In the ever-evolving landscape of cloud security, staying ahead of threats is the top priority for IT security teams. However, for many organizations experiencing a shortage in security engineers and an overload of security tasks, it is often as important to improve security teams’ operational efficiency. (In a recent survey, 76% of respondents said their organization is currently facing a shortage of cyber security talent.)
Thousands of AWS customers choose to enhance their AWS security with Check Point CloudGuard Network Security, and Check Point is happy to announce that CloudGuard Network Security is an integration partner of AWS Cloud WAN Service Insertion at launch. This new feature of AWS Cloud WAN simplifies security inspection, and this new integration is an important extension of CloudGuard’s capabilities, streamlines AWS security operations and improves operational efficiency for security teams.
This article will explain what AWS Cloud WAN Service Insertion is, the capabilities of CloudGuard Network Security, and the benefits that this integration brings to cloud security teams.
What is AWS Cloud WAN Service Insertion?
We announced the integration of Check Point CloudGuard Network Security with AWS Cloud WAN in July 2022, with Check Point as an integration partner of Cloud WAN at launch.
AWS Cloud WAN is a managed wide-area networking (WAN) service that enables organizations to build, manage, and monitor a unified global network that connects resources running across hybrid environments. And it allows for the use of simple network policies to centrally configure and automate network management and security tasks, providing organizations with a complete view of their global network.
Prior to AWS Cloud WAN, organizations built resilient, global AWS architectures utilizing Transit VPCs, Transit Gateways, Hub and Spoke models, VPNs, Direct Connect, and everything in-between. With Cloud WAN, the same thing is accomplished using a centralized policy or with a handful of UI clicks. Cloud WAN also provides the ability to centrally monitor network health and performance.
In a similar way to the Cloud WAN launch, Check Point and AWS teams worked closely together to develop and test the new Service Insertion capability, announced at AWS re:Inforce. It allows customers to easily insert AWS and third-party networking and security services (like CloudGuard Network Security) on Cloud WAN using a central policy document. Using this feature, customers can easily steer VPC-to-VPC or VPC-to-on-premises traffic for deep packet inspection and advanced threat prevention by defining simple policy statements or using a few clicks in the UI. This feature also supports policy-based traffic steering to CloudGuard Network Security gateways that are deployed in inspection VPCs for east-west and north-south security inspection, allowing customers a seamless integration of their security infrastructure with the rest of their Cloud WAN deployment.
Key Benefits
Before the Service Insertion capability, security insertion was performed manually using routing tables. This incurs operational overhead for cloud security teams and may introduce additional risk or delays due to human error.
The new capability simplifies user configuration by no longer requiring the creation and management of complex routing configurations, securing an additional VPC is as simple as connecting the new VPC, and the traffic will be automatically routed for inspection. To quote one of the developers who worked on this integration, “This is the easy button for configuring security inspection with AWS Cloud WAN.”
Cloud WAN also allows customers to easily create multi-region security inspection configurations. Most Cloud WAN customers utilize multiple regions for greatest resiliency and application responsiveness. Cloud WAN supports easy integration of traffic steering to CloudGuard Network Security for inter-region and intra-region traffic.
How does Check Point enhance and complement AWS security?
CloudGuard is Check Point’s prevention-first cloud security platform. It expands the Cloud Native Application Protection Platform (CNAPP) with industry-leading prevention, including these capabilities:
- Cloud Network Security
- WAF and API Protection
- Cloud Security Posture Management (CSPM)
- Cloud Workload Protection (CWPP)
- Cloud Detection and Response (CDR)
- Cloud Infrastructure Entitlement Management (CIEM)
- Code Security
Check Point’s broad and deep cloud security capabilities are consistently recognized as a leader by industry analysts, for example in the GigaOm Radar for Cloud Network Security, where Check Point was recognized as a Leader and Fast Mover.
CloudGuard Network Security enhances and complements AWS security, and is the ideal choice for AWS customers in these business scenarios:
- Check Point customers extending their on-premises network security to the cloud: CloudGuard customers minimize organizational risk easily and intuitively, using the same security policies and increasing operational efficiency without the complexity of additional security solutions.
- AWS customers who are sensitive to security risk: CloudGuard provides industry-leading cloud network security with the highest security effectiveness, and is the best choice for organizations with critical business applications.
- Organizations with hybrid-cloud deployments: CloudGuard customers manage their AWS, hybrid-cloud and on-prem security using Check Point unified Security Management from a single pane-of-glass, ensuring consistent visibility, policy management, logging, reporting and control.
- Security teams want efficiency and ease-of-use: Check Point testing shows CloudGuard is easiest to use over standard cloud network security use cases (time taken, number of mouse-clicks and number of menus navigated).
- Analyst recommendations: Check Point is recognized as a long-term leader by third-party analysts, including 23 consecutive years as a Leader on the Gartner® Magic Quadrant™ for Network Firewalls. Testing lab results show the highest security effectiveness score with 99.8% block rate for malware, and 100% block rate for malicious URLs and phishing attacks.
For more information about the technical advantages of Check Point’s cloud network security solution for AWS security, please reach out to your Check Point account team or channel partner, or contact us.
Summary
AWS Cloud WAN Service Insertion is designed to streamline the way that networking and services (like CloudGuard Network Security) are integrated into the Cloud WAN network architecture, allowing for more efficient deployment and management of these services without compromising security or performance.
By leveraging AWS Cloud WAN Service Insertion, organizations gain the ability to embed security seamlessly into their network fabric. This not only elevates the network’s security capabilities but also optimizes the operational workflow of security teams, making it a cornerstone for modern cloud network management strategies.
By simplifying the integration of advanced security solutions like CloudGuard Network Security, AWS Cloud WAN’s Service Insertion capability allows organizations to expand and enhance their security framework with precision and agility. It caters to the dynamic needs of businesses by providing a flexible, efficient, and scalable method to manage security within their global network, ensuring that operational efficiency and security go hand in hand.
AWS Cloud WAN Service Insertion extends the ability of CloudGuard Network Security to offer a holistic view and control over the network’s security posture, enabling IT security teams to implement robust security measures directly within their network infrastructure.
Next Steps
Look for an Under the Hood technical webinar about using CloudGuard Network Security with AWS Cloud WAN Service Insertion coming soon!
For documentation on the Service Insertion capability, see here.
If you are assessing how to enhance your AWS security, or would like to see how CloudGuard Network Security protects AWS Cloud WAN deployments, schedule a personalized demo and a cloud security expert will help to understand your needs.
To replay other technical webinars about CloudGuard Network Security, please see here.
If you would like to schedule a personalized technical workshop around best practices for secure cloud migration, or CloudGuard Network Security, please fill in this form and a cloud security architect will contact you to understand your considerations and schedule next steps.
Follow and join the conversations about Check Point and CloudGuard on X/Twitter, Facebook, LinkedIn and Instagram.