enterprise-wide deployment, then you need to do capacity sizing and planning.

I was not directly involved in licensing etc. costs but only in solution architecture and operationalization.

I would rate the solution a six out of ten. We mostly have enterprise customers for Guardicore Centra. I would advise users to try this out on a handful of servers for the first time (like < 20 servers to begin with). During and after segmentation, monitor the solution for some period to notice how operationally effective it is and the data sources relied upon for building labels, and policies, and ultimately how easy it is to incorporate any changes needed thereafter.

We use the solution for micro segmentation.

The most valuable features of the solution are the maps and ring fencing that help monitor events.

It's not easy to learn to use this program. It would be very helpful for beginners if the solution had more windows to help with the terms inside instead of going to the documentation.

I have been using Akamai Guardicore Segmentation for six months.

I rate Akamai Guardicore Segmentation a nine out of ten for stability.

Around four people are working with the solution daily in our organization.

I rate Akamai Guardicore Segmentation a nine out of ten for scalability.

The solution's initial setup is not hard. However, you have to learn it because it's not plug-and-play.

I, an integrator, and the Akamai staff implemented the solution.

Overall, I rate Akamai Guardicore Segmentation a nine out of ten.

We primarily use the solution for a micro-segmentation to match the GDPR compliance.

The limitation of security groups, in terms of the number of services you can open that you can cover by using these tools, is great. 

If you treat your network as a flat, and then you start creating all your, let's say, network security zones using this tool, it makes life easy. For example, you have always flexibility in having different production and management interfaces. 

With a cloud-native construct, you can do micro-segmentation. 

The initial setup is easy.

The solution scales well.

I found the solution to be stable. 

Supports become difficult when it's for a big organization. For a small organization, medium organization, it still makes sense, however, for a big organization, it makes life difficult.

We would like to be able to go agentless.

I'd like support for all types of Kubernetes and service mesh. They say, "Ah, we support this, we support that." This is not the case. 

I've used the solution for almost seven months at this point. I've used it for a while now. 

The stability for Guardicore is high. I cannot comment on FireEye, however. When I say stability, I have to see the production workload. When I say that the stability for Guardicore is high, I mean there's not much an issue. Features were coming in very fast. Whenever we requested something within two to three months there was a rollout. A global rollout, too. It wasn't just for one client. I was amazed and surprised by how fast they implemented suggestions.

The product is scalable. It offers containers, and therefore, it's scalable. I've never had an issue.

I did deal with technical support directly. It was good. I was the guy who was calling them. It was never just a call. They tried to understand the problem and the construct and came up with a solution that would assist us. 

I'm also familiar with FireEye. I need more time with the products in order to effectively be able to compare them.

The initial setup was straightforward. It was not complex.

I can't speak to the cost part as that is managed by the finance team. I never have had visibility into the contracts.

We're partners with Guardicore.

I'm not sure which version of the solution we are using at this time. 

I would rate the solution at a six out of ten. The support for Kubernetes is still missing. They're working on it. It's in the roadmap. That will make it better. That said, right now, it does more than 50% of what we need it to do and it's been good. 

Guardicore Centra is used to ring-fence a crucial, business-critical application. 

We completed the AD integration while also attempting to isolate the jump station with an agent.

Guardicore Centra offers the best coverage specifically in backward compatibility with legacy operating systems.

The query insight module is something that our customers found very beneficial.

Creating policies down to a process level on a server is a valuable option.

Integration with Active Directory is good.

Customers would want to see the cost improved.

I have been working with the Guardicore Centra for the last month.

It's at a customer where I'm doing an assignment, and we've driven proof of value and proof of concept for a month.

We were working with the latest version.

As far as I can tell Guardicore Centra is a stable solution. But only time will tell how stable the situation is. 

We haven't started to deploy it yet, because we were negotiating the pricing and so on.

We have not contacted technical support, But the Akamai person was extremely well-read on the subject, and there was almost nothing he couldn't answer during the proof of concept project.

I am currently working with Micro-Segmentation on Guardicore, not Illumio Zero Trust Segmentation.

The initial setup is pretty straightforward.

The only thing that matters is that the customers have a strong plan, a good strategy, and a high-level and low-level design. The most exhausting part will be labeling all of your systems. And if the customer in this situation has around 1000 servers, that may be time-consuming.

We had assistance from Akami themselves.

Akamai volunteered to drive the actual proof of value concept, and I was part of the design team in charge of monitoring the whole process.

The customer would complain about the cost.

I can't tell you how much the license costs because I'm not involved. As a solution architect, and senior solution architect, I never look at the price, therefore I can't tell.

Of the systems that we looked at, Guardicore has the best coverage for legacy operating systems.

We are in cyber defense advice, and we conducted a modest evaluation. We sell both Illumio and Guardicore solutions, but it all depends on the type of customer, the scope, and finally the individual demands of that customer.

