Akamai Guardicore Segmentation Reviews

We want segmentation for a data center, and we have the problem that we cannot change IP addresses within the data center. So we need a solution. With the Guardicore solution, we can keep the IP addresses. 

Additionally, we get agent-based segmentation, and we don’t have to change anything on the network. These are the main reasons why we chose Guardicore for micro-segmentation.

The enforcement points under the agent, the firewalling has been most beneficial for your customers’ cybersecurity needs specifically. We do not need any further security features like IDS, IPS, or whatever. For us, it’s only the firewall feature, and that’s part of the enforcement point of the Guardicore agent. So that was completely enough for us.

I like the visibility of the communication, so that we really see which communications the assets have to the other assets. We don’t need a further sensor or firewall to see the traffic to these devices. That’s the main reason. 

And Guardicore makes its own rule set automatically, so we can work fast when creating a rule set. We don’t have a long phase of monitoring or whatever, so we can go straight to rules where we drop unwanted data traffic.

We don’t do micro-segmentation for each asset. We work with the ring-fencing function, and we have really good visibility on the dashboard with the rings. We can see which asset is in which segment, zone, or ring. That’s the main thing, that we can see this really easily. 

We can also give this view not only to the administrator of the Guardicore components but also to the application owner, so they can see where their application is placed in the ring-fencing and what communication is there. This makes incident management easier because we get incidents in a more authenticated way from the application owner. That’s also a big benefit from the visibility of the Guardicore solution.

In the firewall, only the administrator has a deep look into the architecture, the logs, and the segmentation. In the Guardicore solution, we can give more visibility to the application owner on their own application. This makes it easier to manage incidents and the overall management of the application and network. The application owner has a view of the actions happening on the network with their assets or applications.

When we have more than one interface, we can only have one policy for both interfaces. Normally, you have assets with a production interface and a server interface that are only for management. 

But in the Guardicore architecture, you cannot give the production interface its own rule set and the management interface another rule set. You have to combine these rule sets into one. It’s a lack because security standards suggest a different way to secure management interfaces.

So, I would like to have two separate rule sets for the basis of the device.

We started planning last year, and we are now in the implementation phase. So, since April this year, we have been working directly with Guardicore and the Guardicore management systems.

We [my company] work with the latest version. 

I would rate the stability a six out of ten, where one is low and ten is high stability.

The difficulty is when you start with such a project, it’s not only with Guardicore, it’s with all other micro-segmentation windows. You have to change your mindset from a network-centric to a label-centric approach, which is not based on the network. That’s the difficulty for the people, the customer, and the administrator. 

There should be more support to change the mindset of the customer. They are all used to the old way to do segmentation. With other micro-segmentation tools, it’s a new technology, and it’s not about thinking in IP segments and IP networks anymore. You have to think in labels and ring fencing. That’s what makes it difficult to start with such a technology. It’s not the vendor, it’s the technology.

I would rate the scalability an eight out of ten. It is good for our use case. So, scalability is at a satisfactory level.

I make projects with my customers. I do not have any view about my other colleagues and what they have in their projects with Vendor. Myself, it was the third customer where we have placed the Guardicore product.

My customers are  enterprise businesses.

The response time should be better. Sometimes it’s good, but sometimes it could be better. You have a problem, you need an answer, and then you have to wait. Sometimes they do not talk with an administrator who knows anything about Guardicore. When my colleagues call support, I think my colleagues are experts. And then the support starts with really easy questions. That’s not funny.

So, I want them to be more skilled, like, more educated on the matter.

I would rate my experience with the initial setup a seven out of ten, where one is difficult and ten is easy to set up.

The technical setup was easy. It becomes more challenging when you start labeling the assets and doing the ring-fencing. You have to go deep into the architecture of the network, the application, and whatever. That’s more difficult, but in the end, it’s easier than doing classic segmentation with a firewall.

The data architecture took one week, but the segmentation logic took months. We are not finished. We started in April, and we are not finished. So, like almost half a year. 

We start to define the ring for the ring fences, and then we start with a part of the network with the test environment. We test and then go. The last will be the production. We label the assets, then start a monitoring period to see the data traffic between the assets. Then we go into an alerting phase and finally to a block period.

I would rate the pricing a six out of ten, where one is cheap and ten is expensive.  I know other micro-segmentation tools like Cisco or Illumio, and so I think they are in the middle.

Overall, I would rate the product a seven out of ten. We use Akamai because they have their own enforcement point. This was important for us. 

