Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security as an Accelerator for Cloud Adoption

338 views

Published on

Prezentace z konference Virtualization Forum 2019
Praha, 3.10.2019
Sál B

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Security as an Accelerator for Cloud Adoption

  1. 1. 1©2018 Check Point Software Technologies Ltd.©2019 Check Point Software Technologies Ltd. SECURITY AS AN ACCELERATOR FOR CLOUD ADOPTION Petr Kadrmas | SE Eastern Europe pkadrmas@checkpoint.com
  2. 2. 2©2018 Check Point Software Technologies Ltd. “By 2020, 60% of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk.” Gartner, “Special Report: Cybersecurity at the Speed of Digital Business,” May 2016. BUSINESS DEMANDS Control costs and reduce complexity Deliver applications faster to improve time to market Decrease business risk in an environment of advanced persistent threats
  3. 3. 3©2018 Check Point Software Technologies Ltd. Takes months to add new features & products ▪ Waterfall ▪ Monolithic Operations Business Security Manual, costly & slow ▪ Provisioning ▪ Maintenance/patching ▪ Scaling Technical problem ▪ On top ▪ Complex Deliver new products in weeks ▪ Agile ▪ Micro-services Automatic and fast ▪ DevOps ▪ Maintenance/patching ▪ Auto-Scaling Business problem ▪ Part of business process ▪ Automatized and dynamic ▪ Even more secure LEGACY IT Business supporter “NEW” ITBusiness accelerator
  4. 4. Traditional Security is Not Built for CI/CD Problem • Security checks happen at the end of System Development Lifecycle. Any issue sends product back to development, causing delays • Manual, siloed approach to security hardening robs DevOps of its agility • Organizations forced to trade off agility for security
  5. 5. CloudGuard Suite Visibility, compliance and governance, network security Preventing attacks on SaaS applications and cloud-based email Public Cloud - Access control and advanced threat prevention Controller - Adaptive security for all major cloud providers Private Cloud - Advanced threat prevention for East- West and North-South traffic
  6. 6. Public Cloud Network Security with CloudGuard IaaS and Dome9 1 Deploy the right architecture 2 Protect the network data plane 3 Protect the network control plane Cloud Security Blueprint, Automated and Elastic Security CloudGuard Dome9 – Visibility and Compliance for native features CloudGuard IaaS Gateway Advanced Security
  7. 7. Control Plane Security with CloudGuard Dome9 1 Visibility of assets and security posture 2 Continuous compliance 3 Cloud Security Intelligence, Log.ic Quickly identify misconfigurations Continuous assess and enforce security best practices and compliance standards Protect against threats and intrusions with actionable threat intelligence
  8. 8. Security and Compliance Testing in CI/CD Pipeline Problem • Security checks happen at the end of SDLC. Any issue sends product back to development causing delays • Manual, siloed approach to security hardening robs DevOps of its agility • Organizations forced to trade off agility for security Dome9 Dome9 Dome9 IaaS Log.ic Log.ic IaaS
  9. 9. Private Cloud Auto provisioned advanced threat prevention to control East-West traffic (lateral movements) Isolate infected machines with advanced security engines (like IPS, Anti-Bot, Zero-day protections and access control)
  10. 10. 10©2018 Check Point Software Technologies Ltd. • Strategic Global Alliance Partner • Integrations with: ESXi, NSX, vCenter, vRO, VMware Cloud on AWS and more • Support greatest number of releases including current NSX-V and NSX-T • Designed NSX Multi-Channel with VMware in partnership • First NGFW partner with full NSX Service Composer automation — driving innovation for increased automation LONGSTANDING PARTNERSHIP AND INNOVATION WITH VMWARE
  11. 11. 11©2018 Check Point Software Technologies Ltd. NSX MANAGER AUTOMATICALLY DEPLOYS AND PROVISIONS CHECK POINT CG GATEWAY ON EACH HOST CHECK POINT CloudGuard AUTO- DEPLOYMENT
  12. 12. 12©2018 Check Point Software Technologies Ltd. Use Check Point CloudGuard to control traffic access between Virtual Machines EAST-WEST SECURITY CONTROL NSX Service Chain Policy Traffic from Partner to Legal Security Group must go through Check Point vSEC Gateway [Restricted] ONLY for designated groups and individuals
  13. 13. 13©2018 Check Point Software Technologies Ltd. SHARED POLICY TAGGING Check Point tells SDN to quarantine infected apps Shared security context between CloudGuard and SDN controllers to automatically quarantine and trigger remediation NSX Policy From To Action Infected VM (Tagged by Check Point) Any Quarantine [Restricted] ONLY for designated groups and individuals
  14. 14. 14©2018 Check Point Software Technologies Ltd. NSX & CLOUDGUARD OPTION 1: NATIVE + ADVANCED PROTECTION
  15. 15. 15©2018 Check Point Software Technologies Ltd. NSX & CLOUDGUARD OPTION 2: ADVANCED PROTECTION ONLY
  16. 16. 16©2018 Check Point Software Technologies Ltd. NSX & CLOUDGUARD OPTION 3: ADVANCED PROTECTION WITH EXCEPTIONS
  17. 17. 17©2018 Check Point Software Technologies Ltd. NSX & CLOUDGUARD - UPGRADES External Network v2 v1
  18. 18. 18©2018 Check Point Software Technologies Ltd. NSX & CLOUDGUARD - UPGRADES External Network v2 v1
  19. 19. 19©2018 Check Point Software Technologies Ltd. NSX & CLOUDGUARD - UPGRADES External Network v2 v1
  20. 20. 20©2018 Check Point Software Technologies Ltd. CloudGuard Controller Provides adaptive security policy to the changes in your cloud assets. Enables a unified security policy over multi- cloud and on-premise environments
  21. 21. 21©2018 Check Point Software Technologies Ltd. APPLICATION-AWARE POLICY [Internal Use] for Check Point employees​
  22. 22. 22©2018 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals AUTOMATIC UPDATES CG controller constantly tracks changes to objects imported from the cloud management server and updates SmartConsole
  23. 23. 23©2018 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals LOGICAL IDENTITIES IN LOGS CG controller includes hosts logical names in security logs
  24. 24. 24©2018 Check Point Software Technologies Ltd. Check Point security is designed for cloud orchestration: 1. Policy with granular delegation privileges (per rule) 2. Policy that allows simultaneous changes TRUSTED ORCHESTRATION WITH R80 APIs
  25. 25. 25©2018 Check Point Software Technologies Ltd. UNIFIED SECURITY FOR ALL CLOUDS • Consistent security policy and control across Private and Public Cloud and Perimeter • Auto-scale according to your needs • Supports VMware Cloud on AWS
  26. 26. 26©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​
  27. 27. 27©2019 Check Point Software Technologies Ltd.©2019 Check Point Software Technologies Ltd. THANK YOU Petr Kadrmas| SE Eastern Europe pkadrmas@checkpoint.com

×