AWS Marketplace offerings explained: CloudGuard adds AWS GWLB

By Jonathan Maresky, CloudGuard Product Manager, published April 14, 2021

The complexity of too many choices (source: The New York Times)

Too much choice is often confusing.

Think about all the different types of cereal, perfume, or even political parties in some countries.

However, often the multitude of choices is unavoidable.

For example, when flying to a far-away destination, you have to choose between multiple flight options, considering cost, duration of travel, number of legs, different airlines, comfort, layovers, etc.

This holds true for cloud marketplaces, like the AWS Marketplace.

With so many options to choose from, it is important to understand the listings. If you’d like to purchase CloudGuard to improve your AWS security with an industry-leading cloud network security solution, or even to get a 30-day free trial, you should understand the different offerings available to ensure that you get exactly what you need.

Check Point recently added three new offerings to the AWS Marketplace in order to provide AWS customers the opportunity to use CloudGuard with AWS Gateway Load Balancer (AWS GLB).

This blog post explains all the CloudGuard Network Security offerings in the AWS Marketplace and is an update to the previous explanatory blog post from August 2019.

Before I explain each offering, I will provide a little detail about the AWS Marketplace, CloudGuard Network Security, and AWS GWLB.

What is the AWS Marketplace?

AWS explains that the AWS Marketplace “enables qualified partners to market and sell their software to AWS Customers.”

In other words, AWS enables its customers to purchase software and services from 3rd party ISVs (Independent Software Vendors), Value-Added Resellers (VARs), and Systems Integrators (SIs) after these have been qualified by AWS.

AWS Marketplace (source: AWS Marketplace webpage)

Additionally, AWS writes that “AWS Marketplace is an online software store that helps customers find, buy, and immediately start using the software and services that run on AWS.” AWS Marketplace is a great win-win as it supports the AWS ecosystem of partners, provides easy-to-use services to AWS customers and improves the usability of AWS services.

There are currently over 16,000 different offerings in the AWS Marketplace, from over two thousand vendors, in eight different categories, with twelve pricing plans and eight delivery methods.

AWS Marketplace is a self-service portal for customers to choose, trial and purchase solutions from AWS partners, but without the additional overhead which is often associated with lengthy contract and pricing negotiations. Customers who purchase third-party services or solutions in the Marketplace pay AWS for these purchases as part of their regular monthly bills; AWS then pays the thrid-party partners.

What is CloudGuard Network Security?

CloudGuard Network Security (CGNS) is a cloud-native security gateway which delivers industry-leading advanced threat prevention and multi-layered network security for all public, private and hybrid cloud deployments.

 

High-level architecture diagram of CloudGuard Network Security for public clouds

Threat prevention security features include Firewall, DLP, IPS, Application Control, IPsec VPN, Antivirus and Anti-Bot, Threat Extraction and Threat Emulation.

Integrated with leading configuration management tools, CloudGuard enables rapid deployment and supports full automation to support CI/CD processes and Infrastructure as Code practices.

The Unified Security Management console provides consistent visibility, policy management, logging, reporting and control across all public, private and hybrid cloud networks as well as for on-premises deployments.

AWS Gateway Load Balancer

AWS Gateway Load Balancer (GWLB) is a new cloud service that makes it easy for customers to deploy, scale and manage multiple CGNS gateways, for many networking purposes.

AWS launched GWLB in November 2020; on the same day, Check Point announced that CloudGuard integrates with AWS Gateway Load Balancer at launch.

This video (from Check Point’s CPX360 Summit, February 2021) explains the benefits of GWLB to AWS and Check Point customers.

What CGNS offerings are available in the AWS Marketplace?

There are 9 CGNS offerings in the AWS Marketplace.

The differences between these offerings are due to:

  • Functionality:
    • Next Generation Firewall with Threat Prevention (also known as NGTP): This security gateway includes Firewall, IPS, Application Control, IPsec VPN, Antivirus, Anti-Bot, and Data Loss Prevention
    • Next Generation Firewall with Threat Prevention and SandBlast (also known as NGTX): This security gateway includes all features of NGTP functionality and adds Threat Extraction (which removes exploitable content and promptly delivers sanitized content to users) and Threat Emulation (which prevents infections from new malware and targeted attacks using threat sandboxing with the best possible catch rate, and is virtually immune to evasion techniques).
    • Support for AWS GWLB (yes/no)
    • Management: Security Gateways are managed from a Security Management Server which provides consistent security policy management, enforcement, and reporting within a single pane of glass.
    • (Note that certain offerings in the AWS Marketplace include only the security gateway, others include only the management server, and one offering – CloudGuard Network Security All-In-One – includes both)
  • Pricing models:
    • PAYG: Pay-as-you-go pricing allows you to pay only for what you use. The AWS Marketplace pricing reflects the full price of using Check Point’s offering: payment to Check Point for the software license and payment to AWS for the AWS infrastructure resources consumed.
    • BYOL: Customers who have already obtained a software license from Check Point can use these licenses; the AWS Marketplace BYOL pricing is paid to AWS for the AWS infrastructure resources consumed.

