What is CloudGuard Posture Management?

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 27 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:00
>> [MUSIC]
00:00
Welcome to Check Point Jump Start training series.
00:00
Check Point CloudGuard is a suite of products and
00:00
solutions that can secure
00:00
your data and virtual networks in the Cloud.
00:00
In this training video series,
00:00
we'll be looking at CloudGuard Posture Management.
00:00
In Lesson 2,
00:00
we talked about what are some of
00:00
the Cloud security challenges that customers
00:00
face while moving their assets into the Cloud.
00:00
In Lesson 3, we're going to discuss how
00:00
CloudGuard Posture Management solution
00:00
specifically addresses these challenges.
00:00
This video will be the heart of this training module.
00:00
The first two lessons in
00:00
this module, we're just prerequisites.
00:00
In order to understand not only
00:00
some of the main Cloud adoption challenges,
00:00
but also what are the primary security concerns that
00:00
customers face when shifting
00:00
>> their assets into the Cloud.
00:00
>> In Lesson 3, we will dive into how
00:00
Check Point CloudGuard Posture Management
00:00
>> solutions work.
00:00
>> We will not only examine some
00:00
of the customers Cloud concerns,
00:00
but also how to enforce the Cloud security challenges.
00:00
What is Check Point CloudGuard Posture Management?
00:00
Cloud Security Posture Management is a new class of
00:00
technologies defined by Gartner Research.
00:00
It defines and standardizes
00:00
the new industries market for
00:00
>> securing your Cloud assets.
00:00
>> It suggests and offers a framework
00:00
to address Cloud security and risk management.
00:00
It promotes processes and tools to proactively
00:00
and reactively identify and remediate risks.
00:00
Check Point's after technologies offers
00:00
a Cloud security posture management product
00:00
called CloudGuard Posture Management.
00:00
CloudGuard Posture Management is
00:00
a consolidated platform that is built from the ground
00:00
up for the Cloud and gives administrators
00:00
complete visibility and active control
00:00
of their Cloud environments.
00:00
Formally called
00:00
Dome9 checkpoint CloudGuard Security
00:00
Posture Management is a robust,
00:00
a comprehensive security solution to
00:00
address and fix many Cloud security challenges.
00:00
As more organizations open
00:00
their infrastructure into the Cloud,
00:00
there is a need to make sure
00:00
>> that there is visibility and
00:00
>> control in the Cloud and
00:00
also stay continuously compliant.
00:00
Check Point CloudGuard Posture Management solution
00:00
deliver security
00:00
and compliance automation to
00:00
enterprises as they scale into the public Cloud.
00:00
Check Point CloudGuard Posture Management
00:00
currently supports
00:00
seamless integration using Cloud API
00:00
calls for the following Cloud service providers.
00:00
We have the Microsoft Azure,
00:00
Amazon Web Services,
00:00
Google Cloud platform, and in addition,
00:00
we also support Kubernetes solutions and
00:00
more solutions are in the pipeline like Ali Cloud.
00:00
Now let's take a look at how
00:00
Check Point CloudGuard Posture Management
00:00
addresses these challenges that we've mentioned.
00:00
CloudGuard Posture Management, Cloud inventory.
00:00
Let's talk about the Cloud inventory.
00:00
Using a single unified console,
00:00
you can get a full inventory of
00:00
all your Cloud assets across all your accounts,
00:00
your regions, and your Cloud ecosystems.
00:00
It scans your Cloud accounts to
00:00
retrieve a full list of all your assets,
00:00
keeping this information in one centralized place.
00:00
This centralized list provides you
00:00
a quick understanding of
00:00
the situation within your environment.
00:00
We now having to go to
00:00
each Cloud environment
00:00
>> separately to get all the answers.
00:00
>> With the CloudGuard console,
00:00
you can get a full and comprehensive map
00:00
of all your Cloud assets,
00:00
including all the details of
00:00
all your devices and all your networks.
00:00
You can use this map to not only view,
00:00
but also edit and change any configurations.
00:00
You can perform a deep dive into
00:00
all your public Cloud, multi-Cloud,
00:00
and hybrid Cloud platforms to form
00:00
a complete and comprehensive list of
00:00
all your Cloud assets across all your Cloud ecosystems.
00:00
CloudGuard Posture Management and
00:00
visualization of assets.
00:00
Let's talk about visualization of your assets.
00:00
With CloudGuard console,
00:00
you can get a full and complete visibility into
00:00
all your Cloud security configurations infrastructure
00:00
using a powerful visualization tool called Clarity.
00:00
Using Clarity, you can get
00:00
a full and complete representation,
00:00
an outline of all your network topologies,
00:00
all the security policies, security groups,
00:00
and network routing and forwarding
00:00
pathways to help formulate and define
00:00
a complete end-to-end portrait
00:00
of your Cloud infrastructure to
00:00
help you assess
00:00
all your security risks and vulnerabilities.
