How Does CloudGuard Posture Management Work?

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 27 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:00
>> Welcome to Check Point Jump Start Training Series.
00:00
Check Point CloudGuard
00:00
>> is a suite of products and solutions
00:00
>> that can secure your data and
00:00
virtual networks in the Cloud.
00:00
In this training video series,
00:00
we'll be looking at CloudGuard Posture Management.
00:00
In lesson 3,
00:00
we talked about what are some of
00:00
the Cloud security challenges that customers face
00:00
>> when moving their assets into the Cloud.
00:00
>> We mentioned that
00:00
Check Point CloudGuard Posture Management
00:00
>> is a solution helping customers address security
00:00
>> and assess risks in their Cloud infrastructures.
00:00
>> CloudGuard Security Posture Management is a solution
00:00
>> to help organizations protect their Cloud assets
00:00
>> and to stay compliant and up to date
00:00
>> with regulations and industry standards.
00:00
>> CloudGuard Security Posture Management helps customers
00:00
>> make sure that your Cloud environments
00:00
>> are as secure as can be.
00:00
>> CloudGuard Security Posture Management
00:00
is a proactive security solution.
00:00
We also talked about some of the key features that
00:00
>> are built into CloudGuard Posture Management solution.
00:00
>> We mentioned how it supports multi-Cloud platforms
00:00
with more Cloud vendor support on the way.
00:00
It has over 2,400 built-in
00:00
>> security best-practice rules,
00:00
>> the most in the industry.
00:00
>> We mentioned that your Cloud workload deployments
00:00
can be assessed with a simple click of a button.
00:00
We also support over 50 major compliance frameworks
00:00
>> to help you make sure
00:00
>> that your Cloud is always secure and compliant.
00:00
>> It also offers identity protection
00:00
and also tamper protection.
00:00
We also offer auto-remediation
00:00
with GSL scripting language,
00:00
also the open-source CloudBots.
00:00
Lesson 4, how does CloudGuard Posture Management work,
00:00
our fourth and final lesson in this lecture.
00:00
In lesson 4, we're going to discuss
00:00
how CloudGuard Posture Management works under the hood.
00:00
I'm going to show you how CloudGuard Posture Management
00:00
>> integrates with your own Cloud solution.
00:00
>> Now let's discuss
00:00
how CloudGuard Posture Management works.
00:00
The CloudGuard Posture Management is a SaaS solution,
00:00
security as a service solution from Check Point.
00:00
When you purchase this product,
00:00
you're basically getting a subscription account into
00:00
>> Check Point's CloudGuard Posture Management solution.
00:00
>> Everything is hosted and running in the Cloud.
00:00
In Check Point's Cloud services that are SaaS services
00:00
>> hosted in various Cloud providers around the world.
00:00
>> All the data is consumed over Cloud APIs.
00:00
Meaning that all the requests and all the replies
00:00
>> are being sent back and forth
00:00
>> from your Cloud to Check Point's
00:00
>> CloudGuard Posture Management solution
00:00
over these Cloud API protocols.
00:00
You need to connect to the Check Point SaaS servers
00:00
>> using a web browser.
00:00
>> After you login with your credentials,
00:00
you will be presented with the main page,
00:00
what we call the CloudGuard Console page.
00:00
We also call this the CloudGuard Native Console
00:00
since it's the launching point
00:00
for most of the CloudGuard products.
00:00
The CloudGuard Console allows you
00:00
>> to see what you are protecting.
00:00
>> The main landing page is called the dashboard.
00:00
The dashboard page can be 100 percent customizable
00:00
>> and will give you a single pane of glass
00:00
>> for everything across all your workloads,
00:00
>> across all your Cloud.
00:00
The first time you connect,
00:00
all the metrics and stats will be blank.
00:00
The first thing you need to do is connect
00:00
the CloudGuard Console to your Cloud accounts.
00:00
This is what we call onboarding.
00:00
Onboarding is the process of connecting your
00:00
>> CloudGuard Posture Management solution subscription
00:00
>> to your very own Cloud services
00:00
>> that are hosted by your Cloud service provider.
00:00
You can onboard one Cloud account
00:00
or multiple Cloud accounts,
00:00
>> or you can onboard one Cloud service provider
00:00
>> or multiple Cloud service providers.
00:00
>> Onboarding essentially means that
00:00
you're adding your Cloud vendor accounts into
00:00
the Check Point CloudGuard Posture Management solution.
00:00
The process of onboarding varies
00:00
from service provider to service provider,
00:00
but the process is pretty straightforward and secure.
00:00
Once the onboarding has been completed,
00:00
then all your Cloud provider assets
00:00
>> will start to populate
00:00
>> into your CloudGuard subscription.
00:00
>> Then you'll start to be able to see them
00:00
appear in your CloudGuard Console.
00:00
It usually takes a few moments until all your assets
00:00
>> will become visible in the CloudGuard console.
00:00
>> That really depends on how big
00:00
>> your Cloud provider account is,
00:00
>> and how many accounts you're onboarding,
00:00
and how many Cloud providers you onboard.