Other micro-segmentation tools use the desktop firewall of Windows or the Linux iptables firewall, but Guardicore has its own enforcement point and its own agent. This was a key factor. When you start with the implementation, you have to have a clear picture about your labeling. I think it’s really important. You have to know what you want to separate from each other. You could go into very deep detail, but the more detail you have, the more complex it becomes. You have to find a balance between detail and complexity. You need the middle way.

We use the product in the production environment of server infrastructure. 

The tool's most valuable feature is its visibility. 

Kubernetes is not installed in the way we need it. 

I have been using the product since October. 

We faced some minor issues, but overall, the product is stable. I rate it an eight to nine out of ten. 

I rate the tool's scalability an eight out of ten. My company has four to six users. 

Akamai Guardicore Segmentation's deployment is smooth. The deployment team promised us that the implementation would be completed in three weeks, but the product was available within two weeks. 

Akamai Guardicore Segmentation is expensive. 

I rate Akamai Guardicore Segmentation an eight out of ten. Adopting the product often involves a greenfield approach, requiring adjustments and careful planning.

It's micro-segmentation.

The label-based segmentation is the most valuable feature.

There are always areas for improvement. It doesn't support a PAAC solution (Platforma as a service) in the cloud. So that could be improved.

In future releases, I would like to see more integration with other products. 

I have been offering this solution for more than three years. 

It's very stable.

It's very scalable. It's primarily the larger customers with thousands of servers.

The customer service and support are very good. 

Positive

Akamai is much better than other solutions, such as ColorTokens and Illumio. It is more user-friendly and has more features. In fact,  Illumio is actually implementing a lot of the features that Guardicore has had for years.

The initial setup is very easy. It's a safe solution, so you can actually install it in five minutes. So it's very easy to install.

So installation is fast. But then you have to roll it out to all these servers that the customer has, and that would take a couple of days or a week or a month perhaps and require, let's say, four people to do it.

We don't maintain it because it's safe. So it's very easy.

The price is the same as other products in the market. There's no price argument to choose one or the other product, it will cost the customer approximately the same.

You pay for a year, two years, or three years, how many years you want, but you don't actually buy the product; you lease it for a year. And then you can buy it for another year and so on. 

The support is included in the license. 

I would say that you should use it for micro-segmentation instead of trying to use firewalls. Because some customers try to use other solutions like firewalls, and it's not the best solution. 

Overall, I would rate the solution a nine out of ten. It is an amazing solution. 

In India, one use case is in the banking industry. In general, one customer used it for microsegmentation deployed across four locations. 

Another used it for telemetry and microsegmentation. These were deployments for customers in India and the Philippines.

The workloads have been seamlessly integrated for segmentation. The network has been transited smoothly. So, the integration was straightforward and without major issues.

Our customers use the solution for micro-segmentation within the data center or cloud environments.

One customer uses it for their on-premises infrastructure, deployed at the code level across their massive network. 

Another customer uses it in a data center to monitor microsegmentation for their 500-node workload.

Moreover, Akamai Guardicore Segmentation has helped our customers manage and secure traffic between different applications or workloads.

Earlier, they were using VMware NSX-v, which offered good logging for distributed services on an analytical level. 

However, Akamai Guardicore Segmentation provides them with better overall visibility and granular control over-segmentation, even for inter-application and inter-routing traffic.

Initially, I liked the telemetry part. But later, we used the micro-segmentation features that we were able to deploy and found that they really stood out from other vendors.

It allows us to see microsegmentation as a distributed service.

The ease of policy creation and management in Akamai Guardicore Segmentation has impacted security operations. No other product offers more customization. It has some complexity at the initial configuration level, but later on, it becomes easy. If I were to rate it on a scale of ten, I'd give it at least a nine. It is highly mature. 

Incident tagging could be improved. Other vendors offer semi-automatic tagging, which Guardicore doesn't yet have.

The rest of the features are already industry standard.

I have been using it for two and a half years. The latest version I worked with was v6.7.92.

I recently enrolled for it for one of my customers, so that requirement was fulfilled, and we purchased the product.

There are sometimes issues when new versions are updated. I would rate the stability a seven out of ten. 

Whenever there's an update, there always seem to be things needing adjustment.

I would like to see the stability level improved. 

In terms of scalability, the more features offered, the more devices it can handle. So, I'd rate it around eight out of ten.

We only have two customers who are using it because it's not widely marketed in the Indian region. One is a BFSI enterprise, a customer in the banking industry.