We have, I believe, most of our install-based software as Illumio solutions, this is maybe the second install-based for Guardicore. 

It all depends on the real consumer, their needs, how the business is structured, and so on.

I feel both companies are trying hard to better themselves, therefore it's difficult to say.

Illumio may be far ahead in six months or the opposite, it all depends on that and the precise moment. 

I wouldn't say one product is superior to another; it all depends on the customer's needs and so on. However, in this scenario, the customer has a large number of legacy, old XP, and Windows 2003 legacy servers, as well as other operating systems. In this instance, Guardicore was our recommendation, but for other clients who don't have that history, Illumio is just as excellent as Guardicore.

It's the best, I would rate Guardicore Centra a ten out of ten.

We are a partner, not a customer. We would like to be in a position of trying to provide consultation for this solution and delivery of the product to clients. So, we have partnered with Guardicore in India and we are trying to sell this product and that is our primary use case. The primary use case that we are implementing this product for with clients is micro-segmentation.  

This particular product has a deployment model both in public and private clouds and on-premises. We are pitching it to all of our customers, irrespective of the regulations that they must follow. Some customers are in the government sector, for example, and they will need to go on-premises. There are some customers like IT service-based companies that have most of their infrastructure in the cloud, and those can use cloud-based services. What the client wants and needs totally depends on the type of client they are. We have an advantage with this product in offering it both ways — on cloud and on-premises — to meet the client's needs.

The most important feature or use case, because of micro-segmentation, is the visibility you get when you deploy this product. It will give you very good visibility of your whole data center. The second thing that is valuable is the lateral movement. Often when there is a compromise of vulnerabilities in the organization, this tool greatly helps in understanding the footprint of the attacks. It also helps in stopping the lateral movement of the attack.  

Predominantly I have been working with firewalls and the UTM (Unified Threat Management) solutions for some time. Guardicore has to do something to add on features that help to do a better job of inspection.  

They should have policies based on users. Often we can only add user groups. I think they should offer the ability to assign policies to individual users. The ability to assign policies to both users and groups would make the area of creating policies more flexible. They should also have time-based rules in the policies which they currently do not have.  

They should also get into payload-level inspection. As of now, what they do for threat inspection is to look at the metadata of a packet. This is not in depth enough for proper inspection. They need to start inspecting the payload-level information of a packet or offer this as an option.  

So they should have payload-level inspections to do some deep investigation. Then they should have more user-level control of policies. I think if these two things are introduced, then I could probably change my rating of Guardicore to a nine-out-of-ten.  

We have just recently started working with Guardicore. Six months ago we began working on the POC (Proof of Concept) and we have still not finished so we have yet to deploy the product to production.  

I cannot comment on stability under higher loads because we have not yet deployed it and exposed it to live traffic. We are still in the testing and evaluation phase.  

I think it is an amazing product in terms of scalability.  

I have not had any experience with technical support because we are not in production. Once we deploy the solution to our customers, that is when I think we will be making more use of support resources.  

Earlier we worked more in the firewall space. That is, we worked with Check Point a lot. It was maybe for a period of five years. Then from firewalls, which is a UTM solution, we are trying to move into the new world technologies. That would be things like dedicated security solutions that cover more than what firewalls do.  

As an employee, I am not sure what my organization has gone through in making evaluations and comparisons. I am sure that they have evaluated other products like Illumio, Cisco Tetration, and Guardicore. I do not know, out of all their testing and research, specifically why they found Guardicore to be more a valuable solution. I think these people may be more focused on what they are doing rather than how it is getting done.  

The installation and setup are pretty straightforward.  

Right now, I would definitely recommend Guardicore for someone who is looking into the micro-segmentation space or probably an internal firewall for the organization.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate Guardicore Centra as probably an eight-out-of-ten.  

The interface and dashboard are amazing. I would rate the user interface as a ten-out-of-ten. For other reasons having to do with features and functionality, I have to mark them down a few points.  

I am using it for segmentation. If someone has access to a development system, they can't take that development system and access production equipment.

Application Ring-Fencing and Deception Server, which is basically like a honeypot, are pretty useful features.

They can maybe improve their customer service just because they are kind of a small organization, and customer service isn't as big as others such as VMware.

I have been using this solution for probably under one year.

It has been stable so far. I haven't had any big problems.

It is a little too early for me to tell that. Currently, I am the only one using this solution. We probably don't have any plans to increase its usage.

Their support is pretty good. I haven't had to use them that frequently, so I'm not sure about their response times, but when they come and set your stuff up, everything seems pretty good from that end. I would assume the support after that would be similar.

It was like the setup of a typical IT solution.

Their engineers deployed it, so it wasn't any hassle for me.

I would advise others to get a demo but also check out other products to make sure that it is a good fit for you. Every product is not good for every place. It has been pretty good for my use case. I didn't find anything terrible or not good.

I would rate Guardicore Infection Monkey an eight out of ten.