Hybrid Cloud Security on Your Terms

Cloud Computing, Cloud Networking

Mellanox and Guardicore Deliver Agentless and High-Performance Micro-segmentation for Securing Hybrid Cloud Environments

This article was created and published in partnership with Sharon Besser, VP, Business Development at Guardicore.

The face of the enterprise data center has evolved in recent years. Business-critical applications, data confidentiality and the advent of digital products and services are among the driving forces behind today’s emerging data-center architectures. The disruptive and innovative datacenter technologies of hyperscale cloud giants are gradually making their way into enterprise data centers. Case in point: the container orchestration platform Kubernetes, Open Compute Project (OCP) and composable disaggregated infrastructures (CDI), which were all created and practiced by Google, Facebook and the likes, are now touted as enterprise-grade solutions. In this context, Mellanox is at the forefront of developments, as enterprises increasingly embrace 25/100 Gbps networking speeds to boost their new data-center buildouts, while hyperscale clouds drive next-generation 100/400 Gbps connectivity solutions.

Although public cloud adoption is progressing rapidly, public offerings have not taken over a big piece of the enterprise pie. A recent Gartner research report indicates that less than 20% of total IT expenditure was allocated to public clouds in 2019. Bank of America’s CEO stated in late 2019 that the financial services corporation had saved $2 Billion per year by building its own cloud infrastructure. Aside from the dominant cost factors, some workloads must remain on-premise, due to regulatory and/or compliance reasons, while other legacy applications cannot be migrated to the cloud due to their nature/design. Breaking it all down, the prevailing approach of most enterprise leaders today,  and most likely in the years to come, is a hybrid-cloud strategy that typically involves a multi-tiered IT environment comprising both on-premises datacenter(s) and cloud service provider(s).

While hybrid clouds provide a cost-effective and agile solution, they also expose organizations to a cyber threat landscape that is broad and continuously changing, fast beyond what the guards can respond to with traditional security tools. Thus, a holistic approach is needed for enterprises to enhance their security postures and achieve a robust and complete protection. Only solutions that protect all types of workloads, at any speed and against both current and future threats can deliver the highest levels of security, integrity and reliability in the hybrid cloud era.

Micro-segmentation Emerges to Secure Hybrid Clouds

Micro-segmentation is an emerging data center and cloud security best practice that enables enforcement of fine-grained security policies for any network in a multi-, hybrid cloud environment. It provides several advantages over the traditional approaches of using VLANs for network segmentation and firewalls for application separation. Micro-segmentation uses software-defined controls running on each node to provide individual workload isolation and protection, reducing risks and simplifying security management. These advantages are key as enterprises adopt a hybrid cloud approach consisting of cloud services from one or multiple vendors while maintaining their own datacenters.

The rise of cloud-native applications where microservices architectures and containers create new communication frameworks reinforce the need for elastic micro-segmentation implementation. Guardicore, a leader in the internal datacenter and cloud security realm, offers Centra, a comprehensive hybrid cloud security solution that delivers the simplest and most intuitive way to apply micro-segmentation controls to reduce the attack surface and detect and control breaches within east-west traffic.

Guardicore’s network visualization providing flow and application-level monitoring, is both the basis for resilient micro-segmentation, and achievable through a variety of agent- and network-based techniques. However, there are ample reasons why deploying agents is neither possible nor desired in many modern, data-driven workloads. Some application environments, like in high-frequency trading, are optimized for high-performance, low-latency transactions. In such use cases, even a minimal 3% impact renders the use of agents inefficient and thus, cannot be tolerated. Other businesses with a track record of failed agent deployment may be reluctant to try a different one. The result is a lack of visibility, which leaves enterprises with infrastructure silos where security policy enforcement cannot be applied.

So, here’s an idea: what if we could leverage the intelligent I/O processing units (IPU) from Mellanox to gain visibility into every workload, and enforce micro-segmentation without installing agents, impact performance or increase network latency?

Software-Defined Micro-segmentation Meets Hardware-Defined Isolation and Acceleration

The combination of Mellanox’s BlueField IPU-based SmartNICs with Guardicore Centra Security Platform creates a unique value proposition: No need to install agents on servers. No impact on server/application performance. A software-defined and hardware-accelerated security policy enforcement at wire speed, fully isolated from the workload itself. The joint solution is ideally positioned to those environments in which deploying agents is not permitted:

  • HFT, latency-sensitive applications
  • Bare-metal clouds
  • Mainframe
  • Network-attached storage


We are excited to partner with Guardicore to deliver an agentless and high-performance micro-segmentation solution for securing hybrid cloud environments. This solution offering is the result of best-of-breed silicon capabilities, software IP and amazing engineering teams at Mellanox and Guardicore and is the first out of many innovative cyber security solutions we bring to market – stay tuned for more in 2020 and beyond!

Visit Mellanox at the upcoming RSA Conference, February 24-27 in San Francisco, CA (North Hall #4525) where we will be showcasing our end-to-end Ethernet portfolio including SmartNICs, switches and cables.

Learn more about agentless, high-performance micro-segmentation for securing hybrid cloud environments:


About Itay Ozery

Itay Ozery is Senior Product Manager at Mellanox Technologies, driving strategic product management and product marketing initiatives for Mellanox’s cloud networking solutions. Before joining Mellanox, Itay was Sr. Sales Engineer at NICE Systems Ltd., a Nasdaq listed corporation, where he led large-scale business and project in the fields of cyber security and intelligence. Prior to that, Itay held various positions for more than a decade in IT systems and networking with data centers and telecom service providers, where he acquired extensive experience in IT system and network engineering. Itay holds B.A. in Marketing and Information Systems from the College of Management Academic Studies, Israel.

Comments are closed.