As enterprises expand into Oracle Cloud Infrastructure (OCI), they need security that scales as dynamically as their workloads. Check Point CloudGuard Network Security now brings full auto-scaling support to OCI extending its industry-leading cloud security automation capabilities to yet another major platform.

CloudGuard Network Security integrates natively with 20 public and private cloud vendors ensuring smooth interoperability and choice. This advanced integration provides customers the confidence and freedom to choose the right cloud for each workload or application without compromising on security or control.

Auto-Scaling with Oracle Instance Pools

With OCI Instance Pools, CloudGuard firewalls can now automatically expand or contract in response to real-time traffic demands. When workloads spike, new virtual machine-based CloudGuard security firewalls are deployed instantly. When demand drops, unused instances are automatically removed, saving costs while maintaining full network protection.

This elasticity aligns security capacity with application demand, ensuring performance and resilience even during high-traffic periods. It also eliminates the need for manual scaling, enabling faster response to dynamic workloads.

How It Works

CloudGuard leverages native Oracle Cloud components to deliver this automated security fabric:

  • Instance configurations and pools define CloudGuard parameters and scaling logic.
  • OCI Load Balancers distribute inbound and outbound traffic across active firewalls.
  • Unifies all network security across on-premises, private, and public clouds via one console providing centralized policy management and visibility.
  • Terraform templates support infrastructure-as-code automation for fast, repeatable deployment.

Oracle Autoscale load balancing adjusts the number of CloudGuard firewalls in the Instance Pool based on the traffic load.

It uses two main events:

  • Scale Out: Adds CloudGuard firewalls to the Instance Pool when the traffic load increases.
  • Scale In: Removes CloudGuard firewalls from the Instance Pool when the traffic load decreases.

Default firewall CPU thresholds to trigger autoscaling events:

  • Scale Out: Triggers at 80% CPU use (5-minute average).
  • Scale In: Triggers at 60% CPU use (5-minute average).
Why This Matters

By automatically adjusting CloudGuard firewall resources based on demand, autoscaling helps organizations more efficiently manage network security in unpredictable cloud environments.

Financial benefits

Efficient utilization: Autoscaling ensures firewall instances are used efficiently by allocating them according to real-time traffic load. This avoids paying for idle infrastructure and maximizes the return on investment for your security investment.

Cost optimization: With a pay-per-use model, autoscaling prevents businesses from over-provisioning firewall capacity to handle traffic spikes. By automatically scaling down during periods of low demand, businesses only pay for the resources they actually need, which significantly reduces cloud costs.

Operational benefits

Increased performance: Autoscaling prevents service degradation during sudden traffic surges by automatically adding more firewall instances to distribute the load. This ensures that your Oracle Cloud workloads and applications remain responsive and highly available, providing the best user experience possible.

Cheaper, faster, better: Automating the process of scaling security resources reduces the need for manual intervention by IT teams. This eliminates the risk of human error and frees up security and cloud professionals from focusing on routine capacity management tasks.

Infrastructure-as-code (IaC) support: The use of Terraform deployment templates and GitHub repos allows for the automation of network security at scale. This aligns with modern DevOps practices, enabling security to be built into the deployment pipeline rather than treated as an afterthought.

Security and compliance benefits

Enhanced security posture: Autoscaling ensures there are no security gaps during high-traffic events, as new firewall instances with the correct security policy are automatically deployed to handle the increased load.

Continuous compliance: The ability to consistently and automatically enforce security policies helps organizations comply with regulatory requirements ensuring sensitive data is protected at all times. CloudGuard Network Security also provides granular micro-segmentation to meet data protection compliance requirements like GDPR, HIPPA, SOC2, and PCI.

Example scenario

An e-commerce company on OCI experiences a massive, unpredictable spike in traffic during a seasonal sale.

Before autoscaling: The company would over-provision firewalls to handle peak traffic, wasting money during off-peak, or risk revenue due to performance degradation. They also would face increasing security vulnerabilities as traffic overwhelms firewall capacity.

With autoscaling: As the traffic load increases, OCI’s monitoring detects the high CPU utilization on the firewalls and automatically scales out the instance pool, bringing on new firewalls. The traffic is then distributed across the new, larger pool of firewalls, ensuring consistent performance and maintaining a strong security posture without any manual intervention. When the sale ends and traffic drops, the system scales back in, saving on cloud costs.

Meeting Customers Where They Are

These new Oracle capabilities reflect Check Point’s commitment to meeting customers where they are on their cloud journey, delivering on our Open Garden approach. Whether enterprises are deploying applications on Oracle Cloud Infrastructure or any other cloud architecture, CloudGuard Network Security adapts to their needs.

Getting Started

As organizations continue to evolve their security solutions must evolve with them. Check Point CloudGuard Network Security delivers the innovations customers need to secure their hybrid networks without compromise offering speed, control, and flexibility across every stage of the cloud journey. Customers can experience unified network security across on premises, private and public cloud. To learn more about Oracle and Check Point attend this Under The Hood webinar or meet with a cloud architect today.

 

You may also like