I didn't use technical support as that's maintained by the customer anyway.

I would rate my experience with the initial setup an eight out of ten, with ten being easy. 

It was pretty straightforward. It didn't take too long to deploy. And it was roughly done within an hour. So implementation isn't overly complex.

We're a system integrator and partner with Akamai. 

The initial deployment was completely handled by the team. I was involved, but the SOP wasn't managed by me.

The pricing is too high. Based on market standards, I'd recommend lowering the price.

I would rate the pricing a five out of ten, with ten being affordable. 

The DQE feature increases the license cost based on usage. Also, prices vary depending on the customer and region, and taxes can add up. This makes it a bit unclear from a hypervisor perspective.

Micro-segmentation should be a specific requirement because, nowadays, many built-in solutions offer similar functionality. Akamai provides Guardicore as an external SaaS service for those needing it in a SaaS environment. 

However, for on-premises installations, integration with network vendors like Cisco is crucial. This could be done by customers themselves or through partnerships with other network vendors.

Overall, I would rate the solution a seven out of ten. 

Our clients look for server-to-server segmentation that includes both inbound and outbound ringfencing. 

The tool is easy to use and simple to deploy to achieve segmentation objectives. It offers a graphical view of real-time workflows and traffic patterns into server-to-server communications. Also, the amount of process, service level visibility the agents deployed on the servers provide via network logs is very informative.

Guardicore Centra should incorporate automation so that we aren't required to write custom scripts by leveraging APIs quite often. The tool also has limitations on overall policy rules that can be configured on the platform (60k rules) which seems a lot but with big chatty applications and a huge application count to segment, this limit can turn out to be small if the goal is to segment a lot of application servers. Operationally there are too many clicks and analyses needed to do quick and safe changes (for e.g. label replacement) in the production environment. I think that the incorporation of automation templates for some standard use cases can help clients make changes with confidence and without the possibility of human error. 

I have been working with the solution for close to an year. 

I would rate the tool's stability a seven out of ten due to the capacity limit. Once we reach 70-80 percent of the maximum rules, the system becomes slow in terms of response. The backend processes being a SaaS solution need to be more robust. 

I would rate the product's scalability a five out of ten due to the current limits on the number of agents, labels, and rules. Around 5000 servers use Guardicore Centra in my organization. 

The product's support takes more time to respond back. 

Neutral

Guardicore Centra's setup was straightforward and I would rate it a seven out of ten. The tool's setup is straightforward as long as you identify the servers and establish the right processes. The tool came with an installation guide and setup took about four to five hours to complete. The deployment depends on the solution size and if the POC is small, the setup is easier and quicker. If you plan for enterprise-wide deployment, then you need to do capacity sizing and planning.

I was not directly involved in licensing etc. costs but only in solution architecture and operationalization.

I would rate the solution a six out of ten. We mostly have enterprise customers for Guardicore Centra. I would advise users to try this out on a handful of servers for the first time (like < 20 servers to begin with). During and after segmentation, monitor the solution for some period to notice how operationally effective it is and the data sources relied upon for building labels, and policies, and ultimately how easy it is to incorporate any changes needed thereafter.

We are using it to segregate all of our different environments: staging, production, QA, as well as our applications. We are essentially replacing our traditional, internal firewalls and depending completely on Guardicore to secure all of our applications.

We've been able to secure older applications in a way that we really couldn't before, which has been a nice benefit. 

It's also allowed us to build out an entire new data center topology without having to worry so much about where we place physical or virtual firewalls that can create bottlenecks. We can focus more on building a really fast and responsive network topology. Security devices, things like a traditional firewall, can often be a bandwidth or throughput bottleneck. But with Guardicore, since the firewall is running on every single server individually, and they're working together, you can just build a really big, fast, redundant network and not have to worry so much about those security bottlenecks.

The most valuable feature of this solution is the fact that it's pretty much agnostic to location. Right now we have an on-prem data center that we manage, but if we start to migrate into different cloud locations or multiple different clouds, we can manage all the security between all of the servers and applications, through one platform. That's a future, forward-looking bonus of it.

And right now, the real bonus is the fact that we can secure applications, all the way down to the individual services, on each host. It's actually more granular security than we can get out of a traditional firewall.

