Visibility in Cloudy Weather: Securing AWS with AlgoSec and Check Point

Digital Transformation, and specifically the migration to the cloud, is rapidly transforming an organization’s IT infrastructure to deliver greater agility, elasticity and operational efficiency. Servers are now spun up in seconds and entire applications are deployed in minutes. At the same time the volume, variety and level of sophistication of cyber-attacks is on the rise, with cloud-based environments being common targets. In order to enjoy the many benefits cloud has to offer we must ensure that security measures are properly deployed and effectively managed to keep our cloud-based assets secure.

However managing security in the AWS cloud poses many new challenges. AWS topology and routing can be complex, and cloud environments are dynamic by nature. This makes it hard to understand which workloads are actually secure, or identify what traffic traverses into and out of any workflow as well as within the private cloud and out to a customer premises network.

Making things more complicated is the fact that the cloud utilizes a shared security responsibility mode, meaning fundamental security measures to protect the cloud infrastructure are handled by AWS but protection of assets and data within a customer’s AWS environment is the responsibility of the customer. Fortunately AWS partners with leading cyber security vendors such as Check Point to help customers fulfill their side of the shared responsibility model and bring advanced security services to protect their cloud networks.

Check Point vSEC for Amazon Web Services (AWS) extends advanced threat prevention security to protect customer data and services in Amazon’s as well as enables secure connectivity across cloud and on-premises environments. As an AWS Security Competency solution, vSEC compliments native AWS cloud security controls while providing protection against even the most sophisticated threats.

However, the combination of multiple security and filtering constructs – AWS Security Groups, Network ACLs, Check Point vSEC instances, premises-based firewalls, routers, etc. – make effectively managing security policies tedious and error-prone. Moreover, it is critical to consistently align all the security policies in order to ensure successful application delivery and business continuity, as well as tight security.

Effective Security Management In Cloud-based Environments

AlgoSec’s Security Management Solution provides a single pane of glass experience for an organization’s overall network security policy management. It understands the entire network – topology, routing, firewalls and filtering – across multiple vendors and platforms – across customer premises networks and in the cloud. It highlights application connectivity failures or potential security risks, and enables end-to-end automated security policy change management.

Using AlgoSec’s network simulation capabilities, customers can easily answer questions such as; “is my application server secure”, or “does the traffic to, from and between workloads pass through a Check Point vSEC security gateway as intended?”, and much more. It can also be used to quickly and accurately identify issues that can block an application’s connectivity – such as a missing or misconfigured security rules, AWS Security Group settings, incorrect routes, etc. It will then immediately plan which policies to change and how to implement the proper changes to the relevant networking and security devices to correct the connectivity issue.

What’s more, AlgoSec enables end-to-end risk analysis and automatically generates regulatory compliance reports for a variety of compliance standards – which speeds up compliance reporting and makes auditors happy.

Combining the agility and elasticity of the AWS cloud infrastructure with Check Point vSEC’s advanced threat prevention security and AlgoSec’s end-to-end visibility, automation and management results in a more robust security posture for hybrid cloud environments.

Join AlgoSec (Booth 1539) and Check Point (Booth 125) at AWS re:Invent in Las Vegas, this week where we will be demonstrating our integrated solution and showcasing a better approach to securing hybrid clouds. We look forward to seeing you