check point cloudguard - amazon web services · digital advertising campaign on aws ©2017 check...
Post on 24-Aug-2020
0 Views
Preview:
TRANSCRIPT
1©2017 Check Point Software Technologies Ltd. ©2017 Check Point Software Technologies Ltd.
Kevin Malesky
Cloud Security Specialist
CHECK POINT CLOUDGUARD
2©2018 Check Point Software Technologies Ltd.
HOW EXPOSED ARE WE
REALLY IN THE
CLOUD?
3©2018 Check Point Software Technologies Ltd.
OUR CLOUD ENVIRONMENT
Internet
4©2018 Check Point Software Technologies Ltd.
WITHIN THE FIRST 15 MINUTESHouston we have a problem . . .
5©2018 Check Point Software Technologies Ltd.
AFTER 7 DAYS . . .Oh won’t you please be my neighbor . . .
~4 million attacks recorded!
6©2017 Check Point Software Technologies Ltd.
A TRUE STORY…
[Internal Use] for Check Point employees
https://research.checkpoint.com/hey-you-get-off-of-my-cloud/
48153050100150200250 Servers(!!!)
$500,000 Loss
Digital Advertising campaign on AWS
7©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
Customer responsible for security in the cloud
Cloud vendor responsible for security of the cloud
CLOUD = SHARED RESPONSIBILITY
Cloud Global Infrastructure
Regions
Availability Zones
Edge Locations
Compute Storage Database Networking
Customer Data
Platform, Applications, IAM
Operating System, Network and FW Configs
Client-side Data Encryption & Data
Integrity Authentication
Server-side Encryption (File System / Data)
Network Traffic Protection (Encryption,
Integrity, Identity)
8©2017 Check Point Software Technologies Ltd.
NO Threat Prevention in real time (L4-L7 protections)
NO unified management for all Clouds & Traditional Data Center
NO Identity based authentication access to applications
NO URL Filtering
NO Threat Extraction and Zero-day Sandboxing
WHERE CLOUD NATIVE SECURITY FALLS SHORT
9©2017 Check Point Software Technologies Ltd.
Lateral threat movements
Data breach due to misconfiguration
Abuse of cloud services
API hacking
Malicious insiders
THIS MIGHT EXPOSE YOU TO…
10©2017 Check Point Software Technologies Ltd. [Restricted] for designated teams
ACI
Consistent security policy and control across ALL Public and Private Clouds
11©2017 Check Point Software Technologies Ltd.
CloudGuard IaaS BUILDING BLOCKS
Centralized Management
Advanced Threat Prevention
Cloud Diversity
DevOps Ready
Adaptive and Automatic
12©2017 Check Point Software Technologies Ltd.
Cloud
Northbound-HUB
SPOKE-1 SPOKE-2
CloudGuard IaaS Auto-Scale
CloudGuardIaaS-N
CloudGuardIaaS-1
…..
SPOKE-N…
Southbound-HUB
CloudGuard IaaS Cluster
WWWLoad Balancer
Load Balancer
[Internal Use] for Check Point employees
THE HUB & SPOKE ARCHITECTURE (TRANSIT)
Load Balancer
SPOKE-3
VPN
Co
rpo
rate
• Northbound security auto-scales
• Southbound security deployed
in high-availability
• Supported Clouds
• Azure Transit- vNET
• AWS Transit - VPC
CloudGuardIaaS - 2
CloudGuardIaaS - 1
13©2017 Check Point Software Technologies Ltd.
COMPREHENSIVE SECURITY ARCHITECTURE
Headquarters
Remote Employees Branch
Private Cloud & SDN SAASPublic IAAS
14©2017 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
SUMMARYCloud “Best Practices” are foggy
Bad guys are everywhere (still)
Cloud Native Controls are good, but…
Own your security!
You can get burned when it’s cloudy, protect yourself!
15©2017 Check Point Software Technologies Ltd. ©2017 Check Point Software Technologies Ltd.
THANK YOU
top related