They're really good at getting into the environment. But the long-term management of the security policies could be improved with some kind of automation platform, something like Chef or Puppet or Ansible, to help you manage the policies after day-one. Setting it up initially is really simple and getting going is really easy, but to then manage the policies and changes to those policies, going forward, through some type of automation process is not turning out to be really easy. It would help if they could either provide some guidance there or adjust the way that the API handles that a little bit, to make that simpler. 

Their API is clear. It's just proving difficult, from a code perspective, to manage the rule sets. You can build out a rule set really easily. You can deploy agents really easily. You can apply the rules, initially. The issue is then going back and adding a new rule to an old rule set or pulling one out and doing maintenance on it with code. It seems to take a lot of extra logical checks such as making sure we're not duplicating a rule or the like. That's really the only place where, although we're not stuck, we're having to put in more time than we anticipated. Everything else has been super-easy, but the maintenance and management of the rule sets with our automation tools has not proved to be as simple as we would've liked.

It seems like it would have been really easy to put it in if we didn't have a lot of changes. But it seems that the long-term maintenance of it is a little bit difficult and could use some improvement.

We've had the Guardicore solution since May, so that would be about six months.

Overall the stability has been really good but there have been a couple of little bugs we've run into. Nothing has been negatively impactful to our traffic, it's mostly been a couple of cosmetic things.

Everything, so far, has turned out to be a really simple fix where they were able to get back to us within a day. We had an issue installing an agent on a newer version of Red Hat, but they had a solution already in place; it just wasn't rolled in. But they had it fixed for us within a few hours, and they actually had that fix in production within about a week. We've had a couple of what seemed to be visual bugs with the SaaS interface, with the web UI, but no service impacts. 

Everything has been really stable. It's just that there have been times where you'll click on something and you would expect to see something there and it's not there, or it's listing more information than you would expect. Those have all turned out to be bugs, but I don't really fault them for that. 

They've upgraded. We've only had it for six months and we've upgraded our aggregators and our SaaS instance two or three times. They're very proactive on updating and the platform is really stable. They just occasionally have a few little cosmetic bugs. I would prefer that than a company that either doesn't advance and make good changes or one where bugs have performance impact. The performance always seems really good; it's just a few cosmetic things once in a while.

So far, scalability has been no issue at all for us. We did the proof of concept with a small group of servers, some 20 to 25. Within the first couple of days we'd deployed it to about 75 to 100. Now we're up to 200 servers. It seems to scale as fast as we can add agents to it and we haven't noticed any negative impact from going from one server to 200. And we don't expect any going from 200 to 1,200. 

I think it would only be limited by the power of the SaaS instance and they scale that for you automatically on the backend as you take on more agents. If the SaaS instance requires more resources, they just provide that for you seamlessly without you having to do anything.

I cannot not talk enough about their support staff. Their Professional Services team that we worked with for the first several months of the initial setup, are just absolutely wonderful; some of the best I've ever worked with. We've recently been handed off to their customer success team, which is the long-term support, once you're onboarded with the platform, although we haven't even been cut off from our Professional Services team. I still talk to both: the original engineer who helped us set it up and now I have this new customer success staff. They are amazingly wonderful, so far. 

I've never had to wait more than half an hour for some response, and usually have a solution to any problem I have by the end of the day. For every issue we've had, if we start in the morning with an issue, it's really been almost same-day service. We haven't had a ton of issues, but their responsiveness and their attitude and their willingness to help have been greatly appreciated. We deal with a lot of vendors and some are better than others. Guardicore is really top-tier in their customer support. I can't say enough good about them.

They provide really good documentation on agent deployment. They told me through the setup that the thing that most organizations usually struggle with the most is getting the agents deployed. But we found that—probably because we were already doing some automation—was really quite simple.

Overall, it was really easy to get up and going. We installed the on-prem aggregator that bridges the agents on the servers to the SaaS instance, and then you just install the agents. We were actually able to deploy 50 to 100 agents within a day. And once we could deploy 10, since we are already automating a lot of our package management on our servers, we could've done 1,000 or 2,000 in a day. We could have done it on as many servers as we have. 

They provide you all the tools. If you're already automating your servers, it's a super-easy solution to implement. If you aren't doing automation and are still manually managing all your servers, one at a time, I can see that it wouldn't be quite as easy as it was for us.

We are still in the process of deploying it across our company, but to get it up and running, it took less than a couple of days. Right now we're at about 200 servers, but we expect to grow to around 1,200.

To initially get it up and running and have everything working, took only me, in my role as a manager of network and security engineering, and one member of the server team. You could really do this with one or two people, as long as you have a network guy and a server guy. But now that we're deploying it more widely, there are six or seven main players in our company who are involved in writing the scripts and doing the automation work to get it deployed and to manage it.

