Check Point Software Technologies this week launched a big data analytics platform providing analytics to give cybersecurity professionals visibility into every application and system they have deployed on the Amazon Web Services (AWS) public cloud.
Zohar Alon, head of the cloud product line for Check Point, said the CloudGuard Log.ic service combines a Check Point engine that collates data from a variety of sources, including VPC Flow Logs, with big data technologies and management tools provided by Amazon Web Services (AWS). Together, they make up an analytics platform capable of tracking every event that occurs in near real time. The result is instant visibility into all relationships between applications and the underlying AWS infrastructure, he said.
Cybersecurity teams can feed that data back into Check Point gateways to block traffic or suspend an end user’s ability to exfiltrate data, he said.
CloudGuard Log.ic’s ability to leverage flow logs is what makes it unique, Alon noted. The Check Point service turns what otherwise would be meaningless data into actionable intelligence. That approach isn’t intended to replace a security information event management (SIEM) platform, but it does provide a means through which cybersecurity professionals can leverage a cloud service that runs on the same cloud where their applications are deployed.
Cybersecurity concerns remain the primary reason many organizations are reluctant to deploy an application on a public cloud. The issue has nothing to do with whether public clouds are any less secure than an on-premises IT environment; in general, public cloud infrastructure has shown itself to be more secure than the average on-premises IT environment. The issue is that cybersecurity professionals lack visibility into those public clouds, which makes it challenging to ensure best cybersecurity practices are being enforced. For example, more than a few developers have inadvertently either left open ports on a cloud service or forgotten to encrypt sensitive data.
Alon said CloudGuard Log.ic makes it possible for cybersecurity teams to ensure policies are being enforced and, in the event of a breach, immediately determine how and where workloads running on AWS are being affected. Armed with that intelligence, the cybersecurity team can move to mitigate an issue quickly without having to wait for a developer to explain how a specific application has been deployed, he noted.
That approach enables organizations to shift more responsibility for implementing cybersecurity controls on to the shoulders of developers, while giving cybersecurity teams the tools they need to verify those controls have been implemented.
Currently, cybersecurity teams are challenged by the number of clouds on which workloads are being deployed. The need to be able to centrally apply cybersecurity analytics across multiple clouds will arise. In the meantime, cybersecurity teams can take some solace in the fact that there is now an analytics tool tailored to meet their needs on the most widely used public cloud.