By Jeff Engel, Cloud Security Technical Marketing Engineer, published July 12, 2022

Background

As more and more organizations transition workloads to the cloud, they are at the same time looking for ways to simplify the deployment of highly resilient but also complex architectures.

AWS continues to develop and launch new services to make the architecture design and deployment easier and more intuitive for its customers, and this is especially true with the recent announcement of AWS Cloud WAN.

What is AWS Cloud WAN?

AWS Cloud WAN is a managed wide-area networking (WAN) service that organizations can use to build, manage, and monitor a unified global network that connects resources running across hybrid environments. And it allows for the use of simple network policies to centrally configure and automate network management and security tasks, to enable organizations to get a complete view of their global network. The diagram below shows the AWS Cloud WAN high-level architecture.

AWS Cloud WAN high-level architecture (source: AWS)

Benefit to AWS customers of using AWS Cloud WAN

Prior to AWS Cloud WAN, organizations built resilient, global AWS architectures utilizing Transit VPCs, Transit Gateways, Hub and Spoke models, VPNs, Direct Connect, and everything in between.  With AWS Cloud WAN, the same thing can be accomplished with a handful of clicks.  Cloud WAN also provides the ability to centrally monitor network health and performance.

To ensure that AWS Cloud WAN customers have industry leading security, Check Point is happy to announce that CloudGuard Network Security is an integration partner of AWS Cloud WAN at launch.

What is CloudGuard Network Security?

CloudGuard Network Security is a cloud-native security gateway which delivers industry-leading advanced threat prevention and multi-layered network security for AWS and hybrid cloud deployments.

  • Security features include Firewall, IPS, Application Control, IPsec VPN, Anti-Virus and Anti-Bot, DLP, Threat Extraction and Threat Emulation.
  • Integrated with leading configuration management tools including AWS CloudFormation, CloudGuard enables rapid deployment and supports full automation to support CI/CD processes and Infrastructure as Code practices.
  • The Check Point unified security management console provides consistent visibility, policy management, logging, reporting and control across AWS and hybrid-cloud networks as well as for on-premises deployments.

CloudGuard Network Security provides AWS Cloud WAN customers the ability to extend world-class cybersecurity to secure traffic flowing in and out of their infrastructure, enhancing and complementing AWS security  CloudGuard Network Security also provides for the ability to apply consistent security policies wherever your workloads are deployed, in AWS and hybrid-cloud deployments.

Why is this integration valuable to AWS Cloud WAN customers?

A good AWS security solution must be well-integrated with AWS services and constructs to ensure the best possible user experience. This is not a trivial task, because AWS constantly updates existing services and launches new capabilities to serve its customer base.

Ever since Check Point first deployed its industry-leading network security gateways on AWS in 2013, Check Point has provided solutions to integrate with the latest services launched by AWS, and in the case of Cloud WAN, nothing has changed.

As previously announced CloudGuard Network Security seamlessly integrates with AWS Gateway Load Balancer(GWLB).  Using this existing integration, organizations are able to benefit from an already proven solution to enhance their Cloud WAN deployment.

Reference Architecture

The diagram below provides an example of how CloudGuard Network Security gateways can be deployed using AWS GWLB to secure a typical AWS Cloud WAN deployment.

This reference architecture allows organizations to secure traffic flows in the following use cases:

Egress traffic to the Internet or other non-AWS destinations

Ingress traffic

Use cases

AWS Cloud WAN is valuable for customers who are operating in multiple regions and trying to simplify their operational overhead. Additionally, this new service is compelling for customers who require complex peering, routing, and automated configurations but prefer to expend less time and effort maintaining, monitoring and building these resilient deployments.

Conclusion

Check Point cloud security natively integrates with AWS to hunt for threats everywhere and deliver advanced threat prevention, visibility, and posture management. Thousands of AWS customers use Check Point CloudGuard to enhance and complement their AWS security, with a broad and deep set of capabilities including Cloud Security Posture Management, Workload Protection, Application Security, Intelligence and Threat Hunting.

Whether you are a seasoned cloud practitioner with a mature deployment or deploying AWS Cloud WAN from scratch, the integration of AWS Cloud WAN and Check Point CloudGuard Network Security is worth exploring as it will simplify your deployment, reduce your operational overhead, and most importantly, make your organization more secure.

Next Steps

For a deeper explanation of the integration, please read the SK document.

If you are interested to understand more about the integration of CloudGuard Network Security and AWS Cloud WAN, please contact your Check Point account team to discuss in more detail.

Please stay tuned  for additional enhancements to the integration, webinars and upcoming deep-dive workshops.

Check Point is a Platinum sponsor at AWS re:Inforce, taking place at the Boston Convention and Exhibition Center July 26-27, 2022. Visit booth #500 in the expo hall and meet with our team of cloud experts to get a demo of our solutions.  Don’t miss our session “Beyond unification: How CNAPP must reduce cloud security risk,” presented by Yuval Shchory, Head of Cloud Security Product Management, on Tuesday, July 26th, Partner Theater B.

If you are in the process of planning your migration to AWS, please fill in the form to schedule a demo, and a cloud security expert will help to understand your needs.

If you are migrating to the cloud and evaluating cloud network security solutions, download the Buyer’s Guide to Cloud Network Security to understand:

  • The top 10 considerations when evaluating and choosing a cloud network security solution in more detail
  • An overview of Check Point CloudGuard and how it answers these top 10 considerations
  • The relative benefits of the solutions provided by leading cloud providers and third-party security vendors

Another insightful document is the Forrester Total Economic Impact of CloudGuard Network Security: Forrester Research interviewed a $10B+ US-based healthcare company who uses CloudGuard to secure their hybrid-cloud deployment and generated a 169% ROI. To read this document, click here.

Do you want to read more about cloud security?

Download the Check Point cloud security blueprint documents:

  • Introduction to Cloud Security Blueprint introduces the cloud security blueprint and describes key architectural principles and cloud security concepts.
  • Cloud Security Blueprint: Architecture and Solutions explains the blueprint architecture, describes how Check Point’s cloud security solutions enable you implement the blueprint, and how these address the cloud security challenges and architectural principles that were outlined in the first document.
  • This document provides reference architectures for implementing the cloud security blueprint.

Follow and join the conversations about Check Point and CloudGuard on TwitterFacebookLinkedIn and Instagram.

You may also like