My team was in charge of the initial setup and getting the policies built and the rule sets created. And the server engineering team is handling the agent installs and making sure they're checking in with the SaaS instance, and they are also putting the Guardicore labels on the agents. They say, "This is a Windows Server, this is an application server." And then we maintain the rule set that controls traffic, based on those labels. It's a two-prong management solution.

I know the ROI is going to be there because I know what the future's going to look like. The only reason we haven't seen as much as we possibly could have is all on us moving slowly. It's not anything to do with Guardicore. I'm really hopeful for the future with them. But right now we've only really secured a handful of applications. That's all gone really well, but we definitely have not realized its full potential. We've got a lot of older applications and it takes time to get people to agree to rebuild the server and put the agent on it.

We're trying to shift all of our servers. Instead of applying it in place, we're actually trying to go through a process of rebuilding all of our servers. During that process we'll move an application from an old server to a new one, put the agent on it, put it in the new network, and then it will be a Guardicore protected area. That's a slow process that we have imposed on ourselves. I see the light at the end of the tunnel. I think it's going to be a great solution but we are far from the end of the road with realizing all the benefits. That's just a result of taking our time and the plan that we created for ourselves.

They worked with us really aggressively to get the business and we felt we got a pretty fair deal with them. They were really flexible with our limitations on currently available funding versus future funding. They were really nice about restructuring the purchasing contract.

We did a "step-in" model where we committed to a three-year deal, but we would pay a small amount in the first year, a little more in the second, and ramp up to full price, year-over-year, by year three. That had to do with money that was available and budgeted for at the time. They were really good at working with us on that.

They have been generous with the licensing. We were only supposed to be able to have 200 licenses in the first part of the first year, and then it would ramp up to 600 and then ramp up again to 1,200. But they've assured us, over and over, that they will not complain if we go over any of those limits before those dates. They're just glad to have us as a customer. We're already committed via contract to get up to that 1,200 number and to be paying full price. 

They've been really flexible with the licensing, with the contracts, and everything else. It was a good experience. And compared to the pricing we were seeing from both Illumio and Edgewise, Guardicore was very competitive.

There was a $19,000 upfront cost for the Professional Services engagement, in addition to the licensing, but that was the only extra cost that I'm aware of.

We looked at Illumio and we also looked at Edgewise Networks.

At the time, Illumio was manipulating the built-in firewall of either Windows or Linux. They were essentially just going into the OS and taking over the management of the local firewall, which was good in some regards but it seemed like an older way to do the same thing. Edgewise and Guardicore were more in step in that they actually have an agent that sits between the compute kernel and the networking layer and that manages which sockets are open and how the services are able to talk to one another. That seems like a better and more modern approach. That was one thing in their favor. 

We liked a lot of features of both Edgewise and Guardicore. It came down to cost, in the end. We got a better deal with Guardicore. There were a couple of features that I felt meant that Guardicore had more going for it. It seemed like a little bit more of a mature solution at the time. It had been around a little bit longer. It felt like it had some more depth of knowledge and stability, given some of the engineers we spoke with.

Edgewise was very new. Since we talked with them they've actually been acquired by NetScaler. We had a little bit of apprehension in investing in something that might get gobbled up or might fail, because it was a new company. They're both good solutions but we've been happy with the choice that we made.

Think of all the possible scenarios that could apply to your network traffic and make sure you test those thoroughly in your PoC. Think about things like clustering, broadcast traffic, and all the different ways you want to be able to either restrict or group traffic. Run through the gambit of scenarios that you could imagine wanting when segmenting your network with a microsegmentation tool and test all of those as much as you can.

We haven't run into any issues, but there have definitely been some instances where we assumed the product worked one way and, as a result, we went down a path for a week or two writing rules in a certain style, or grouping things a certain way. But then we came to realize, "Oh, that's not really the way Guardicore is intended to work, and it works better if you do it this way." So test, test, test. Make sure that you're confident that it's going to meet your needs.

There's nothing that they've advertised or told me that it can do that it can't do. It's more my understanding of how to implement it. They're flexible, so it's almost like they give you enough rope to hang yourself with you. You might want to talk to them about your philosophy a lot, upfront, before you even start to really commit to a direction regarding how to build your rule sets. If they understand what you're trying to do, they can probably guide you on the best way to get there.

