As organizations continue to migrate critical applications to the cloud many decisions are made. None more important than the security selected to protect the organization and the digital traffic that runs through its networks. Your cloud service providers recognize that organizations need more which is why they set up the shared responsibility model – cloud vendor manages security of the cloud, security in the cloud is the responsibility of the customer. Best practices and direct research suggest, organizations need to supplement native firewalls with third-party network security tools to achieve adequate security.

So, it’s wise to stay informed on the state of the cybersecurity vendor market and any significant news. In November 2024, CyberRatings.org, a non-profit that evaluates cybersecurity products, released independent test results on the effectiveness of cloud vendors’ firewalls. The findings demonstrate variability in protection across the three major cloud platforms.

CyberRatings.org tested 522 medium to high-severity exploits against the firewall offerings from Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Here’s how they performed:

  • AWS Firewall: Blocked only 0.3% of the exploits tested.
  • Azure Firewall: Managed to block 24.14% of the exploits.
  • GCP Firewall: Performed best, blocking 50.57% of the threats.

The Implications of These Results

For security buyers, unbiased assessments like those from CyberRatings.org are crucial since they offer a fair perspective on performance. This helps organizations make informed decisions about which security solution can meet their security needs. Best practice is to have a layered approach when operating in the cloud, ideally from a vendor that can provide unified network security from on premises data centers to all cloud networks like Check Point.

This is ever important as you move and modernize your cloud as you are sharing the responsibility of your data infrastructure operations and security. Many, not truly understanding the security implications, often default to the cloud native security controls. However, with the rising number of cyber-attacks, this decision should not be taken lightly. In fact, in Q3 2024, Check Point Research (CPR) saw an average of 1,876 cyber-attacks per organization, marking a 75% increase compared to the same period in 2023. Your cloud service providers recognize that organizations need more which is why they set up the shared responsibility model. Their platforms are designed for builders, to layer the necessary tools on top to secure and optimize their cloud application stack. One of the critical building block layers is security, and as the research suggests, organizations need to supplement native firewalls with third-party network security tools to achieve adequate security.

The results also underscore a critical point: what are organizations getting out of their security investments? As organizations add up their monthly cloud invoices each line item is analyzed for its value to the organization and customer. Firewall security is a line item that must be paid careful attention to, whether through the cloud native provider or a third-party vendor as it can have broad organizational impact far beyond the network traffic it is protecting.

Recommendations for Cloud Security Buyers

  1. Evaluate Third-Party Security Solutions
    Given the limitations revealed in native firewalls provided by the Cloud Vendors out-of-the-box, organizations should explore third-party tools designed for robust cloud security. Many vendors offer advanced solutions tailored for hybrid and multi-cloud environments, but there is only one cloud firewall vendor that offers unified on premises data center and multi-cloud network security with maximum threat prevention while providing consistent access control from one management console, it’s called Check Point CloudGuard.
  2. Adopt a Layered Security Approach
    Security is unique for everyone, and no use case is exactly the same. So best practice is to have a layered approach when operating in the cloud, ideally from a vendor that can provide unified network security from on premises data centers to all cloud networks.  To provide operational efficiency it’s best to have one management console as well as log consolidation for visibility, forensics, and network troubleshooting. This makes it far easier and cost effective to manage firewalls no matter the location, providing consistent access control across networks with advanced threat prevention capabilities. Of course, adding employee cyber awareness and regular vulnerability assessments will help you sleep a little better at night too.
  3. Stay Up to Date
    Independent reviews and reports, like those from CyberRatings.org, should be part of any organization’s due diligence process when selecting or evaluating a cloud provider.

Final Thoughts

For those looking to buy cloud services, the CyberRatings.org evaluation offers great value. While the scalability and flexibility of cloud platforms are proven, firewall security is worth a second look to ensure long term successful operations. As organizations continue to embrace cloud computing, understanding the strengths and limitations of native security tools is paramount. The next steps are clear: organizations must continually access their cloud strategies and seek out the best security solutions to ensure they protect their critical assets in this ever-evolving threat landscape.

If you want to safeguard your valuable cloud assets, learn more about the industry recognition Check Point CloudGuard has earned recognition for delivering AI-powered threat prevention and a cohesive strategy for cloud network security.

 

You may also like