How to Keep Workloads Secure in the Dynamic Threat Landscape

By Yaffa Finkelstein – Product Marketing, Cloud Security

If the Log4j attacks taught the internet anything, it’s that layered security is critical because you never know where the next exploit could emerge from.

Who would have thought that the innocuous and ubiquitous open source logging tool Log4j could be used for remote code execution? And yet here we are, reminded once again about the importance of pro-active, pre-emptive, layered security.

CloudGuard customers are already empowered in the knowledge that those running AppSec in prevent mode were pre-emptively protected from any Log4Shell attacks and the subsequent variants – you can see more details here.

CloudGuard Workload customers are also able to continue conducting business with peace of mind, because their security is layered by design. CloudGuard Workload provides two critical security layers – vulnerability management and active protection.

Vulnerability management
CloudGuard Workload includes a ShiftLeft tool which ensures that security always runs hand in hand with code. The ShiftLeft tool scans source code, containers and serverless functions, looking for vulnerabilities including those associated with the Log4j tool. This tool alerts the security and DevOps teams if any vulnerabilities are detected in the pre-build phase, ensuring that vulnerable code is not deployed.

ShiftLeft provides scanning for threats that we have identified while code is being produced, but the question remains – what of the threats which only become apparent tomorrow?

And with that we move to runtime scanning which detects any workload that is running with a vulnerability. As the threat landscape continues to evolve, it is easy to implement scanning for a new threat like the Log4Shell exploits using CloudGuard’s runtime scanning capabilities. CloudGuard scans workloads in registry and during runtime.

Active Protection
CloudGuard includes many capabilities which include active protection.

AppSec is CloudGuard’s automated WAF which is powered by Contextual AI and was able to pre-emptively protect applications running the Log4j tool, from exploits even before the vulnerabilities were discovered. The solution was able to provide this level of security because the AI can baseline behavior and block anomalous attacks based on a complex risk scoring mechanism.

Similarly, CloudGuard Network was also able to identify irregular communications and block the malicious activity, because it is powered by Check Point’s award winning IPS solution.

While organizations only started to understand the scope of the vulnerabilities associated with Apache’s Log4j, CloudGuard provided pre-emptive security and additional layers were updated immediately.

This means that our customers remain safe from all variations of the Log4j exploits, and from any other attacks which may be just moments away.

Want to learn more about CloudGuard Workload? Request a demo today!