00:00
This information provides you
00:00
>> with a broad in-depth view
00:00
>> of all your Cloud network infrastructures
00:00
and attack services and
00:00
potential network exposures allowing
00:00
administrators to quickly identify risks and
00:00
threats within your Cloud environment
00:00
to help tighten security and
00:00
access controls and minimize
00:00
the attack surface to prevent cybersecurity breaches.
00:00
Clarity can be used by administrators and
00:00
new Cloud users to better
00:00
understand their overall traffic flow.
00:00
CloudGuard Posture Management and compliance.
00:00
Let's talk about posture management and compliance.
00:00
The Check Point CloudGuard has built in
00:00
a compliance and policy management rule
00:00
set which continuously
00:00
assesses the accounts in a Cloud environment to help
00:00
your organization assess compliance
00:00
and also governance standards.
00:00
The CloudGuard Posture Management
00:00
>> solution supports over
00:00
>> 50 plus major compliance frameworks
00:00
>> to help you maintain
00:00
>> governance and compliance standards
00:00
right out of the box to
00:00
help reinforce good behavior
00:00
across all of your environments.
00:00
All of these features can be quickly deployed to make
00:00
sure that your Cloud is as secure as can be.
00:00
You can use the compliance engine toolset
00:00
to notify you when
00:00
rules have failed compliance standards
00:00
that your organization is required to meet.
00:00
All of these notifications can also be
00:00
sent and relayed to third-party tools;
00:00
third-party tools like ServiceNow,
00:00
Splunk, Slack, and others.
00:00
CloudGuard Posture Management,
00:00
security configuration management.
00:00
Let's discuss security configuration management.
00:00
CloudGuard is not just a monitoring tool,
00:00
but it can also be used to manage security policies
00:00
and security groups across your regions and
00:00
across your accounts to help you understand and
00:00
control the overall security of your Cloud assets.
00:00
This allows administrators to
00:00
identify misconfigurations that can
00:00
lead to data breaches and assist
00:00
in addressing and fixing issues quickly.
00:00
The centralized console has over 2,400
00:00
built-in industry security best-practice rules.
00:00
It accesses connected Cloud accounts once every hour,
00:00
looking for misconfigurations and security issues.
00:00
CloudGuard helps businesses elevate the level of
00:00
their existing security posture to achieve
00:00
optimal standards and to pass a variety of audits.
00:00
CloudGuard Posture Management
00:00
identity and access management.
00:00
Let's talk about IAM protection.
00:00
CloudGuard provides
00:00
identity protection and on-demand user
00:00
access to protect your organizations
00:00
against identity theft and stolen credentials.
00:00
IAM safety give security
00:00
teams granular control over users,
00:00
roles, and actions to
00:00
prevent and protect against compromised credentials.
00:00
IAM protection has two protections.
00:00
First, we have the protected mode.
00:00
In this mode, users cannot perform
00:00
protected actions on these Cloud services.
00:00
We also have protected with elevation mode.
00:00
Here, only certain protective actions can be performed,
00:00
but only when you elevate
00:00
privileged permissions in as-needed basis only.
00:00
This mode helps protect the Cloud in
00:00
case administrator's credentials have been compromised.
00:00
You only get permissions for
00:00
certain actions and only
00:00
for specific small amount of time.
00:00
CloudGuard Posture Management, tamper protection.
00:00
CloudGuard tamper protection offers continuously
00:00
Cloud development protection against
00:00
unapproved or unauthorized configuration changes.
00:00
The CloudGuard tamper tool continuously
00:00
monitors Cloud environments for any changes
00:00
that have deviated and drifted from the last
00:00
approved and official state configuration changes.
00:00
>> If a region lock has been enabled,
00:00
then any slight deviation from official support
00:00
its snapshots could be
00:00
caused by a potential security breach.
00:00
The administrator will get notified and if
00:00
a breach has occurred or is in
00:00
>> the process of occurring,
00:00
>> the administrator can revert back
00:00
to the approved gold standard configuration.
00:00
Check point, provides a multilayer defense enabling
00:00
administrators to lock down
00:00
Cloud instances with a single click.
00:00
Dynamically, we configure policies to
00:00
provide secure access for authorized services.
00:00
These are some of the standard tools for
00:00
Cloud without Security Posture Management.
00:00
In addition, we offer some other tools that are
00:00
standard and relevant for
00:00
most of the CloudGuard security platforms.
00:00
CloudGuard Posture Management, auto-remediation.
00:00
As mentioned earlier,
00:00
your CloudGuard Posture Management solution
00:00
would not be complete without
00:00
an automatic remediation solution.
00:00
CloudGuard offers a couple of
00:00
options to help you automatically
00:00
remediate systems configurations
00:00
and prevent network leakage.
00:00
We have two major remedies for automatic remediation.
00:00
We have the GSL,
00:00
which stands for Governance and Specification Language,
00:00
and we have the CloudBots.
00:00
The GSL is a scripting language,
00:00
or I should say,
00:00
it is a methodology to make
00:00
scripting easier for engineers.
00:00
It's a syntax enhancer to help
00:00
define posture management rules.
00:00
It helps engineers to find
00:00
a specific item or value in a sea of entities,
00:00
in a sea of assets.
