We are pleased to announce the general availability of CloudGuard Network Security with Azure Gateway Load Balancer. This integration enhances Azure security with Check Point’s industry-leading advanced threat prevention solution. With CloudGuard, customers can now protect their data, applications and services from potential threats in the cloud with greater security efficacy, and the integration simplifies and improves the design of secure Azure deployments.
Introduction and Background
As organizations around the world are migrating their workloads to the cloud, the importance of cloud security is becoming increasingly critical, because it provides customers with the confidence that their data and applications are protected from cyber threats. Cloud network security is a foundational layer, providing broadest risk mitigation and greatest cost/benefit.
Microsoft Azure is a leading public cloud provider that enables customers to build, deploy, and manage applications and services in a secure environment. Check Point is one of Microsoft’s leading global security partners and a trusted cloud security advisor for thousands of Azure customers across the world and in all industry verticals. Check Point’s cloud security solutions enhance and complement Azure security, making it an obvious choice for organizations planning to migrate their workloads to Azure.
What is Gateway Load Balancer?
Gateway Load Balancer is a fully managed Azure service and a type of load balancer, which enables high performance and high availability scenarios for a network virtual appliance (NVA) like a next generation firewall or security gateway. It allows Azure customers to deploy, scale, and manage NVAs quickly and easily. Additionally, it enables transparent NVA insertion in a network path.
In other words, it allows customers to easily add their preferred cloud network security solution to their Azure deployment without additional overhead. According to Microsoft, it “provides bump-in-the-wire technology that ensures all traffic heading to a public endpoint is sent to an appliance before it reaches an application. Gateway Load Balancer supports flow symmetry and source IP preservation. As a result, packets traverse the same network path in both directions, enabling stateful appliances, and your traffic remains transparent to both your appliances and your application.”
For a more detailed explanation, please read this blog post.
What is CloudGuard Network Security?
CloudGuard Network Security is the cloud version of Check Point’s industry-leading network security solution.
Check Point customers moving to the cloud consistently confirm that CloudGuard provides the easiest, quickest and most secure migration path, with lowest organizational risk and greatest value:
- Most secure: CloudGuard uses the same leading advanced threat prevention technologies (also called “blades”) as on-prem gateways
- Quickest: There is no need for new training or integrations – CloudGuard works the same way in the cloud as it does in organizations’ data centers
- Easiest: CloudGuard uses the same unified management and policies as on-prem
- Lowest risk: Check Point customers trust Check Point security – using another cloud security solution increases the customer’s risk so they greatly prefer a trusted security advisor.
- Greatest value: Total cost of ownership is reduced due to less need for new and additional engineering staff, and a significantly reduced learning curve to become familiar with the security solution
CloudGuard advanced protection includes these security features: Firewall, DLP, IPS, Application Control, IPsec VPN, Antivirus and Anti-Bot. SSL/TLS traffic inspection with traffic forwarding and SNI support for advanced threat prevention inside secure SSL traffic. SandBlast adds Threat Extraction and Threat Emulation for zero-day attacks.
A recent proof-point of CloudGuard’s industry-leading security is Miercom’s Next-Generation Firewall Security Benchmark 2023, where leading independent test and validation organization recently tested the security effectiveness of the industry’s top four enterprise firewall vendors. Check Point led in all categories by achieving a 99.7% malware block rate, 99.9% phishing prevention rate, and ultra-low 0.1% false positive detection rate.
CloudGuard has an additional significant advantage owing to its native integrations with the broadest range of public and private cloud vendors, as well as its ability to manage multi- and hybrid-cloud security consistently and efficiently. Considering that 92% of organizations have a multi-cloud or hybrid-cloud strategy, using a cloud security solution that supports only one cloud vendor is risky and may be expensive and painful in the future.
What are the benefits of this integration?
Two of the main benefits of the integration between CloudGuard Network Security and Azure Gateway Load Balancer include visibility into the real source IP of incoming traffic packets, and support for cross-subscription and multi-region deployments.
Benefits of visibility to real source IPs
Source NATing of ingress traffic may create visibility challenges in identifying the true source IP of a connection. Thus creates a “blind spot” for the security teams, as they are unable to determine the traffic source’s real IP address.
