Check Point Software Technologies has introduced a new risk management engine along with enhanced capabilities to the Check Point CloudGuard Cloud Native Application Protection Platform (CNAPP). The new capabilities add intelligent risk prioritization, agentless scanning, entitlement management, and pipeline security. With a focus on context, speed, and automation, the new capabilities operationalize cloud security, removing complexities and overhead noise associated with traditional standalone cloud security alerts, allowing security teams to focus on comprehensive threat prevention from code to cloud across the entire application lifecycle while supporting DevOps’ agility.
Cloud adoption and digital transformation continue to accelerate. The 2022 Cloud Security Report revealed that 35% of respondents are running more than 50% of their workloads in the cloud. However, 72% are extremely concerned about cloud security, and 76% are hindered by the complexity of managing multiple cloud vendors, which often results in misconfigurations, lack of visibility, and exposure to cyberattacks. Moreover, the study revealed that misconfiguration is seen as the number one cause of security-related incidents, which can be attributed to the need for around-the-clock security operations and alert fatigue.
“It is challenging for organizations to manage security risk while supporting faster cloud-native development cycles,” says Melinda Marks, Senior Analyst, Enterprise Strategy Group (ESG), “As development teams grow, organizations are looking for a unified platform to help them prioritize and efficiently take the actions that are the most impactful in reducing security risk so they can effectively manage security instead of falling behind.”
With the launch of Effective Risk Management (ERM), in addition to Cloud Identity & Entitlement Management (CIEM), Agentless Workload Posture (AWP), and pipeline security tools, Check Point CloudGuard now provides smart risk prioritization that allows teams to quickly eliminate critical vulnerabilities, such as misconfigurations and over-privileged access, based on severity throughout the software development lifecycle. The collaborative output that enterprises receive is simple, easy to understand, and focused on the threats that matter to them, thereby reducing the complexity that was once a challenge. By minimizing this complexity, the threat landscape is also reduced.
“Cloud adoption continues to accelerate and the ability to streamline cloud security has become vital,” explains TJ Gonen, VP Cloud Security at Check Point Software. “By adding Effective Risk Management and amplifying Check Point CloudGuard’s CNAPP offering, we are making it possible for organizations to shift CNAPP left and take a prevention-first approach to their cloud security that’s easy to manage. With our contextual AI and risk scoring engine, security teams no longer have to manually figure out which alerts to remediate first—the machine will do it for them. By removing this burden, customers can focus on migrating their critical workloads to the cloud with confidence.”
Check Point CloudGuard combines the latest tools into a new generation of CNAPP capabilities to aid security professionals while removing barriers to DevSecOps with ShiftLeft tools. Check Point CloudGuard utilizes the power and potential of unification along with operational value to end users including:
- Effective Risk Management: CloudGuard’s ERM engine prioritizes risks and provides actionable remediation guidance based on full context including workload posture, identity permissions, attack path analysis, and the application business value. Security teams can now focus on critical threats and administer a “minimal effective dose” of security for maximum impact.
- Cloud Identity & Entitlement Management: The CIEM capabilities understand effective permissions of users and cloud services, identify exposure and risks, and automatically generate explicit least privilege role recommendations to reduce access and revoke unused permissions. With CIEM built into ERM, users can understand their permissions and enforce the least privilege across their cloud environments.
- Agentless Workload Posture: AWP extends CloudGuard’s agentless infrastructure visibility into workloads. AWP scans and identifies risks including misconfigurations, malware detection, vulnerabilities, and secrets across all cloud workloads including virtual machines, container, and serverless functions. With this agentless deployment model, security teams gain deep workload security visibility at scale without impacting performance.
- Pipeline Security: The pipeline security capabilities fully integrate the Spectral offering to detect and resolve misconfigurations, secrets, and vulnerabilities within CloudGuard. The developer-first security extends workload protection to the CI/CD to the pipeline to remediate issues before reaching production. Security teams can shift CNAPP left and secure cloud applications from the start.