CLOUDGUARD IAAS

Thierry Silly – Check Point SE

©2018 Check Point

©2018 Software
Check Point Technologies Ltd.
Software Technologies Ltd. 1
IT leaders worry about cloud security (dimensional Research survey)

62% : on-premises security is better than in the cloud

63% : existing security don’t integrate with Devops
48% : Security haven’t changed and remain the bottleneck

We must be able to do better than that…

©2018 Check Point Software Technologies Ltd. 2

Traditional Security is Not Designed for Cloud

Static workloads

Manually intensive

DevOps don't know Security

IT Security doesn't know Cloud

©2018 Check Point Software Technologies Ltd. 3

 IT’S TIME FOR A

NEW SECURITY MODEL

©2018 Check Point Software Technologies Ltd. 4

Cloud: One word, one idea, but different realities

Hybrid Cloud
Private Cloud Public Cloud

©2018 Check Point Software Technologies Ltd. 5

 Check Point CloudGuard
ADVANCED THREAT PREVENTION FOR CLOUD ENVIRONMENT

©2018 Check Point Software Technologies Ltd. 6

Would you Secure your Datacenter with Simple access lists ?
CLOUDGUARD PROTECTS YOUR CLOUD WITH THE INDUSTRY’S BEST THREATS CATCH-RATE

Forensic Analysis

Advanced Threat Prevention

Application and Data Security

Next Generation Firewall

Cloud Vendor Access Rule

©2018 Check Point Software Technologies Ltd. 7

CloudGuard brings Advanced Protection for your clouds

Forensics

Threat Emulation Threat Extraction Zero-Day

Antivirus Anti-bot Filtering DLP Anti-Spam

Identity
Firewall IPS App Control Awareness VPN Multi-cloud

Basic Firewall / Access Rule

©2018 Check Point Software Technologies Ltd. 8

CloudGuard Family

Public
Cloud

Hybrid
Cloud SDN
Private
Cloud

ACI
©2018 Check Point Software Technologies Ltd. 9
 R80.10 & Cloudguard controler : THE REAL DIFFERENCE

API CLI

Front End Delegation

Connectors Automation

Orchestrati Scripts
on

AUTOMATION, ORCHESTRATIONS, INTEGRATION

ACROSS ALL CLOUDS
©2018 Check Point Software Technologies Ltd. 10
PRIVATE CLOUD

©2018 Check Point Software Technologies Ltd.

Private Cloud : Automated UNIFIED security

Micro segmentation Automation Dynamic updates Visibility

With &
threat protection orchestration

CISCO ACI
Automating security
inside the Datacenter
©2018 Check Point Software Technologies Ltd. 12
 Use Case : Shared Operations Private Cloud
Ordered layers for secure delegation

Managed by
Security
For control
Automation for Agility
Managed by A A A A A A

Devops
p p p p p p
p p p p p p

Automated A
p
p
A
p
p
A
p
p
A
p
p
A
p
p
A
p
p

Full visibility for control

Business Oriented, Fast and Secure

©2018 Check Point Software Technologies Ltd. 13
SECURITY THAT ENABLES INNOVATION

Reduce security tickets Application owner Policy is updated when

by 60% never waits application is deleted

DevOps and IT Security Easy to secure and connect Applications are protected
speaks the same language Multi-clouds application with the best security

©2018 Check Point Software Technologies Ltd. 14

PUBLIC CLOUD

©2018 Check Point Software Technologies Ltd.

 Would
you
expose
your safe
in the
street ?
©2018 Check Point Software Technologies Ltd. 16
Public Cloud : UNIFIED security extended

Secure extension Segmentation Protection Secure Access

Security
Firewall
Application
Control
URLF Visibility
Scalability
Anti-Virus
IPS
Threat
Emulation
Anti-Bot

Orchestration
©2018 Check Point Software Technologies Ltd. 17
CLOUD SECURITY BLUEPRINT - ARCHITECTURE

Northbound
Hub

Spoke 1 Spoke 2 Spoke 3 … Spoke N

Southbound Hub

VPN

©2018 Check Point Software Technologies Ltd. 18

THE HUB & SPOKE ARCHITECTURE (TRANSIT)

• Advanced threat protection Cloud

on perimeter
Northbound HUB
• North-South & East-West
security is controlled by
WWW
security admin SPOKE 1 SPOKE 2 …. SPOKE N

• Inside spoke security

controlled by DevOps

Southbound HUB VPN

©2018 Check Point Software Technologies Ltd. 19

THE HUB & SPOKE ARCHITECTURE (TRANSIT)

Cloud

Northbound-HUB

• Northbound security auto-scales Load Balancer

CloudGuard IaaS
• Southbound security deployed Auto-Scale
CloudGuard
IaaS-1
….. CloudGuard
IaaS-N

in high-availability

• Supported Clouds
Load Balancer

SPOKE-1 SPOKE-2
Load Balancer

SPOKE-3 … SPOKE-N
WWW
• Azure Transit- vNET
• AWS Transit - VPC
CloudGuard IaaS
Cluster

Corporate
CloudGuard
IaaS - 1
CloudGuard
IaaS - 2
VPN
Southbound-HUB

©2018 Check Point Software Technologies Ltd. 20

MULTI & HYBRID CLOUD ENVIRONMENTS
AWS
Northbound-HUB
….. WWW
WEB APP SPOKE-3

Southbound-HUB
Azure Google
Northbound-HUB Northbound-HUB
….. …..

VPN
DB AAD SPOKE-3 WEB APP SPOKE-3

VPN VPN
Southbound-HUB Southbound-HUB

VPN

©2018 Check Point Software Technologies Ltd. 21

CHECK POINT’S CLOUD SECURITY BLUEPRINT

• Agile - security architecture that enables DevOps innovation

• Automatic - security architecture provisioning
• Efficient – automatically deploy, provision & scale security in the Cloud
• Control - Security admins gain full visibility of east-west and north-south traffic
• Multi-Clouds – unified security architecture for all environments

©2018 Check Point Software Technologies Ltd. 22

 UNIFIED SECURITY FOR ALL CLOUDS

PROTECTION
Headquarters AT THE SPEED
Remote Employees Branch OF DEVOPS

Private Cloud & SDN Public IAAS SAAS

©2018 Check Point Software Technologies Ltd. 23

©2018 Check Point Software Technologies Ltd. 24
 THANK YOU

©2018 Check Point

©2018 Software
Check Point Technologies Ltd.
Software Technologies Ltd. 25