Note also that different offerings also support different sets of AWS instances.

The table below shows the differences between the nine CGNS offerings in the AWS Marketplace, as well as the instances supported by each offering.

 

PAYG or BYOL Security Gateway Functionality Security Management

Functionality

Supports GWLB?
CloudGuard Network Security Next-Gen Firewall with Threat Prevention PAYG Threat Prevention Not included.

Choose one of the Check Point Security Management offerings

No
CloudGuard Network Security with Threat Prevention and SandBlast PAYG Threat Prevention and SandBlast Not included.

Choose one of the Check Point Security Management offerings

No
CloudGuard Network Security with Threat Prevention & SandBlast BYOL BYOL Threat Prevention OR

Threat Prevention and SandBlast (depends on customer’s existing license)

Not included.

Choose one of the Check Point Security Management offerings

No
CloudGuard Network Security for Gateway Load Balancer PAYG Threat Prevention Not included.

Choose one of the Check Point Security Management offerings

Yes
CloudGuard Network Security for Gateway Load Balancer with SandBlast PAYG Threat Prevention and SandBlast Not included.

Choose one of the Check Point Security Management offerings

Yes
CloudGuard Network Security for Gateway Load Balancer – BYOL BYOL Threat Prevention OR

Threat Prevention and SandBlast (depends on customer’s existing license)

Not included.

Choose one of the Check Point Security Management offerings

Yes
CloudGuard Network Security All-In-One PAYG Threat Prevention and SandBlast Included No
Check Point Security Management PAYG Not included.

Choose one of the CloudGuard Network Security offerings

Included N/A
Check Point Security Management (BYOL) BYOL Not included.

Choose one of the CloudGuard Network Security offerings

Included N/A

Please note that the AWS Marketplace offerings allow you to deploy a single gateway each time.

For AWS Cloudformation templates or more comprehensive deployments (including Auto-Scaling, High Availability, etc.), please refer to sk111013.

For more information on:

  • AWS Marketplace: The main page is here
  • AWS GWLB: Read this blog
  • CloudGuard Network Security: See the product page here
  • AWS Cloudformation templates and more comprehensive deployments: see here
  • The Check Point Cloud Security Blueprint documents, which outline best practices and principles for building secure cloud deployments: see here

About CloudGuard

Check Point CloudGuard provides unified cloud native security for all your assets and workloads, giving you the confidence to automate security, prevent threats, and manage posture – everywhere – across your multi-cloud environment.

CloudGuard provides multi-layer cloud security with multiple capabilities. One of these is CloudGuard Network Security, as explained above. Organizations with on-premises environments and in the process of migrating to the cloud with CloudGuard receive unified and consistent security management of all their on-prem and cloud environments and experience the:

  • Most secure, easiest and quickest cloud migration
  • Lowest total cost of ownership

Other CloudGuard capabilities include Cloud Security Posture Management, Cloud Intelligence and Threat Hunting, Cloud Workload Protection, and Cloud Application Security.

We are soon launching CloudGuard Network Detection and Response (NDR) and have a special offer for Early Availability customers.

What’s next?

If you’d like to learn more about CGNS, please speak with your Check Point channel partner, your account Security Engineer or contact us.

To read the Forrester Total Economic Impact of CloudGuard Network Security, where Forrester interviewed a $10B+ US-based healthcare company who uses CloudGuard to secure their hybrid-cloud deployment and generated a 169% ROI, click here.

If you are in the process of planning your migration to AWS or you are already using AWS, please contact us to schedule a demo, and a cloud security expert will help to understand your needs.

If you are ready for a 30-day free trial of CloudGuard, or if you are ready to purchase CloudGuard, you can deploy this via the AWS Marketplace.

How secure is your AWS VPC?

The Check Point Cloud Security CheckMe performs a quick and easy high-level analysis of your AWS VPC and sends you a report of your vulnerabilities against advanced threats.

Do you want to read more about cloud security?

Download the Check Point cloud security blueprint documents:

  • This document introduces the cloud security blueprint and describes key architectural principles and cloud security concepts.
  • This document explains the blueprint architecture, describes how Check Point’s cloud security solutions enable you implement the blueprint, and how these address the cloud security challenges and architectural principles that were outlined in the first document.
  • This document provides reference architectures for implementing the cloud security blueprint.

If you have any questions, please contact your local Check Point account representative or partner, or contact us here.

Follow and join the conversations about Check Point and CloudGuard on TwitterFacebookLinkedIn and Instagram.