The new integration provides full visibility to the real source IP, keeping the packet headers and payload intact, so the source’s identity is visible as the packet travels to its destination. This visibility is important for several reasons:
- Security: When a request is sent from a device, it is important to know the real source IP in order to identify potential security threats, such as hacking attempts or DDoS attacks. By analyzing the source IP, security professionals can block malicious traffic and protect their networks from unauthorized access.
- Troubleshooting: In case of network issues, knowing the real source IP helps network administrators to identify the root cause of the problem. By analyzing the source IP, they can determine if the issue is caused by a particular device, location, or network, and take appropriate measures to resolve the problem.
- Compliance: In some industries, such as healthcare or finance, there are regulations that require organizations to keep track of the source IP of all network traffic. By capturing the source IP, organizations can ensure compliance with these regulations and avoid potential fines or legal issues.
- Analytics: Capturing the source IP can also be useful for analyzing network traffic patterns and trends. By analyzing the source IP, organizations can determine which devices are generating the most traffic, which locations are accessing their network the most, and other important insights that can inform their business decisions.
Overall, getting visibility to the real source IP is critical for maintaining network security, troubleshooting network issues, ensuring compliance with regulations, and gaining valuable insights through analytics.
Benefits of support for cross-subscription and multi-region deployments
For organizations seeking to balance speed of development with comprehensive security control, Azure Gateway Load Balancer supports cross-subscription and multi-region deployments. Organizations can give their line of business (LOB) full control of their Azure subscriptions while maintaining centralized security control. Gateway Load Balancer enables CloudGuard to easily secure LOB applications and inspect traffic across subscriptions and regions, streamlining Azure networking and enhancing security.
Moreover, by leveraging Check Point’s advanced security capabilities and management features, security administrators can centrally manage network access control from a single pane of glass across regions and subscriptions. This provides a powerful solution that addresses the unique challenges of multi-region and multi-subscription environments, making it easier for organizations to enhance security and streamline Azure networking.
With this integration, customers can now gain improved performance and scalability while also protecting their data and applications from cyber threats. This integration between CloudGuard Network Security and Azure Gateway Load Balancer represents an important step forward in providing comprehensive cloud security to customers.
How do I get started?
You can read the administration guide for using Load Balancer with CloudGuard Network Security here.
Watch a deep-dive technical video of the integration here.
If you are migrating to the cloud and evaluating cloud network security solutions, download the Buyer’s Guide to Cloud Network Security to understand:
- The top 10 considerations when evaluating and choosing a cloud network security solution in more detail
- An overview of Check Point CloudGuard and how it answers these top 10 considerations
- The relative benefits of the solutions provided by leading cloud providers and third-party security vendors
Another valuable document is the Forrester Total Economic Impact of CloudGuard Network Security:
Forrester Research interviewed a $10B+ US-based healthcare company who uses CloudGuard to secure their hybrid-cloud deployment and generated a 169% ROI. To read this document, click here.
If you are in the process of planning your migration to the cloud, please fill in the form to schedule a demo, and a cloud security expert will help to understand your needs.
If you are ready to trial CloudGuard Network Security in your public or private cloud, fill in your details here and we will contact you to schedule next steps.
Check out this page for more technical deep-dive webinars, or ask a cloud security architect to schedule a customized deep-dive technical workshop in your region/country and even in your local language.
If you have any other questions, please contact your local Check Point account representative or partner using the same contact us link.
Are you attending RSA 2023? Come visit us at Booth 6164 to learn more about our innovative prevention-first solutions:
- Quantum SD-WAN offers branch offices unparalleled protection from the most imminent cyber threats without compromising on connectivity, with a 99.7% catch rate.
- Infinity Spark for SMB delivers industry-leading threat prevention with an integrated fast connectivity suite, including 5G and Wi-Fi 6.
- CloudGuard CNAPP is a comprehensive cloud-native solution, which unifies security, giving more context and smarter prevention across the application lifecycle.
- Learn more about the CloudGuard integration with Azure GWLB. Don’t forget to ask the Check Point cloud security experts about the best Azure Virtual WAN security.
Our prevention-first solutions have got your business security covered, so visit us at RSA to learn more!
Follow and join the conversations about Check Point and CloudGuard on Twitter, Facebook, LinkedIn and Instagram.