Whitepaper: Top AWS Cloud Security Mistakes, and How to Fix ThemDOWNLOAD NOW
Security and Posture Management
Visualize, automate, manage,
and remediate security and
compliance in AWS
Unified AWS
Cloud Security
Comprehensive, unified,
and elastic network and
workload security
Cloud Security
Intelligence
Advanced cloud
intelligence, threat hunting,
and forensics in AWS
3,000+
Loyal CloudGuard
Customers
85+
AWS
Compliance
Rulesets
300+
Cloud Native
Service Integrations
Enchanced AWS Security – Customer Success
“When deploying a multi-cloud environment, you need to have a consistent tool that plays across all the platforms. Using the cloud-agnostic CloudGuard service, I only need to train an individual on one set of tools and he can manage our total cloud environment very effectively.”
—Sreeni Kancharla, CIO & Sr. Group Director, Cadence
READ MORE
“We selected CloudGuard for Serverless to provide additional security, as it seamlessly integrated into our ever expanding use of AWS Lambda functions and helped automate security into our serverless infrastructure.”
—Brent Bane, Senior Cloud Architect, Best Friends Animal Society
READ MORE
“Check Point and AWS have released Xero from the constraints of traditional management and security practices. Together, we enable a strong, positive security culture across the business without limiting growth in any way.”
—Aaron McKeown, Head of Security Engineering and Architecture, Xero
READ MORE
“Sallie Mae protects its cloud perimeters and reports risk internally with Check Point CloudGuard. Sallie Mae has more than 100 AWS accounts and doesn’t have the capabilities to manually monitor each account individually. CloudGuard is easily scalable, provides security visibility and continuous compliance, and has become essential to report risk to Sallie Mae’s internal management team.”
—Andy Smith, Manager, Security Operations, Sallie Mae
READ MORE
“I totally would recommend CloudGuard Posture Management. The main reasoning would be to save time and headaches if you’re trying to properly secure your environment and get a handle on your external [SaaS] footprint.”
—Felix Deschamps, Principal DevOps Architect at Centrify
READ MORE
“We have not had to increase our headcount in moving to the cloud because of the comprehensive and easy network security and compliance CloudGuard Dome9 provides. We are cognizant that if we were still back in the old days, still in colo’s and afraid to make changes, we would not be in the position we are today, providing robust security in protecting the US food chain and building other applications for healthcare and federal agencies.”
—Eric Hoffman, President, Datastream Connexion
READ MORE
“Our clients know that they have a solution that is kept constantly up-to-date by Check Point, providing real-time prevention against known and emerging threats.”
—José María San José, CTO and CIO, X by Orange
READ MORE
AWS Security Everywhere at Scale and Speed
Check Point delivers unified and automated cloud native security on AWS multi-cloud environments, including network security and threat prevention, security posture management, workload and API protection, cloud intelligence, and threat hunting.
It is natively integrated with AWS Security Hub, AWS Lambda functions, Amazon VPC Flow Logs, Amazon GuardDuty, Amazon CloudWatch, and over 50 Amazon AWS services and security solutions.
Automating DevSecOps in AWS
CloudGuard provides DevOps teams the security that compliance demands—with the performance to keep teams moving forward. While protecting emerging threats to modern applications built on microservices, CloudGuard minimizes disruption to development processes. Integration with AWS Lambda and many other AWS native services allows enhanced security across all clouds, assets, and networks.
Recommended Resources
Better Together: AWS Security Services Integration
CloudGuard natively integrates with over 50 Amazon AWS services and security solutions, including AWS Security Hub, AWS Lambda functions, Amazon VPC flow logs, Amazon GuardDuty, and Amazon CloudWatch.
AWS Security Hub
Check Point CloudGuard solutions natively integrate with AWS Security Hub, providing AWS customers with better visibility into gaps in their security and compliance posture, as well as context-rich security intelligence for enhanced threat prevention. CloudGuard is also a design partner of AWS Security Hub.
