Posture Management Demo Lab

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 27 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:00
>> [MUSIC]
00:00
Welcome to the checkpoint jumpstart demo lab.
00:00
Illustrating lab, we're going to
00:00
demonstrate the CloudGuard Posture Management Console.
00:00
First connect to the CloudGuard web portal.
00:00
You will need to authenticate with
00:00
a valid subscription, username, and password.
00:00
I don't actually have a valid
00:00
Posture Management license subscription,
00:00
so I'm going to use the Check Point training
00:00
and environment called DemoPoint.
00:00
Checkpoint DemoPoint is a great learning
00:00
and demonstration utility that
00:00
can help you to learn CloudGuard solutions
00:00
and also some other checkpoint products.
00:00
You can access DemoPoint,
00:00
if you're a checkpoint employee or
00:00
a checkpoint distributor or reseller.
00:00
For more information on how to get
00:00
started with DemoPoint,
00:00
you can search on checkpoints website
00:00
for how to get started with DemoPoint.
00:00
Let's get right into it.
00:00
You first need to login to
00:00
the CloudGuard, native portal.
00:00
You just need to open a web browser and
00:00
go to the card guard native portal website.
00:00
Once you've logged in,
00:00
you will notice a familiar look to this interface.
00:00
It's designed to look similar to the RAD SmartConsole.
00:00
With all the main menu features designed
00:00
in a linear fashion on the left side of your screen.
00:00
If this is the first time logging
00:00
into the CloudGuard console,
00:00
it could be a bit overwhelming at first.
00:00
That's because this console was assigned to serve
00:00
as most of the CloudGuard products.
00:00
For the scope of this video,
00:00
and also for simplicity sake,
00:00
we're going to focus only on
00:00
the CloudGuard posture management menu options,
00:00
and drill only on this features and capabilities.
00:00
Which is about half of the menu
00:00
features that you see here.
00:00
The other half is related to
00:00
other CloudGuard products that we
00:00
mentioned about in the lecture part.
00:00
But as of yet, I have not
00:00
done any specific training on them.
00:00
Maybe in a future video,
00:00
I will elaborate more on these other products.
00:00
Remember, I talked about Cloud
00:00
intelligence and threat hunting.
00:00
Well, here's a product menu for that product,
00:00
which is called the intelligence icon.
00:00
I also mentioned about
00:00
the CloudGuard workload protection.
00:00
Well, here's that menu icon for that product.
00:00
I also talked about CloudGuard lab web applications
00:00
and API protection,
00:00
and shift lift is related to that.
00:00
The only reason I mentioned these are
00:00
the products is like I said,
00:00
this CloudGuard console can be
00:00
overwhelming first time you log in, and that's because,
00:00
and I just want to point out that
00:00
these other products are also
00:00
managed by this same cardboard console.
00:00
But in this video, I just only want to focus on
00:00
learning about the CloudGuard
00:00
posture management features.
00:00
You can ignore the other clarified products,
00:00
menus and their features.
00:00
Now remember, in the lecture portion
00:00
of this video training,
00:00
I emphasize that there were
00:00
four main core topics that
00:00
a posture management solution should be able to do,
00:00
and I stress them over and over again.
00:00
These four main core topics that we
00:00
talked about are visibility,
00:00
inventory, compliance, and security.
00:00
Now, let's go over these key main topics again.
00:00
But now with the CloudGuard console.
00:00
When we talk about visibility,
00:00
I mentioned that your posture
00:00
management solution should be
00:00
like a window into your whole Cloud infrastructure.
00:00
Now there's no specific menu icon for visibility.
00:00
But in fact, you can say to all of
00:00
these CloudGuard menus will
00:00
give you the full visibility into your Cloud.
00:00
All of these Posture Management icons will give you
00:00
the visibility into your Cloud infrastructure
00:00
in some way or another.
00:00
I know there's a bit of overlap in
00:00
some cases, but that's fine.
00:00
Better to give you more details than less.
00:00
But I think the best place to start
00:00
the visualization of your
00:00
>> assets is at the overview tab.
00:00
>> This is the great place to start because it gives
00:00
you a nice and compact format and
00:00
a complete summarization of all your assets
00:00
that have been onboarded
00:00
>> from your Clouds or multi-cloud.
00:00
>> Here is where you have the home dashboard page,
00:00
the main page to monitoring your Cloud environments.
00:00
As you can see, the checkpoint DemoPoint account
00:00
has full monitor environments.
00:00
One account for each Cloud provider,
00:00
and one Kubernetes account,
00:00
which is a total of four accounts.
00:00
Also notice that we have
00:00
close to 3000 total assets in my inventory,
00:00
at the time of this recording.
00:00
This list keeps glowing.
00:00
All of these assets are
00:00
distributed across these for CloudGuard accounts.
00:00
We can also see a breakdown of
00:00
all the top protected assets and also
00:00
a chart listing all the protected assets per platform.
00:00
You can also see a bunch of
00:00
other stats then statistics and also
00:00
alerts listed by top accounts and also by top alerts.
00:00
All of these are what we call widgets.
00:00
You can shift the widgets around on
00:00
a homepage to give you the look and feel that you want.
