Check Point Software Technologies this week introduced a platform that integrates many of the tools necessary to protect workloads dispersed across multiple clouds.
CloudGuard Cloud Native Security, which provides automated security for cloud workloads, combines several types of data protection: cloud network security and threat prevention, compliance and posture management, threat intelligence, and web application and API protection. These features work together, meaning that they can share security context with the other capabilities, said Monier Jalal, head of product marketing for cloud security at Check Point.
Combining all of these capabilities makes a lot of sense in today's environment, said Frank Dickson, program vice president for security and trust at IDC. Most organizations have become technologically complex over time, using more and more cloud providers mixed with on-premises systems, and buying different security solutions to address each part of that complexity. Check Point is integrating several of these tools into a more integrated solution in an attempt to reduce that complexity, he said.
The specifics of each part of the solution include:
Cloud Network Security & Threat Prevention for micro-segmenting workloads. Ideal for containers, this capability protects north-south and east-west traffic to segmented workloads.
Developers working with containers can benefit from something like this, Dickson said.
"Writing code can often result in security issues related to configuration," he explained. "Think about the case of open S3 buckets in AWS, where an app developer intentionally left a bucket open. Those kinds of configuration issues are the vast majority of the weaknesses, being able to detect those configuration problems and fix those is increasingly important."
Cloud Security Posture Management provides compliance and posture management checks for cloud workloads. It can also auto-remediate security issues as they are discovered. According to Check Point, CloudGuard provides at-a-glance visibility across multicloud environments, enabling continuous analysis and control of their cloud security posture from integration and development to production environments.
Workload hardening for both serverless and container workloads. This includes protection from overly permissive workload access and detection of vulnerabilities and embedded threats inside the workload.
Integrated threat intelligence across clouds.
Automatic web application and API protection.
With these capabilities, CloudGuard can prevent advanced persistent threats (APTs) and zero-day attacks from infecting clouds and workloads, Jalal said.
"These threats can be introduced in any part of the modern application lifecycle. You can inject a vulnerability into application code during development or compromise a workload through a vulnerability at runtime," he explained. "With a unified platform, the security context of the workload is shared throughout the lifecycle. And with automation engrained into the platform, any issue that is found early in the development cycle by the CloudGuard platform can propagate in real time to protect similar assets that are in runtime."
Providing the same protection using multiple solutions at cloud speed is near to impossible, he added. "Let’s say a developer uses an open source package from GitHub for developing an application, and open source is maliciously infected, using a 'poison the well' attack strategy. CloudGuard would detect this early in the development lifecycle and propagate the security controls for protecting all similar workloads running with that open source in production."
While Check Point isn't the only security vendor actively working on these types of integrated solutions, it is on the right track, Dickson said.
"The key to these solutions is creating an offering that can be used across so many different use cases and solve a lot of problems," he said. "For example, organizations currently managing a virtualized data center but looking to move to the cloud would be good candidates.
"They could use this kind of solution to containerize their legacy applications currently in a data center. Then it becomes a lot easier to lift and shift to the cloud, he said.
