cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
CloudGuard Dome9

CloudGuard Dome9 is Check Point's Cloud Security Orchestration solution.

Yonatan_Philip
inside CloudGuard Dome9 a week ago
views 219 1
Employee+

Dome9 posture management for Kubernetes- now with Helm!

As many of you already know, we announced support for k8s Posture Management back in re:Invent.   K8s support in CloudGuard Dome9 :https://finance.yahoo.com/news/check-point-announces-fully-integrated-140010134.html https://blog.checkpoint.com/2019/12/04/how-is-your-kubernetes-security-posture/   I'm happy to announce that we have now added Helm charts for an enhanced more streamlined onboarding experience.     https://github.com/CheckPointSW/charts   If you wish to see a demo for this and other related and exciting solutions, come visit us at CPX in the Containers and Serverless Workloads tech table!   If you have any questions, suggestions or requests, please feel free to reach out to me!  Yonatan 
Offir_Zigelman
inside CloudGuard Dome9 2 weeks ago
views 459 1 3
Employee+

New CloudGuard Dome9 Feature: Granular onboarding permission

Dome9 now allows to assign a granular permission for onboarding Cloud accounts to Users and Roles. The permission allows customers to create a dedicated, security tightened Dome9 roles (and users) that would be limited to onboarding cloud accounts. If not allowed to access other resources, these roles would not be able to view or manage any information other than the account they onboarded. A typical use case for using the new permission is allowing a DevOps team to onboard newly created cloud accounts (as part of the CI/CD pipeline) to Dome9. In some cases the security team would not allow the DevOps team to view security and compliance related information in Dome9. With the new permission it is possible to restrict the role to onboard cloud accounts.
Martins
Martins inside CloudGuard Dome9 3 weeks ago
views 615 4 1

Dome9 trial

Hi,Someone could give in details the Dome9 trial especifications?What's possible to do in a trial? (Ex: Number of compliance Check)Thanks 
vinceneil666
vinceneil666 inside CloudGuard Dome9 3 weeks ago
views 434 1

Dome9 Licenses

I had a trial for Dome9 running, it expired. Now I have bought a proper license - but I am unable to attach it or activate it anywhere ? (i tried the bui9lt in chat, but have got no reply for 3 weeks)Anyone have a tip ? --  I considered deleting my trial account, and the re create it, hoping it would ask for a lic key or something - but there anre no "delete my account" function either ? 🙂 
OferY
inside CloudGuard Dome9 4 weeks ago
views 292 1
Employee

New CloudGuard Dome9 Feature: Compliance with Organizational Unit Policy

CloudGuard Dome9's Compliance Policy now allows users to associate a compliance ruleset with Organizational Units (OU). When adding a new policy, you can select whether it is associated with Cloud Accounts or with Organizational Units. When a policy is associated with Organizational Units, CloudGuard Dome9 continuously assesses the Organizational Units in your compliance policies, with the rulesets you have selected, and notifies you of rules that failed using the notification policy you have selected. The policy aggregates all of the Cloud accounts' findings which are grouped under the same OU, per platform. When a new Cloud account is onboarded and associated with an OU, it is automatically included in the Compliance Policy per that OU.
Offir_Zigelman
inside CloudGuard Dome9 2019-12-23
views 344 1
Employee+

New CloudGuard Dome9 Feature: Onboard Azure China Subscriptions

Dome9 now supports Azure China Subscriptions, using a dedicated mode in the Azure Onboarding Wizard. China is a special Azure region, and requires a special vetting process by Microsoft. Once onboarded, the subscription is managed like any other Azure subscription.
Offir_Zigelman
inside CloudGuard Dome9 2019-12-12
views 431 1 4
Employee+

New Dome9 CloudGuard feature: Inventory Dashboard

Dome9 now supports Inventory (Protected Assets) Dashboards. The new dashboards are based on the same dashboarding capabilities announced few weeks ago (providing customization capabilities and ability to generate user-defined dashboards). The data source for the new dashboards is the Dome9 Inventory. The new dashboards allow the users to view aggregated inventory information on their different cloud environments in a single pane of glass; examine different breakdowns of their assets; filtering capabilities that allow to focus on the most interesting assets; and quick drill down into the raw inventory data, by clicking on the dashboard elements.
Offir_Zigelman
inside CloudGuard Dome9 2019-12-05
views 355
Employee+