00:00
That CloudBot, on the other hand,
00:00
is an open source project that
00:00
helps identify threats and automatically correct issue.
00:00
Together they can work in tangent like a dynamic duel,
00:00
if you will, helping to
00:00
identify and remediate any threats or issues.
00:00
Let's break down these two different
00:00
auto-remediation solutions a little bit further.
00:00
The GSL governance and
00:00
specification language is used with
00:00
various CloudGuard native products like
00:00
Posture Management and also Cloud Intelligence.
00:00
With many other cloud-like products,
00:00
you have the capability to use GSL scripting language,
00:00
the governance and specification language,
00:00
which is a very incredibly powerful scripting language.
00:00
GSLs allows customers to write and run
00:00
custom security compliance checks
00:00
that can be easily read and written.
00:00
Organizations can use
00:00
the scripting language to create and write
00:00
their own scripts to help them identify
00:00
any vulnerabilities or any threats.
00:00
The CloudGuard GSL scripting language
00:00
is designed to be an intuitive, a GSL builder.
00:00
It helps users to build rules and
00:00
aid users in simplifying code syntax construction,
00:00
making it easier to create and run code.
00:00
It allows you to easily create
00:00
rules to test your environment without
00:00
needing to learn complex API code
00:00
for each and every service.
00:00
Also we have the CloudBots.
00:00
CloudBot is an open source project offering
00:00
an auto remediation solution for
00:00
public Cloud platforms like AWS,
00:00
Microsoft Azure, and Google Cloud Platform.
00:00
It was built to automatically
00:00
enhance compliance capabilities.
00:00
It enables you to auto remediate
00:00
any findings that were identified.
00:00
The platform has a bunch of pre-built, predefined bots.
00:00
But the administrator can also
00:00
clone and modify and create
00:00
additional bots as needed
00:00
to remediate any misconfigurations.
00:00
It can also help create
00:00
customized responses to
00:00
>> specific automatic remediations.
00:00
>> Together, both of these solutions can be combined
00:00
to resolve and mitigate risks and exposures.
00:00
You can use DSL to find
00:00
servers or network configurations or versions,
00:00
and then you can use a CloudBot to
00:00
fix or close ports or services.
00:00
Here are a few examples to help you understand this.
00:00
Let's take a look at example A.
00:00
A GSL script can be launched to
00:00
identify Windows or Linux workstations,
00:00
identify their versions, and
00:00
>> then identify their patches.
00:00
>> Or maybe a script B.
00:00
This script can be launched to list
00:00
all security groups allowing inbound FTP traffic.
00:00
After you've identified the versions
00:00
or you've identified the traffic using GSL,
00:00
then you can fix these problems using the CloudBots.
00:00
A bot can be launched to disable http,
00:00
and enable HPS on one or all of your workloads.
00:00
A bot can be launched to block
00:00
FTP axis on security groups.
00:00
You don't need to run them together.
00:00
Each of these tools can be run separately,
00:00
but I just wanted to give you a visual of the power,
00:00
and what you can do when you run them
00:00
together, like a tag team.
00:00
This gives you optimal remediation
00:00
>> and optimal security.
00:00
>> That brings us to the end of Lesson 3.
00:00
Let's take a quick recap before exiting this video.
00:00
In this lesson, we
00:00
defined what CloudGuard Posture Management
00:00
is and what CloudGuard Posture Management does.
00:00
We mentioned CloudGuard Posture Management is
00:00
a multi-cloud solution supporting Azure,
00:00
AWS, Google Cloud Platform,
00:00
and Kubernetes, and
00:00
feature support for early Cloud is also in the works.
00:00
CloudGuard Posture Management is
00:00
also a cloud inventory solution.
00:00
It uses a single unified console to keep track of
00:00
all your Cloud assets in one centralized location.
00:00
CloudGuard Posture Management is also
00:00
a visualization of assets tool.
00:00
Using the clarity visualization tool,
00:00
you can get a full visibility into
00:00
your Cloud security configurations.
00:00
CloudGuard Posture Management and compliance.
00:00
CloudGuard Posture Management supports
00:00
over 50 plus major compliance frameworks.
00:00
CloudGuard Posture Management also
00:00
offer security configuration management.
00:00
This helps you control the security
00:00
of the Cloud networks and links,
00:00
and we have over 2,400 security
00:00
best-practice rules built into the product.
00:00
CloudGuard Posture Management, IAM protection.
00:00
This helps you protect your organization against
00:00
identity theft and stolen credentials.
00:00
CloudGuard Posture Management, tamper protection.
00:00
You can launch any configuration changes which helps
00:00
enforce the use of
00:00
only your approved cloud standard configurations.
00:00
We also offer to
00:00
automatic remediation solutions, the GSL,
00:00
intuitive and powerful scripting
00:00
language to identify problems,
00:00
and then you can launch the CloudBots to
00:00
automatically remediate and patch any security gaps.
00:00
That completes this lesson.
00:00
In the next lesson, we will be talking
00:00
about how CloudGuard Posture Management works.
00:00
I will see you there. [MUSIC]
Up Next