Unleash the Power of Cloud Security – 300% Performance Improvement with CloudGuard IaaS

By Amir Kaushansky, Sr. Product Manager, Cloud Security

 

We all want a higher network performance. We all want a better price-performance ratio, and we all want all of it for free.

 

As desirable as that may be, the cold reality is that higher network performance requires an investment in special hardware or more hardware (for more processing power).

 

Check Point’s CloudGuard IaaS latest update changes that equation.

 

New Software Update Delivers Industry-Leading Threat Prevention and Winning Performance

 

Check Point recently released a new version of CloudGuard IaaS that allows its enterprise customers to enjoy significantly higher performances and better security across data centers and public and private cloud environments.

 

CloudGuard IaaS new features include:

 

Performance: CloudGuard IaaS delivers performance enhancements rapidly. The new cloud security gateway, based on Check Point’s latest R80.20 software release, achieves up to 300% performance improvement compared to previous release, as measured by network throughput with security capabilities enabled. Customers can often expect more than double the performance of leading competitors.

 

Robust Threat Prevention: CloudGuard IaaS R80.20 has added over three AI engines to its impressive threat prevention capabilities, delivering higher-precision verdicts (‘HUNTRESS’), and blocking more zero-day attacks through its threat emulation and threat extraction. The gateway uses the new ‘CADET’ context-aware detection to achieve a tenfold reduction in false positive rates, and discovers even unknown bots and malicious domains using ‘Campaign Hunting’ predictive IOCs.

 

Support for New Machines: Keeping pace with the innovation driven by cloud service providers, the new Check Point cloud security gateways now support all the new VM models offered by leading cloud vendors, such as the C5 instance type from Amazon Web Services (AWS), and Microsoft Azure VMs with accelerated networking.

 

Customers enjoy the benefits of Check Point’s powerful security capabilities without compromising on performance.

 

The First Certified Azure-Accelerated-Networking Compliant Vendor

 

Recently, Microsoft released support for SR-IOV, an accelerated networking in Azure. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. This high-performance path bypasses the host from the data path, reducing latency, jitter, and CPU utilization, for use with the most demanding network workloads on supported VM types.

 

The following picture shows communication between two VMs with and without accelerated networking:

 

 

Accelerated networking means network traffic arrives at the VM’s network interface (NIC), and is then forwarded to the VM. All network policies that the virtual switch applies are now offloaded and applied in the hardware. Applying policy in hardware enables the NIC to forward network traffic directly to the VM, bypassing the host and the virtual switch, while maintaining all the policy it applied in the host.

 

End-to-End Workloads Protection with AWS Transit Gateway

 

AWS Transit Gateway (TGW) is a new service on AWS that allows customers to connect multiple Virtual Private Clouds (VPCs) in a scalable manner, reshaping transit VPCs. TGW allows traffic to flow between VPCs without requiring transit through the public internet.

 

 

 

 

AWS Transit Gateway allows a single connection from the central gateway in to each Amazon VPC, on-premises data center, or remote office across the network. It acts as a hub that routes traffic on all the connected networks which act like spokes. This hub and spoke model simplifies management and reduces operational costs because each network only has to connect to the Transit Gateway to talk to each other and not use the internet or other methods like VPC peering. New VPCs are connected to the Transit Gateway and are therefore automatically available to every other network. This ease of connectivity simplifies network scaling as you grow.

 

The latest version of CloudGuard IaaS supports AWS Transit Gateway, offering end-to-end protection for enterprise workloads sitting in AWS VPCs.

 

AWS Transit Gateway with CloudGuard IaaS:

 

  1. Simplifies the interconnecting of VPCs at scale and offers built-in routing capabilities
  2. Provides security auto scaling which enables you to receive just the right amount of throughput for you cloud environment, accompanying your growth
  3. Is very easy to deploy using a CloudFormation template which is a part of the Check Point Cloud Security Blue Print

 

CloudGuard IaaS’ advanced security capabilities and highest performance are now available in leading public cloud marketplaces including Microsoft Azure, AWS , Google Cloud Platform, Oracle Cloud, Alibaba Cloud.

 

The latest version of CloudGuard Iaas is also available in private cloud environments.