Learn more
AWS Control Tower
AWS Control Tower allows for the creation of new AWS accounts in an AWS organization with best practices and guardrails in place that can be customized. CloudGuard can integrate with AWS Control Tower to automate the security of new AWS accounts being created. It uses the centralized logging model of AWS Control Tower to build an unified operational and security view across a multi-account environment.
Learn more
AWS Lambda
CloudGuard leverages AWS Lambda for auto-remediation capability through Cloudbots. The CloudBots platform is an open source project deployed in client’s cloud environment.
Learn more
Amazon Inspector
CloudGuard integrates the Amazon Inspector service into its security automation framework. With CloudGuard, AWS customers can ensure that Amazon Inspector is deployed and configured correctly in large-scale environments, and continuously monitor and act on findings.
CloudGuard also presents and apply findings from/to Amazon Inspector on protected assets, allowing an overview of compliance and Inspector findings in a single pane of glass.
Learn more
Amazon GuardDuty
The integration with Amazon GuardDuty provides contextual visibility into the findings directly from the entity explorer. This allows the user to quickly identify and correlate a resource with its configuration, networking and IAM settings, as well as host vulnerabilities and detected threats – dramatically shortening the time to prioritize and investigate alerts.
CloudGuard presents findings from Amazon GuardDuty on protected assets, allowing an overview of compliance and Amazon GuardDuty findings in a single pane of glass.
Learn more
Amazon VPC Flow Logs
CloudGuard taps into VPC flow log data and enables users to act on powerful security and operational insights based on network traffic. CloudGuard convert the VPC flow logs into cloud intelligence and contextualized insights for threat hunting and forensics in AWS. It also uses flow logs to detect malicious activity occurring within the network traffic.
Learn more
AWS CloudTrail Logs
CloudGuard tracks all API activity by consuming AWS CloudTrail logs and incorporates the feed into an independent third party audit. The CloudGuard audit trail provides timestamps and context of user activity for any
configuration change within the AWS environment.
Learn more
Amazon CloudWatch
With CloudGuard, you can reason on Amazon CloudWatch configurations and apply all the functionality in CloudGuard’s Compliance Engine—including exclusions, continuous monitoring, alerting, and reporting—on Amazon CloudWatch configurations and events.
Learn more
AWS IAM Access Analyzer
CloudGuard allows users to ingest findings from Amazon IAM Access Analyzer and apply all the functionality in CloudGuard’s Compliance Engine against those findings.
Learn more
AWS Config
CloudGuard allows you to ensure that AWS Config rules are enabled and that there were no configurational changes made to AWS Config Configurations, always keeping you in compliance to your regulatory requirements.
Learn more
Amazon SQS / Amazon SNS
CloudGuard leverages Amazon SNS and Amazon SQS for alerting and notifications that can be triggered from within the UI of each respective CloudGuard platform.
Learn more
AWS Gateway Load Balancer
CloudGuard integrates with AWS Gateway Load Balancer to make it easy for customers to deploy, scale and manage cloud network security gateways to complement and enhance AWS security.
Learn more
AWS Transit Gateway
AWS Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies the design and deployment of secure cloud environments.
Learn more
AWS CloudFormation
AWS CloudFormation enables AWS users to deploy resources on AWS via Infrastructure-As-Code. Check Point integrates with AWS CloudFormation to enable customer automation, and provides users with a broad and deep collection of CloudFormation templates to support all CloudGuard capabilities.
Learn more
AWS Outposts
The CloudGuard integration with AWS Outposts allows customers to deploy the same industry-leading cloud network security and advanced threat prevention they have in their AWS cloud to their on-premises deployments. Everything can be managed with a single-pane-of-glass by CloudGuard’s Unified Security Management.
Learn more
AWS Well-Architected Framework – M&G Lens Partner
The AWS Well-Architected Management & Governance Lens provides prescriptive guidance on key concepts and best practices for optimizing management and governance across AWS environments. This includes recommended combinations of AWS services and integrations with AWS Partner solutions. Check Point is highlighted in the M&G Lens.
Click here for more