Instant Observability into Cloud Threats with CloudGuard IaaS and Google Cloud Packet Mirroring

By Jonathan Maresky, Product Marketing Manager, CloudGuard IaaS, published Dec 10, 2019

Check Point secures over 100,000 organizations of all sizes from threats to their network, IoT, cloud and mobile devices. In the field of cloud security, Check Point is a leader and a trusted security advisor to customers in their migration and journey to the cloud.

CloudGuard IaaS is Check Point’s advanced threat prevention and network security solution for public, hybrid and private clouds, including support for Google Cloud.

Google Cloud recently announced Packet Mirroring, a virtual traffic mirroring capability that provides visibility into network packet traffic. CloudGuard IaaS is an integration partner for this new feature.

Packet Mirroring is intended to benefit customers by enabling visibility into traffic patterns that could indicate a cloud security threat, including network intrusions, compromised instances, data exfiltration or rogue users.

Passive traffic mirroring has long been a staple of traditional network architecture. Packet Mirroring now allows Google Cloud customers to enjoy the same level of network traffic profiling, cyber analytics and threat hunting capabilities. As the cloud is virtualized, mirroring can be provisioned automatically using cloud APIs.

How does the CloudGuard IaaS integration with Packet Mirroring benefit customers?

Consider this scenario:

You’re the network security architect of a large enterprise without an “official” Google Cloud deployment. You have limited cloud experience and no experience with Google Cloud at all.

A DevOps engineer emails you with an unexpected request to open a port. After investigation you discover that unbeknownst to you, her team has a Google Cloud account with a few applications already deployed for internal use.

Now that you are aware of this “shadow IT” account, you can’t ignore it, and you need to ensure it is secured. So you start to read up on Google Cloud, cloud security and all the different Google Cloud native and 3rd-party security solutions.

But this learning process will take time.

What can you do immediately in order to secure this unexpected deployment, with minimal effort, minimal experience, without disturbing the DevOps team and without impact to team’s existing applications and deployment?

The simplest option is to deploy a CloudGuard IaaS secure gateway in TAP mode, and use the web-based SaaS service to monitor the traffic flow and perform threat detection in the Google Cloud deployment.

The dashboard of CloudGuard IaaS in TAP mode

It’s that simple.

TAP mode deployment enables instant observability into traffic flows, threats and anomalies. It can be performed immediately, does not require any additional deployments, does not change traffic routing, has no impact on network performance or latency, does not impact the existing cloud deployment and can be performed without consulting the DevOps team.

CloudGuard IaaS in TAP mode feeds on the network packet mirroring data enabled by the Packet Mirroring integration. CloudGuard IaaS can also perform protocol fingerprinting, data flow analysis, anomaly detection, and leverages heuristics based on Check Point ThreatCloud’s vast threat intelligence as well as Artificial Intelligence to pinpoint cloud service vulnerabilities, attacks, compromises, and data exfiltration scenarios. Visualization, alerts, and detailed reports support decision making.

CloudGuard IaaS in TAP mode is also designed to allow customers to receive cloud cyber defense services from Check Point or from Check Point partners, including managed cyber security services, incident response, and threat hunting.

Once you have gained experience in cloud network security, it is easy to switch CloudGuard IaaS from TAP mode to normal inline mode in order to enable active traffic inspection, advanced threat prevention and industry-leading cloud network security.


For more information about Packet Mirroring, see here.

For more information about CloudGuard IaaS, see here.

For a 30-day trial of CloudGuard IaaS on Google Cloud Marketplace, see here.

For a demo of CloudGuard IaaS, see here.