00:00
As an example, onboarding an AWS account
00:00
>> will contain over a 150 API calls
00:00
>> that populates CloudGuard Console
00:00
>> with all the workloads and assets
00:00
>> that are stored in your AWS account.
00:00
>> But once the onboarding process has been completed,
00:00
then you don't need to do it anymore.
00:00
You only need to onboard your accounts one time.
00:00
The next time you log in to the CloudGuard Console,
00:00
you will be able to see all your Cloud assets
00:00
that were gathered during the onboarding process.
00:00
Now it's important to state that your data
00:00
>> is not visible within the CloudGuard Console.
00:00
>> Only the metadata will be accessed,
00:00
meaning that all your database data will not be visible
00:00
>> or even accessible within the CloudGuard Console.
00:00
>> The onboarding process does not collect
00:00
your personal data that is hosted
00:00
>> by your Cloud provider,
00:00
>> but only the metadata.
00:00
This means that only your assets
00:00
will be visible in the CloudGuard Console.
00:00
You will be able to see
00:00
what workloads have been configured,
00:00
how many workloads, in what sub-nets,
00:00
in what regions, and in what availability zones.
00:00
You will be able to see the total amount of workloads
00:00
>> that have been created in the Cloud,
00:00
>> in which Clouds, on what accounts,
00:00
and also how many load balancers,
00:00
and on which virtual networks and so on.
00:00
Only this metadata will be visible
00:00
>> in a CloudGuard Console.
00:00
>> None of your personal data or your database data
00:00
>> will be visible in the CloudGuard Console.
00:00
>> Now let's discuss a little bit on how it works.
00:00
The CloudGuard Posture Management
00:00
uses native Cloud API calls.
00:00
It's an agentless solution.
00:00
There is really no software that you need to install
00:00
>> or any agent that you need to manage.
00:00
>> This can be quickly set up in under five minutes.
00:00
You just need to connect to
00:00
the CloudGuard Security Posture Management service,
00:00
and then you need to authenticate
00:00
to your Cloud infrastructure,
00:00
your single Cloud, your multi-Cloud,
00:00
your single account, your multiple accounts.
00:00
Then the CloudGuard Console session
00:00
>> will start making API calls
00:00
>> to view all the assets from your onboarded Clouds,
00:00
>> your onboarded accounts, your onboarded regions.
00:00
Then the Cloud service provider will reply
00:00
>> what API replies,
00:00
>> which populates the CloudGuard Console.
00:00
>> This information we'll enrich all of your data,
00:00
what we call high fidelity,
00:00
you will be able to see all your asset information,
00:00
which is a nicely contained
00:00
>> and highly organized enrichment of your data.
00:00
>> There are two main modes of operation
00:00
>> in which you can configure your CloudGuard
00:00
>> when onboarding a Cloud account.
00:00
>> We offer two modes of operation,
00:00
a monitor mode and a full protection mode,
00:00
which are read-only and read-write mode, respectively.
00:00
The monitor mode is a read-only solution.
00:00
You cannot make any changes.
00:00
You can only view the details of your Cloud assets.
00:00
This read only mode will monitor
00:00
>> all your Cloud accounts,
00:00
>> looking for changes, and providing you with alerts.
00:00
>> On the other hand, the full protection mode
00:00
>> is a read-write mode which allows you to view
00:00
>> and also make changes.
00:00
>> This mode also supports the tamper protection
00:00
>> and regional locks that we talked about.
00:00
>> In this mode, you can make API calls to delete, add,
00:00
and change your Cloud assets,
00:00
their properties, or the configurations.
00:00
Ninety-five percent of the functionality with CloudGuard
00:00
>> only requires read access,
00:00
>> and most customers begin with read only mode.
00:00
They can easily upgrade to read-write
00:00
>> at a later time if they so choose.
00:00
>> Then from here, you'll have full visibility
00:00
>> into your Cloud assets.
00:00
>> That brings us to the end of lesson 4.
00:00
In this video, we discussed that
00:00
CloudGuard Posture Management
00:00
>> is a Check Point SaaS solution.
00:00
>> It's an agentless solution,
00:00
meaning that no software or
00:00
a client agent needs to be installed.
00:00
All you need is a PC with a browser.
00:00
Once you have purchased
00:00
that CloudGuard Posture Management solution,
00:00
all you need to do is login to your account
00:00
>> using the CloudGuard Native Console,
00:00
>> which is a web browser.
00:00
Then the first step you need to do
00:00
>> is onboard your accounts from your Cloud
00:00
>> or multi-Clouds, if you have them.
00:00
It then uses API protocols
00:00
>> to call the Cloud's metadata and requests.
00:00
>> Once you've onboarded all your Cloud accounts,
00:00
the CloudGuard Native Console will start populating
00:00
>> with all your Cloud assets.
00:00
>> After that, any changes in your Cloud
00:00
>> will be incrementally refreshed in your Cloud Console
00:00
>> within certain time intervals
00:00
>> depending on what assets
00:00
>> have been added, deleted, or edited.
00:00
>> That completes our fourth lesson
00:00
and that brings us to the end of this video.
00:00
It's also the end of this training module.
00:00
I have one more bonus module,
00:00
which is the whole training video summarization.
00:00
I will see you there.
Up Next