How Agentless Workloads Improves Security Velocity

By Benny Zemmour – Group Manager Cloud Security

Why Modern Development Demands Agentless Workload Protection

In the age of fast-paced software development cycles and complex applications, security must be automated. As such, agentless security solutions have become a de facto standard for many modern organizations wishing to ensure that security is integrated into cloud deployments without hindering developers. This allows security teams to have a comprehensive view, automatically, across the entire cloud without the need to install agents, which helps eliminate blind spots, and allows for the quick detection vulnerabilities and compliance issues.

Set Yourself Free from Agent Interference

An agentless solution can eliminate the friction between development and security. Instead of having security rely on developers to implement protocols, or requiring developers to slow down for security tests, an agentless deployment option gives you immediate, deep visibility into OS security configuration issues, leaked credentials, and malware on workloads. And it won’t interfere with performance, so everybody stays happy. By leveraging Check Point CloudGuard’s scanning-as-a-service model, you can take full advantage of agentless workload deployment to achieve optimal workload protection.

Let’s take a look at how simple it is to leverage the Agentless Workload Posture (AWP) functionality to secure your workloads.

AWP in Action


Figure 2: Risk management screenshot

Here, AWP is feeding its deep analysis findings to the CloudGuard CNAPP platform. AWP examines a host (compute, ec2) for:

  • Visibility of vulnerabilities
  • Details of exposed credentials
  • Visibility of malware within each workload
  • OS-level compliance
  • Intrusion detection
  • File integrity monitoring

CloudGuard also considers open and exposed ports and the level of network exposure: public, private, or hybrid. Threat Intelligence correlates these findings with audit activity to deliver a clear, comprehensible risk score:

Figure 3: Individual asset overview with new risk and AWP featuresIn the columns shown here, CloudGuard weighs the context provided by AWP to determine the risk level for each cloud asset, such as whether it is running, network exposure, credential leaks, analysis period, and more.

Once AWP is activated, CloudGuard also activates the Effective Risk Management (ERM) dashboard:

Figure 4: CloudGuard’s Effective Risk Management (ERM) overview screen

This dashboard calculates and displays an overall risk score based on relevant areas of exposure and risk findings provided by AWP’s deep context and threat intelligence, along with other integrated components of CloudGuard’s CNAPP solution.

As part of Check Point’s integrated CloudGuard CNAPP solution, AWP puts you in control of all your systems with an integrated and unified dashboard that makes protection simple:

Figure 5: CloudGuard’s risk dashboard allows you to see which assets are at greatest risk — and why.


And all of AWP’s findings are gathered in a single platform so that other CloudGuard security components can take advantage of that intelligence and context to better secure your cloud posture.

Get AWP Working for Your Team

Take back control of your cloud environments with Check Point’s CloudGuard CNAPP solution, including the new Agentless Workload Posture. And, for once, you’ll have something both your developers and security professionals can agree on. Why do they all love AWP so much?

  • Developers love AWP because it’s seamless, automated, and has no impact on live workloads, so they can focus on creating features and refining the user experience.
  • Security professionals love AWP because it gives them deep insights into the security posture of cloud workload assets, so they can implement guardrails that keep the entire organization on track and compliant.

AWP gives you frictionless end-to-end application protection from code to cloud. It adds zero overhead for development and DevOps teams while providing security with all the insight they need to ensure regulations and policies are consistently enforced. As an all-in-one solution with a single pane of glass and integrated Effective Risk Management (ERM), CloudGuard not only handles your environment’s complexity today, but it also scales efficiently for the future. That means you’ll always be covered against risks throughout all your software supply chains. Workload protection is often overlooked, and it can be challenging to control. See how simple it can be with Check Point’s CloudGuard CNAPP solution with Agentless Workload Posture on your team. Click through to try CNAPP including AWP for your business.