LIfting the lid off Cloud threats

CloudGuard Log.ic provides threat protection and context-rich security intelligence in the public cloud, enabling operations teams to see every IaaS and PaaS Asset, understand cloud activities, and easily launch forensics.

  • 4 years ago Posted in
Check Point has released CloudGuard Log.ic, a solution which delivers cloud-native threat protection and security intelligence. Using CloudGuard Log.ic, customers can now see every data flow and audit trail in today’s elastic cloud environments, and make sense of cloud data and activities to expedite forensic investigation processes.

 

CloudGuard Log.ic effectively detects cloud anomalies, blocks threats and intrusions, and delivers context-rich visualization to enable thorough investigations into security incidents in public cloud infrastructures such as AWS. Log.ic joins Check Point’s CloudGuard family of cloud security products.

 

An upcoming cloud security survey conducted for Check Point by CyberSecurity Insiders found that the biggest operational cloud security headaches IT organizations struggle with are compliance (34%) and lack of visibility into infrastructure security (33%).  While a majority of organizations say their cloud instances have not been hacked (54%), an alarming 25% did not know whether they had been breached or not. 15% of organizations confirmed they had experienced at least one cloud security incident.

 

At the heart of CloudGuard Log.ic is an enrichment engine that collates data from a variety of sources including VPC Flow Logs and AWS CloudTrail, to build contextual awareness of security in public cloud environments. Security and DevOps teams can now use this turnkey solution to expedite incident response and threat hunting, review security policies and enforce them across multiple accounts. CloudGuard Log.ic can also integrate with third-party SIEM solutions, such as Splunk and ArcSight.

 

“One of the key differences in cloud environments is the ephemeral nature of elements,” notes Fernando Montenegro of market research firm, 451 Research. “As workloads and instances of virtual machines, containers or serverless functions execute, information that used to be considered static, such as IP addresses, can no longer be relied upon. We definitely see a need for newer security tooling that understands the new concepts natively and enriches information from flow logs, load balancers, and other cloud-native components. As a result, IT gets a more detailed view of events at runtime, allowing for a more precise understanding of the environment as well as stricter enforcement of security rules.”

 

Some of CloudGuard Log.ic’s key features include:

  • Advanced threat prevention via integration with Check Point’s industry leading ThreatCloud intelligence feeds of malicious IPs.
  • Easy creation of customized alerts triggered by suspicious network and user activity, compliance violations and security misconfigurations.
  • Attribution assigned to users, groups and roles, is analyzed to track even federated events, as configuration changes are tracked and correlated to the individual or role.
  • Reporting on significant events, statistics and traffic can be defined and scheduled for direct reports in email and various ITMS tools, such as ServiceNow, PagerDuty, Jira, etc.
  • CloudBots auto-remediation functions can be used to automatically act on specific alerts of malicious activity and to automate further steps such as quarantining, or tagging for further investigation.

 

“CloudGuard Log.ic provides our enterprise customers with powerful visibility and context into all activity within their cloud environment, combined with feeds that identify malicious intent or intrusion detection to prevent mega Gen V cybersecurity attacks,” said Itai Greenberg, VP Product Management and Marketing, Check Point Software Technologies. “With the addition of CloudGuard Log.ic, Check Point continues to arm customers with the latest security tools to detect and prevent advanced threats in the cloud.”

 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...