By Jonathan Maresky, Product Marketing Manager, Cloudguard IaaS, published August 14, 2019

 

Check Point CloudGuard IaaS for AWS delivers advanced, multi-layered cloud network security and protects cloud assets in Amazon Web Services (AWS) and hybrid environments.

This blog explains the CloudGuard IaaS offerings that are available in the AWS Marketplace

AWS Marketplace (source: AWS Marketplace webpage)

What is the AWS Marketplace?

According to AWS, the AWS Marketplace “enables qualified partners to market and sell their software to AWS Customers. AWS Marketplace is an online software store that helps customers find, buy, and immediately start using the software and services that run on AWS.”

There are currently over 4700 different offerings in the AWS Marketplace by different vendors, in different categories and with various pricing plans and delivery methods.

AWS Marketplace is particularly useful as a self-service portal, where AWS customers can choose, trial and purchase solutions from AWS partners, but without the additional overhead which is often associated with lengthy contract and pricing negotiations. Customers who purchase third-party solutions in the Marketplace pay AWS for these purchases as part of their regular monthly bills; AWS then pays the partners.

What CloudGuard IaaS offerings are available in the AWS Marketplace?

There are currently 6 different CloudGuard IaaS offerings that are available in the AWS Marketplace.

The differences between these offerings are due to:

  • Functionality:
    • Next Generation Firewall with Threat Prevention (also known as NGTP): This security gateway includes Firewall, IPS, Application Control, IPsec VPN, Antivirus, Anti-Bot, and Data Loss Prevention
    • Next Generation Firewall with Threat Prevention with Sandblast (also known as NGTX): This security gateway includes all features of the previous security gateway and adds Threat Extraction (which removes exploitable content & promptly delivers sanitized content to users) and Threat Emulation (which prevents infections from new malware & targeted attacks using threat sandboxing with the best possible catch rate, and is virtually immune to evasion techniques).
    • Management: Security Gateways are managed from a central Security Management Server which provides consistent security policy management, enforcement, and reporting within a single pane of glass.
    • (Note that certain offerings in the AWS Marketplace include only the security gateway, others include only the management server, and one offering –CloudGuard IaaS All-In-One – includes both)
  • Pricing models:
    • PAYG: Pay-as-you-go pricing allows you to pay only for what you use. The AWS Marketplace pricing reflects the complete price of using Check Point’s offering: payment to Check Point for the software license and payment to AWS for the AWS infrastructure resources consumed.
    • BYOL: Customers who have already obtained a software license from Check Point can use these licenses; the AWS Marketplace BYOL pricing is paid to AWS for the AWS infrastructure resources consumed.

Note also that different offerings also support different sets of AWS instances.

The table below shows the differences between the six CloudGuard IaaS offerings in the AWS Marketplace, as well as the instances supported by each offering.

CloudGuard IaaS Next-Gen Firewall with Threat Prevention CloudGuard IaaS Next-Gen Firewall with Threat Prevention and SandBlast (BYOL) CloudGuard IaaS Next-Gen Firewall with Threat Prevention and SandBlast CloudGuard IaaS All-In-One  CloudGuard IaaS Security Management CloudGuard IaaS Security Management (BYOL)
PAYG/BYOL PAYG BYOL PAYG PAYG PAYG BYOL
Gateway Functionality Threat Prevention Threat Prevention OR

Threat Prevention and Sandblast (depends on customer’s existing license)

 Threat Prevention and Sandblast Threat Prevention and Sandblast Not included Not included
Security Management Functionality Not included.

Choose one of the CloudGuard IaaS Security Management offerings

 Not included.

Choose one of the CloudGuard IaaS Security Management offerings

 Not included.

Choose one of the CloudGuard IaaS Security Management offerings

 Included Included Included
Supported instances c5.large
c5.xlarge
c5.2xlarge
c5.4xlarge
c5.9xlarge
c5.18xlarge		 c5.large
c5.xlarge
c5.2xlarge
c5.4xlarge
c5.9xlarge
c5.18xlarge		 c5.large
c5.xlarge
c5.2xlarge
c5.4xlarge
c5.9xlarge
c5.18xlarge		 t2.xlarge
t2.2xlarge
m3.medium
m4.large
m4.xlarge
m4.2xlarge
m4.4xlarge
m4.10xlarge
c4.large
c4.xlarge
c4.2xlarge
c4.4xlarge
c4.8xlarge		 m5.large
m5.xlarge
m5.2xlarge
m5.4xlarge
m5.12xlarge
m5.24xlarge		 m5.large
m5.xlarge
m5.2xlarge
m5.4xlarge
m5.12xlarge
m5.24xlarge

The AWS Marketplace offerings allow you to deploy a single gateway each time.

For AWS Cloudformation templates or more comprehensive deployments (including Auto-Scaling, High Availability, etc.), please refer to sk111013.

For more information on:

  • AWS Marketplace: The main page is here
  • CloudGuard IaaS: See the product page here
  • AWS Cloudformation templates and more comprehensive deployments: see here
  • The Check Point Secure Cloud Blueprint, which outlines the five main principles for building a secure cloud environment: see here
  • CloudGuard Dome9 provides cloud visibility, continuous compliance and protects against identity theft and data loss in the cloud: see the product page here

For a free trial of CloudGuard IaaS, visit one of the links above or go to the Check Point page in the AWS Marketplace.

 

 

 

You may also like