2018 06 Presentation Cloudguard IaaS de Checkpoint
- 1. 1©2018 Check Point Software Technologies Ltd.©2018 Check Point Software Technologies Ltd.
Thierry Silly – Check Point SE
CLOUDGUARD IAAS
- 2. 2©2018 Check Point Software Technologies Ltd.
IT leaders worry about cloud security (dimensional Research survey)
62% : on-premises security is better than in the cloud
63% : existing security don’t integrate with Devops
48% : Security haven’t changed and remain the bottleneck
We must be able to do better than that…
- 3. 3©2018 Check Point Software Technologies Ltd.
Traditional Security is Not Designed for Cloud
Static workloads
Manually intensive
DevOps don't know Security
IT Security doesn't know Cloud
- 5. 5©2018 Check Point Software Technologies Ltd.
Private Cloud Public Cloud
Hybrid Cloud
Cloud: One word, one idea, but different realities
- 6. 6©2018 Check Point Software Technologies Ltd.
ADVANCED THREAT PREVENTION FOR CLOUD ENVIRONMENT
Check Point CloudGuard
- 7. 7©2018 Check Point Software Technologies Ltd.
Access Rule
Next Generation Firewall
Application and Data Security
Advanced Threat Prevention
Forensic Analysis
Cloud Vendor
Would you Secure your Datacenter with Simple access lists ?
CLOUDGUARD PROTECTS YOUR CLOUD WITH THE INDUSTRY’S BEST THREATS CATCH-RATE
- 8. 8©2018 Check Point Software Technologies Ltd.
CloudGuard brings Advanced Protection for your clouds
Basic Firewall / Access Rule
Firewall IPS App Control
DLP
Zero-Day
Anti-bot
Forensics
FilteringAntivirus
Threat Emulation Threat Extraction
Multi-cloudVPN
Identity
Awareness
Anti-Spam
- 9. 9©2018 Check Point Software Technologies Ltd.
ACI
SDN
Public
Cloud
Private
Cloud
Hybrid
Cloud
CloudGuard Family
- 10. 10©2018 Check Point Software Technologies Ltd.
R80.10 & Cloudguard controler : THE REAL DIFFERENCE
API CLI
Connectors
Delegation
Automation
Orchestrati
on
Front End
Scripts
AUTOMATION, ORCHESTRATIONS, INTEGRATION
ACROSS ALL CLOUDS
- 12. 12©2018 Check Point Software Technologies Ltd.
Micro segmentation
With
threat protection
Automation
&
orchestration
Dynamic updates Visibility
CISCO ACI
Automating security
inside the Datacenter
Private Cloud : Automated UNIFIED security
- 13. 13©2018 Check Point Software Technologies Ltd.
Use Case : Shared Operations Private Cloud
A
p
p
A
p
p
A
p
p
A
p
p
A
p
p
A
p
p
A
p
p
A
p
p
A
p
p
A
p
p
A
p
p
A
p
p
Managed by
Security
For control
Managed by
Devops
Automated
Ordered layers for secure delegation
Automation for Agility
Full visibility for control
Business Oriented, Fast and Secure
- 14. 14©2018 Check Point Software Technologies Ltd.
SECURITY THAT ENABLES INNOVATION
Easy to secure and connect
Multi-clouds application
Applications are protected
with the best security
DevOps and IT Security
speaks the same language
Policy is updated when
application is deleted
Application owner
never waits
Reduce security tickets
by 60%
- 17. 17©2018 Check Point Software Technologies Ltd.
Public Cloud : UNIFIED security extended
Firewall
Anti-Virus
Anti-Bot
Application
Control
IPS
Threat
Emulation
URLF
Secure extension Segmentation Protection Secure Access
Security
Visibility
Scalability
Orchestration
- 18. 18©2018 Check Point Software Technologies Ltd.
CLOUD SECURITY BLUEPRINT - ARCHITECTURE
Northbound
Hub
Southbound Hub
Spoke 1 Spoke 2 Spoke 3 Spoke N…
VPN
- 19. 19©2018 Check Point Software Technologies Ltd.
THE HUB & SPOKE ARCHITECTURE (TRANSIT)
Cloud
Northbound HUB
Southbound HUB
SPOKE 1 SPOKE 2 SPOKE N…. WWW
VPN
• Advanced threat protection
on perimeter
• North-South & East-West
security is controlled by
security admin
• Inside spoke security
controlled by DevOps
- 20. 20©2018 Check Point Software Technologies Ltd.
Cloud
Northbound-HUB
SPOKE-1 SPOKE-2
CloudGuard IaaS
Auto-Scale
CloudGuard
IaaS-N
CloudGuard
IaaS-1
…..
SPOKE-N…
Southbound-HUB
CloudGuard IaaS
Cluster
WWWLoad Balancer
Load Balancer
THE HUB & SPOKE ARCHITECTURE (TRANSIT)
Load Balancer
SPOKE-3
VPN
Corporate
• Northbound security auto-scales
• Southbound security deployed
in high-availability
• Supported Clouds
• Azure Transit- vNET
• AWS Transit - VPC
CloudGuard
IaaS - 2
CloudGuard
IaaS - 1
- 21. 21©2018 Check Point Software Technologies Ltd.
MULTI & HYBRID CLOUD ENVIRONMENTS
Southbound-HUB
Southbound-HUB
Northbound-HUB
Northbound-HUB
…..
VPN
WEB APP SPOKE-3
VPN
…..
DB AAD SPOKE-3
VPN
…..
Northbound-HUB
WEB APP SPOKE-3
Southbound-HUB
Azure
AWS
Google
VPN
WWW
- 22. 22©2018 Check Point Software Technologies Ltd.
• Agile - security architecture that enables DevOps innovation
• Automatic - security architecture provisioning
• Efficient – automatically deploy, provision & scale security in the Cloud
• Control - Security admins gain full visibility of east-west and north-south traffic
• Multi-Clouds – unified security architecture for all environments
CHECK POINT’S CLOUD SECURITY BLUEPRINT
- 23. 23©2018 Check Point Software Technologies Ltd.
Headquarters
Remote Employees Branch
Private Cloud & SDN SAASPublic IAAS
UNIFIED SECURITY FOR ALL CLOUDS
PROTECTION
AT THE SPEED
OF DEVOPS
- 25. 25©2018 Check Point Software Technologies Ltd.©2018 Check Point Software Technologies Ltd.
THANK YOU