Check Point Pumps Up Cloud Security: ‘It’s CASB on Steroids’

Check Point Software boosted its cloud security lineup today with its new CloudGuard product portfolio.

It includes CloudGuard SaaS to protect enterprises against attacks on software-as-a-service applications and CloudGuard IaaS, formerly vSEC, for public and private cloud infrastructure protection.

CloudGuard SaaS prevents account hijacking, the company claims. It also prevents advanced persistent threats (APTs) and zero-day malware from infecting data in SaaS applications. It uses real-time sandboxing, ransomware protection, anti-bot technologies, and real-time cloud-based threat intelligence.

The software also automatically forces encryption of sensitive data and blocks and quarantines unauthorized sharing of sensitive files.

“We are really building the automation capabilities so customers can utilize native tools in their cloud arsenal,” said Don Meyer, head of product marketing for Check Point. “Now we provide consistent policy across anywhere our customers or their infrastructure are going to go.”

This product will be available early in the second quarter of 2018.

The infrastructure-as-a-service security product targets infrastructure and workloads for public and private cloud platforms including: Amazon Web Services (AWS), Google Cloud Platform, Microsoft Azure, Cisco ACI, OpenStack, VMware NSX, VMware Cloud on AWS, VMware ESX, Alibaba Cloud, KVM, and Hyper-V, among others. CloudGuard IaaS is available now.

The Alibaba Cloud support is new, Meyer said, adding that the company is “on the cusp of announcing an Oracle [Cloud] integration as well.”

Cloud Security

The software sounds like cloud access security broker (CASB) technology. Meyer, however, insists it’s more than CASB. “We’ve got a fully integrated CASB solution on steroids,” he said. “It is really focused on providing threat prevention as opposed to just policing the identification.”

CASBs, he said, typically focus on enforcing security policy, and creating a buffer between the application and the enterprise. “It really is about authentication,” Meyer said. “Once you verify you are who you say you are, that exchange of information can take place.”

Check Point’s CloudGuard technology, on the other hand, takes a device- and application-centric approach, he explained. It polices the exchange of information between applications, and it determines if devices are acting suspiciously — for example being used at odd times or carrying an embedded certificate.

“We look at user behavior, along with some machine learning, and some device-level context,” Meyer said. “And we’re rounding that out in a portfolio for each individual user.”

Check Point’s product launch comes a day after its competitor Palo Alto Networks announced it added new cloud capabilities to its Next-Generation Security Platform, extending support across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.