We just picked it up, thinking we're technical and smarter than we are, and ran down one road and when we got there found, "Oh we should have done it this way." And when we stepped back and looked we said, "Oh yeah, that makes a lot more sense." Then we had to go back and undo some of our work. 

So work really closely with the PS guys, explain what you're trying to accomplish and be open with them, and they will help guide you to the best way to implement the product.

I would give Guaridcore an eight out of 10. It's a really great product. There is probably room for them to make improvements. Obviously, they're always adding new stuff. The biggest hindrance we've had is a lack of resources to dedicate time to the project, and none of that is their fault.

It's more a matter of making sure you're pushing all of your projects forward with Guardicore in mind. If you're going to have it wrapped around all your applications, you need to make sure you're writing your apps in a way that is going to work well with Guardicore, or that you're building your network typologies in a way that it's going to work well with Guardicore. If you're going to go all-in and put it on all your servers, you have to factor it into all your decision-making. And I wouldn't say that's a negative, but that's the main takeaway, now that we've gone down this road. You really have to think about Guardicore's intended view of how the product should be used and make sure that you're building along with that, so that you don't come to a crossroads with the tool when you're trying to secure your application.

They're definitely keeping up with new technologies, their deployment is easy, and their customer support is great. I really don't have a lot of negative things to say about it.

We use the solution for micro segmentation.

The most valuable features of the solution are the maps and ring fencing that help monitor events.

It's not easy to learn to use this program. It would be very helpful for beginners if the solution had more windows to help with the terms inside instead of going to the documentation.

I have been using Akamai Guardicore Segmentation for six months.

I rate Akamai Guardicore Segmentation a nine out of ten for stability.

Around four people are working with the solution daily in our organization.

I rate Akamai Guardicore Segmentation a nine out of ten for scalability.

The solution's initial setup is not hard. However, you have to learn it because it's not plug-and-play.

I, an integrator, and the Akamai staff implemented the solution.

Overall, I rate Akamai Guardicore Segmentation a nine out of ten.

Guardicore Centra is used to ring-fence a crucial, business-critical application. 

We completed the AD integration while also attempting to isolate the jump station with an agent.

Guardicore Centra offers the best coverage specifically in backward compatibility with legacy operating systems.

The query insight module is something that our customers found very beneficial.

Creating policies down to a process level on a server is a valuable option.

Integration with Active Directory is good.

Customers would want to see the cost improved.

I have been working with the Guardicore Centra for the last month.

It's at a customer where I'm doing an assignment, and we've driven proof of value and proof of concept for a month.

We were working with the latest version.

As far as I can tell Guardicore Centra is a stable solution. But only time will tell how stable the situation is. 

We haven't started to deploy it yet, because we were negotiating the pricing and so on.

We have not contacted technical support, But the Akamai person was extremely well-read on the subject, and there was almost nothing he couldn't answer during the proof of concept project.

I am currently working with Micro-Segmentation on Guardicore, not Illumio Zero Trust Segmentation.

The initial setup is pretty straightforward.

The only thing that matters is that the customers have a strong plan, a good strategy, and a high-level and low-level design. The most exhausting part will be labeling all of your systems. And if the customer in this situation has around 1000 servers, that may be time-consuming.

We had assistance from Akami themselves.

Akamai volunteered to drive the actual proof of value concept, and I was part of the design team in charge of monitoring the whole process.

The customer would complain about the cost.

I can't tell you how much the license costs because I'm not involved. As a solution architect, and senior solution architect, I never look at the price, therefore I can't tell.

Of the systems that we looked at, Guardicore has the best coverage for legacy operating systems.

We are in cyber defense advice, and we conducted a modest evaluation. We sell both Illumio and Guardicore solutions, but it all depends on the type of customer, the scope, and finally the individual demands of that customer.

We have, I believe, most of our install-based software as Illumio solutions, this is maybe the second install-based for Guardicore. 

It all depends on the real consumer, their needs, how the business is structured, and so on.

I feel both companies are trying hard to better themselves, therefore it's difficult to say.

Illumio may be far ahead in six months or the opposite, it all depends on that and the precise moment. 

I wouldn't say one product is superior to another; it all depends on the customer's needs and so on. However, in this scenario, the customer has a large number of legacy, old XP, and Windows 2003 legacy servers, as well as other operating systems. In this instance, Guardicore was our recommendation, but for other clients who don't have that history, Illumio is just as excellent as Guardicore.

It's the best, I would rate Guardicore Centra a ten out of ten.