Guardicore Extends Zero-Trust Security to IBM i

May 5, 2021 Alex Woodie

Guardicore, which is trying to shake up the firewall market with its “micro segmentation” security solution, recently announced that it has extended its “zero-trust” approach to the IBM i platform. The offering will help IBM i shops close blind spots in their security posture by monitoring the server for signs of problems, the company says.

Guardicore develops a software-based security solution called Centra that uses a micro segmentation approach to protecting IT assets from evolving security threats. Micro segmentation is a relatively new approach to cybersecurity that revolves around the concept of breaking the network down into multiple segments or subnets.

Instead of protecting the externally facing network from a breach, as a traditional firewall does, the micro segmentation approach essentially builds a virtual perimeter around each specific asset inside the network. So instead of trusting that a traditional firewall can keep the bad guys out, the micro segmentation approach assumes that the bad guys are already inside the network, and that each component must be protected individually.

Guardicore’s twist on this micro-segmentation, zero-trust concept is that legacy systems, such as the IBM i server, are uniquely vulnerable to archaic ideas about security embodied in traditional firewalls. In addition to the IBM i server (which it calls the AS/400 and iSeries), the company is building connections to other “legacy” systems, including: Windows Server 2000 through 2008, Windows 7, Windows XP; all Linux distributions; AIX; Solaris; and HP-UX.

According to Sharon Besser, Guardicore’s vice president of business development, protecting legacy infrastructure and IT is one of the biggest challenges CISOs face.

“As enterprises digitally transform and adopt cloud, IoT, and DevOps, the legacy servers that are the backbone of a company are overlooked and represent a significant risk,” Besser states in a press release. “These are the platforms that are no longer supported, cannot be patched, but also can’t be removed because they’re still driving revenues.”

While the IBM i server is most definitely still supported and actively developed by IBM, there are many organizations using older versions of the IBM i operating system, often running on older Power Systems, System i, iSeries, and even AS/400 iron. (We dare say there are even a handful of S/38 and S/36 minicomputers — long out of support by IBM — doing useful work in the world.)

Guardicore wants to help protect these valuable business assets in a way that a traditional firewall cannot. The company, which is based in Tel Aviv, Israel, says that as data centers become more hybrid with cloud-native solutions, containers, and endpoints, that it widens the attack surface available to hackers and malicious insiders, thereby increasing the risk posed to legacy servers.

“In addition to cloud and containers,” Besser writes, “Guardicore protects more legacy servers than any other microsegmentation vendor in the industry — the addition of IBM iSeries AS/400 servers extends our leadership position.”

According to Guardicore, Centra lets customers set segmentation policies and security rules in real time using combinations of “allow” and “block” policies. This gives customers the ability to prevent malicious traffic from reaching servers, including IBM i servers.

Firewalls aren’t built to protect legacy servers at the granular level required, according to Mario Procopio, founder and managing director of Guardicore partner Pro CISO. “Microsegmentation provides deep visibility to eliminate legacy blind spots and easily deploys across all infrastructure and workloads – including data centers, cloud, modern applications as well as legacy systems – to prevent lateral movement and eliminate legacy security gaps,” he says in a press release.