By Jonathan Maresky, Product Marketing Manager, CloudGuard IaaS, published December 16, 2019
It seems like only yesterday that I wrote blogs about five best practices for AWS re:Invent 2019 and 6 DevSecOps sessions you won’t want to miss.
Now AWS re:Invent 2019 is over, and it was a huge success.
It ran mostly like clockwork, which is especially impressive considering that over 65,000 people attended at 6 different venues.
The objective of this new blog is to summarize the event from a number of different perspectives:
- The importance for Check Point and our customers and partners
- The importance for AWS and its customers
- Additional insights from the event
From the Check Point perspective:
We had a great event!
Our booth was extremely busy, we published a large number of valuable and exciting announcements, and we held many meetings with prospective and current customers as well as partners from AWS and other companies.
We took a principled approach to swag, and chose to donate money to worthy causes (Girls Who Code and Boys and Girls Clubs of America) instead of giving away yet another cheap plastic giveaway.
We hope other companies will follow our positive social and environmental example.
The most important announcement was definitely Check Point’s acquisition of Protego on the first day of the event.
Protego has a serverless security technology that prevents malicious attacks on serverless functions in run time, and prevents vulnerable code from being deployed into production.
And for those who are not familiar with serverless technology: it is the top-growing extended cloud service for the second year in a row, with a 50 percent growth over 2018, according to Rightscale. You can read more about the serverless services of AWS, Azure and Google Cloud.
However, Gartner cautions that “the adoption of serverless … further complicates security”.
During re:Invent Check Point CloudGuard also announced its support for containers and serverless services in a press release and a follow-up blog.
Every year, AWS announces new services and capabilities at re:Invent and Check Point was an integration partner in a few of these announcements:
- CloudGuard IaaS provides advanced threat prevention and network security for AWS and hybrid cloud deployments. CloudGuard IaaS was an integration partner for Amazon VPC Ingress Routing, and thereby provides customers with smaller deployments with an easier, more efficient and more natural way to redirect traffic flowing into a VPC for advanced AWS security. You can read more about the integration in this blog and even watch a short video of the integration.
- CloudGuard Dome9 enables public cloud security and compliance orchestration. CloudGuard Dome9 was an integration partner for AWS IAM Access Analyzer, which will allow security teams and administrators to validate that their policies provide only the intended access to resources.
- CloudGuard Log.ic provides cloud security analytics for AWS and multi-cloud deployments. CloudGuard Log.ic was an integration partner for Amazon Detective which was announced as a preview at re:Invent, and will make security investigations faster and easier. Read more about the integration in the press release and in this blog.
Check Point also featured in a few breakout sessions:
- Roy Feintuch, Check Point’s Cloud Chief Technologist, presented a fascinating session titled “Protecting You from You: Customer-Caused Security Breaches”. Watch the recording here.
- Andy Smith, Manager of Cybersecurity Operations at Sallie Mae, spoke with Benjamin Andrew from AWS on “Master your security in the cloud”, and described how Sallie Mae uses Checkpoint CloudGuard Dome9 from AWS Marketplace to enforce and automate AWS security. Watch the recording here.
From the AWS perspective:
The best way to gain insight into the highlights of the event is to watch the keynotes:
- Monday Night Live with Peter DeSantis, VP, AWS Global Infrastructure and Customer Support
- Andy Jassy, AWS CEO
- Global Partner Summit with Doug Yeum, Head of AWS Worldwide Channels and Alliances
- Werner Vogels, CTO of Amazon.com
You can access the videos of all of the breakout sessions and keynote videos here.
And if you were ever skeptical of the number of new service and functionality launches, you can read Jeff Barr’s blog from Tuesday Dec 3 here.
Additional insights:
I asked some of the Check Point attendees at re:Invent to send their insights from the event. Here are a few responses:
- “It looks like AWS is very focused on locality in order to get closer to their users and their data, reduce data access latency and improve the user experience. This can be seen from the announcement of AWS Local Zones (for example, the first local zone in Los Angeles) as well as the launch of AWS Wavelength, which embeds AWS services within the telcos’ datacenters at the edge of 5G networks.”
- “Four years ago, I don’t think that AWS would refer publicly to hybrid cloud deployments. But the lines are now getting increasingly blurred between public and private cloud. We saw this in October 2016 with the strategic alliance between AWS and VMware, and this year at re:Invent AWS announced that AWS Outposts are now available, where you can order an on-prem private cloud with the same look-and-feel as AWS.”
- “AWS’s continuous investments in its core business will allow them to continue to innovate and cut costs for their customers. A few examples of this: the new Nitro-based instances, newly launched instances powered by AWS Inferentia that are well-suited to Machine learning, and the new ARM-based instances with Graviton2 processors from Israel-based Annapurna Labs, acquired by AWS in 2015.”
- “From a security and compliance perspective, the introduction of Amazon Detective, AWS IAM Access Analyzer, and AWS Nitro Enclaves were three big announcements. This builds upon Amazon GuardDuty, Amazon Macie, and AWS Security Hub announced last year. AWS continues to make bigger plays in this space to help customers better secure their infrastructure. They have taken it a step further with these new offerings to help customers encrypt sensitive data and provide analysis to investigate issues and create better policies. AWS is by no means taking over the customer security responsibilities from the Shared Responsibility Model, but these tools will certainly complement other leading security and monitoring tools on the market for their specific use case.”
- “One of the most popular technology topics at re:Invent was serverless technologies – whether onstage or as part of the Expo. More and more breakout sessions focused on strategies to build serverless applications, as well as how to better monitor and secure them. The vast variety of organizations deploying serverless and the applications they are building are intriguing. There were several workshops around the event focused on this, providing development teams with a great sandbox.”
- “There were too-many-to-count AWS product announcements, and it will be interesting to see how they evolve over time. For instance, from an application development perspective, Amazon CodeGuru with Profiler is a machine learning service that provides automated code reviews to look for defects and optimization opportunities. This solution will help developers better design and manage their code across platforms but right now only works with Java. It will be interesting to see this tool’s capabilities advance with further integration.”
At Check Point, we’re doing a deep-dive into these new AWS capabilities and thinking about how we can use them to improve AWS security for our customers.
And we’re looking forward to seeing our customers, partners and friends at AWS at re:Invent 2020!
Schedule a demo of one or more of Check Point’s security solutions here.
Follow and join the conversations about Check Point and CloudGuard on Twitter, Facebook, LinkedIn and Instagram.