Today’s cloud market is growing at the fastest pace; a huge number of companies are already using the cloud in one way or another. But security issues persist whether you’re using Office 365, Azure, or Amazon. Therefore, Check Point believes that customers need help in mastering these technologies.
Take containers, for example. Almost every second large customer already uses this technology somewhere. Still, they do not always understand what risks and threats are associated with it from a security point of view; many do not yet realize. The first thing that specialists in companies are concerned about is availability, and the second is safety.
The containers are so complex that they usually require special technical means to protect this new technology. When a customer, for example, has huge web services, there are hundreds of thousands of containers, then all this needs to be secured, and new threat vectors that are relevant for these environments must be closed. Check Point is developing a separate area that includes all the company’s cloud products, which probably have many changes. New products appear, new opportunities arise
This family of products is called CloudGuard and covers a wide variety of areas. For example, a year ago, a WAF appeared in Check Point’s arsenal, which operates at the customer’s site and is managed through a cloud console. All traffic is processed within the company loop. All confidential information is contained there, but at the same time, the customer is provided with easy-to-use cloud management for WAF.
There is also Cloud Security Posture Management, part of the CloudGuard Cloud-Native Security platform, which automates the management of resources and services across multiple cloud environments, including visualizing and assessing protection status, detecting erroneous configurations, and implementing security best practices, and compliance with requirements. Another solution is for detecting various traffic anomalies.
For example, when a customer has a Kubernetes cluster or a public cloud, it is often not at all clear what is happening there, how different regions, different virtual machines, different containers, etc., communicate with each other. To solve this problem and for the customer to understand what is happening in his public cloud, there is just a separate product in the CloudGuard family.
The CloudGuard family includes a virtual firewall that can easily deploy to any cloud. In the same place, you can deploy, for example, CloudManagement, connect it all, or use the ready-made CloudManagement from Check Point, and then the customer can protect the perimeter, say, in the Azure cloud, or connect a huge number of their regions, branches to a single point, create a single VPN cloud to continue to manage it all.
Plus, this gateway can be run in almost any existing cloud, private or public. Moreover, the functionality will be the same everywhere. In terms of new products, protection of new services, it offers CloudGuard Native or CloudGuard WorkLoad. It includes several different products that are just sharpened to protect modern technologies, such as the development cycle.
In programming, there is a term – shift left, when a team of testers is involved at an early stage of software development. Therefore, they can clearly understand the requirements and architecture of the software and develop test cases early on.
This makes it possible for the customer to make his new service and application as safe as possible. Here, one of the parts is the protection of the cloud provider itself; in fact, it is the protection of the customer from direct financial losses. If a customer’s account in a public cloud is hacked, then there are many examples of what this can lead to.
So, when Tesla was hacked, they began to mine cryptocurrency on a huge number of machines. It happens that a customer publishes a service, forgets to protect it, apply encryption, and the next morning he may receive an invoice, say,
To combat such cases, for the customer to understand what is happening in the public cloud, he can inventory all assets and settings in the public cloud; there is the CloudGuard Posture Management product already mentioned above. Moreover, from the point of view of Check Point cloud products, everything is as simple as possible in the context of pilot projects and demonstrations. Everything is automated and is done literally with one click.
CloudGuard also allows you to perform traffic analysis. When there is a certain Kubernetes cluster, you need to understand how different services and containers exchange data with the customer in his cluster. If there are any anomalies, this can be done using traffic analysis. The solution aggregates all log files of the customer’s traffic to the cloud console, thus analyzing various anomalies. This allows you to investigate incidents using ready-made inquiries.
As for Kubernetes itself, it may have some vulnerabilities, and from the point of view of this technology itself. Among hundreds of containers, one may contain some exposure. If it allows you to get inside this cluster, and if there are no restrictions inside, then, as practice shows, such a vulnerable container can scan the entire cluster and understand where there is critical data, intercept it and send it outside.
To combat this problem, you need to integrate with the Kubernetes cluster itself, deploy several Check Point containers there, and they will already protect this cluster. For example, they will scan for vulnerabilities inside the container; they will review the source code inside the container and monitor the behavior of this container.
One more point needs to be mentioned. This is licensing itself. It is as simple as possible; that is, there is a license that, one might say, contains tokens, and you can choose a license with a certain number of tickets.