00:00
You can customize your homepage,
00:00
which your favorite stats and statistics and widgets.
00:00
You can even create your own homepage with
00:00
your favorite tools and utilities and widgets.
00:00
Another icon related to visibility is that Events icon.
00:00
Here you can see all the events and logs that have
00:00
been generated and triggered by various engines.
00:00
In this case, we see that
00:00
compliance engine has triggered a few alerts,
00:00
somewhat high and medium and low severity.
00:00
Also you can see which Cloud environments
00:00
trigger these alerts.
00:00
Notice that we have over 30,000 events.
00:00
You can even export all
00:00
>> of these events if you so choose.
00:00
>> We can spend a few hours here
00:00
exploring all the features in this interface.
00:00
But for now I just want to point
00:00
out the main core topics.
00:00
Other car topic that we listed that
00:00
your posture management should be able to do,
00:00
is a list of your inventory.
00:00
Here we have to Assets Icon,
00:00
which contains a complete list of all your assets.
00:00
In the Environment tab, again,
00:00
we have the four environments
00:00
and we can drill down into each environment to
00:00
see all the protected assets and
00:00
policies that were assigned to those assets.
00:00
In the protected asset tab,
00:00
here you can see close to 3,000 assets.
00:00
You can filter by platform, environment, region,
00:00
networks, or other criteria.
00:00
Let me show you some of this.
00:00
Let's select Azure environment,
00:00
and then select asset type as virtual machine.
00:00
When we click on an asset,
00:00
we can get the full details of those assets.
00:00
You can see the inbound and outbound firewall rules.
00:00
Another main topic that we talked
00:00
about was the compliance.
00:00
Your posture management solution should be able
00:00
to run Compliance Assessments.
00:00
Look here at this icon.
00:00
Here we have the Posture Management icon,
00:00
which encompasses both the compliance
00:00
and the best-practice rules.
00:00
In the welcome page.
00:00
I really liked this new welcome page.
00:00
I like how Check Point has organized
00:00
all the Posture Management main
00:00
features into a centralized landing page.
00:00
From the centralized landing page,
00:00
you can launch all the posture management features.
00:00
You can check your compliance status,
00:00
you can run compliance assessments,
00:00
you can manage best-practice rules and rule sets,
00:00
and you can even manage your policies
00:00
and configure automatic remediation.
00:00
In this landing page, we have
00:00
the main features that we can
00:00
execute with posture management
00:00
just with a simple click of a button.
00:00
Now, another core feature that we talked about in
00:00
the lecture part of this series was security.
00:00
You need to make sure that your cloud assets
00:00
are as secure as possible.
00:00
Here we have the network security menu.
00:00
This is your Cloud network security.
00:00
Here again, they've added a welcome landing page.
00:00
I think the centralized landing page is a blessing.
00:00
It is very intuitive.
00:00
It helping you to understand and
00:00
navigate through the menu options.
00:00
If I'm here, you can inspect your note configurations,
00:00
you can explore your actual traffic,
00:00
you can even check out
00:00
your traffic logs and review
00:00
>> your Cloud security groups.
00:00
>> Next, let's take a look at
00:00
Identities with the identity icon.
00:00
Again, we have the welcome landing page,
00:00
which is a great organized jumping point
00:00
into your Cloud identities.
00:00
Notice that it is grouped in two.
00:00
We have the visibility menus,
00:00
and that gives us a view of your account activities of
00:00
activity logs and Cloud users and Cloud rolls,
00:00
and we also have the IM safety.
00:00
Here you can create your users and
00:00
roles and even elevate privileges.
00:00
Now let's give the workload protection and
00:00
intelligence and shift left icons.
00:00
As I mentioned, these icons are
00:00
for other CloudGuard products,
00:00
that we briefly mentioned in
00:00
introduction phase in lesson 1 of the lecture series.
00:00
Finally we come to the Resource icon.
00:00
Again, we have a welcome landing page.
00:00
Here it's basically links to
00:00
documentation and administration guides
00:00
to the release notes.
00:00
Also, a quick link to the checkpoints support center.
00:00
If you want to quickly
00:00
>> look up in this key or an article.
00:00
>> We also have links to additional reference material.
00:00
Links to the API reference manual,
00:00
links to the GSL reference guide,
00:00
and link to the Cloud BAD resource page.
00:00
You can even check out the status of
00:00
all our CloudGuard checkpoint servers.
00:00
Even a link to directly open a case with checkpoint.
00:00
Finally, we have the setting section.
00:00
Here. You can check out your account information.
00:00
You can even change your password.
00:00
You can even get your CloudGuard mobile app from
00:00
the Apple App Store and
00:00
even an app from the Google playlist.
00:00
Now there's a bunch of other features that I did
00:00
not get too in this intro.
00:00
Since for now, I just wanted to give you
00:00
a high-level view of the CloudGuard native portal.
00:00
If you want more information on any
00:00
of these features that we talked about,
00:00
you can get more information
00:00
out our checkpoint YouTube channel.
00:00
That brings us to the end of this overview.
00:00
I hope to see you in the next
00:00
jumpstart Training video series.
00:00
Until then, so long,
00:00
and bye for now. [MUSIC]