By Hezi Bahry, Product Manager, CloudGuard IaaS, published March 16, 2020
At Check Point we continually improve our products with new features and functionality.
Some of these improvements are as a result of customer requests.
Some are needed to ensure that CloudGuard IaaS is fully up-to-date with new features and changes implemented by the public and private cloud vendors. Other improvements are driven by our commitment to provide the best cloud security to our customers, while at the same time ensuring it is easy to use and provides great value.
Earlier this year, Check Point released the latest version of Unified Security, R80.40, which brings major improvements to CloudGuard IaaS.
R80.40 helps improve the efficiency of cloud security engineers, harden threat prevention security for your entire organization and enhance automation of daily tasks and operations.
This blog will provide a few highlights of the improvements made in the latest release.
We recommend that CloudGuard IaaS customers upgrade to R80.40 Unified Security to take advantage of all the improvements.
Efficiency highlights from R80.40 include:
- In a similar way to the automatic updates of the Threat Emulation engines, you can now receive Threat Extraction updates automatically! Threat Extraction removes exploitable content and promptly delivers sanitized content to users without impacting the user experience.
- One of the competitive advantages of CloudGuard IaaS is the way it provides a unified policy for its customers. R80.40 adds a new dedicated HTTPS inspection policy layer within the SmartConsole for securing and inspecting encrypted traffic. This allows cloud security engineers to easily define an HTTPS inspection policy, use different HTTPS inspection layers in different policy packages, and share the HTTPS inspection layer across multiple policy packages.
Threat Prevention security highlights from R80.40 include:
- Dynamic, domain and updatable objects. These objects can now be used in Threat Prevention and TLS Inspection policies, for external services or a known dynamic list of IP addresses and Geo objects.
- Advanced Anti-Virus, SandBlast Threat Emulation and e-mail traffic inspection. See here for details. Threat Emulation prevents infections from new malware and targeted attacks using threat sandboxing with the best possible catch rate; this is also virtually immune to evasion techniques.
- HTTP/2: CloudGuard IaaS now supports HTTP/2 and provides better speed and efficiency with full security of all Threat Prevention and Access Control technologies, as well as new protections for the HTTP/2 protocol. Support is for both clear and SSL encrypted traffic and is fully integrated with HTTPS Inspection capabilities.
CloudGuard IaaS supports DevOps practices and promotes increased automation to enable rapid and efficient deployment:
- It is cloud-native and seamlessly integrates with native cloud vendor controls
- It promotes automation of processes using wide variety of APIs
- It supports Infrastructure As Code practices
Automation highlights from R80.40 include:
- Over 50 new management APIs, including authentication management, command management, upgrade capabilities, TLS operations and extended commands for Data Center Server objects.
- A new API for HTTPS inspection operations.
- Extending the CloudGuard Controller API, allowing cloud security engineers the ability to automatically create a full deployment, end-to-end.
- A batch object API, which significantly increases API performance. With the batch object API, object creation time is reduced by up to 92% and object deletion time is reduced by up to 87%.
- Authentication of API Keys.
- Integrations with leading Infrastructure as Code providers Ansible and Terraform allow cloud security engineers to automate the response to security threats, automate provisioning of security gateways and routine configuration tasks.
- CloudGuard IaaS Terraform templates for AWS and Azure customers can be found here.
In addition to this impressive list of improvements, we recently announced that Unified Security Management is now available as a cloud service. This allows customers to quickly deploy our unified security management across their entire network fabric from their web browser, with no deployment time needed, and no need for ongoing maintenance or manual updates.
If you have any feedback, requests or suggestions, please contact your local Check Point account representative or partner, or contact us here.
If you’re not yet a CloudGuard IaaS customer, you can schedule a demo with one of Check Point’s cloud security engineers here.
To understand how to design and implement secure cloud architectures, check out this white paper.