New CloudGuard Dome9 feature: Choose an Org Unit as part of the onboarding

The Dome9 onboarding wizard now allows to choose the Organizational Unit with which the newly onboarded Cloud Account be associated. This new step spares the need to go to the OU management screen post the onboarding, making the experience more efficient. The account would be placed in the selected OU (provided the proper permissions to the OU are in place), and it could be viewed and managed later. OU selection is optional, the newly onboarded cloud account could remain unassociated with any OU.
Offir_Zigelman
inside CloudGuard Dome9 2019-12-04
views 490 1 2
Employee+

New CloudGuard Log.ic feature: Activity Timeline

Log.ic now supports activity timeline. Activity timeline shows a list of activities that were preformed on the selected resources by time. The timeline allows to investigate what actions were performed by the different users and resources in the account over the selected time period. The timeline can be used in numerous scenarios. Here are some examples: Track the activity of a resource over time ("show me all the actions of a specific user/service"). Track all actions that were performed on a resource over time (i.e. "who accessed/changed the configuration/data of the resource"). An investigation can be conducted following any type of alert, including the Dome9 Compliance Engine. It can also be used alongside the Log.ic "network activity" module. For example, in case of a Dome9 Compliance alert that reports on an exposing a resource to the internet, the timeline can be used to track which user performed the action, what were the actions that preceded the security group modification, as well as the actions that were performed afterwards. The network activity can be used to track the traffic patterns that entered the VPC following the exposure.   To view the timeline, select a node in the "Account Activity" map. Then select the "Timeline" tab in the information panel to the right. Clicking on an action would present a dialog that allows to use the action in the GSL that generates the view, or open the activity log. The lower part of the information panel allows to filter by user agents.
Marina_Segal
inside CloudGuard Dome9 2019-12-03
views 457 1
Employee

AWS Dome9 Well Architected Framework - supported in CloudGuard Dome9 Compliance Engine

 CloudGuard Dome9 Compliance Engine added support for AWS Well Architected Framework in Compliance Engine.   For more information on how to use Compliance Rulesets - click here            
Offir_Zigelman
inside CloudGuard Dome9 2019-11-22
views 389
Employee+

New CloudGuard Dome9 Compliance Entity: AWS VPC Endpoint

Dome9 Compliance Engine now supports AWS VPC Endpoints as compliance entity. VPC Endpoint allows to connect AWS services into the VPC, providing an easier and more secured connectivity.   Sample GSL: Make sure the endpoint state is activeVpcEndpoint should have state='Available'
Offir_Zigelman
inside CloudGuard Dome9 2019-11-19
views 341
Employee+

New CloudGuard Dome9 Compliance Entity: GCP Cloud Function

Dome9 now supports GCP Cloud Functions as a Compliance Entity. Cloud Functions are event-driven serverless compute platform. With the new support it is now possible to reason on different aspects of the functions, including triggers and general configuration attributes. Sample GSLs: Make sure that all the deployed functions are in 'active' modeCloudFunction should have status = 'ACTIVE' Make sure that at least one event trigger was configuredCloudFunction should have trigger.eventTrigger
Offir_Zigelman
inside CloudGuard Dome9 2019-11-15
views 379
Employee+

New CloudGuard Dome9 Compliance Entity: AWS ElasticSearchDomain

Dome9 now supports AWS ElasticSearchDomain as an entity in the Compliance Engine. AWS ElasticSearch is a fully managed ElasticSearch service. The new entity allows to reason on different aspects of the search domains, such as encryption state, access policies, logging and various deployment and backup configurations. GSL Examples: Make sure the data is encrypted at rest:ElasticSearchDomain should have encryptionAtRestOptions.enabled = true Make sure the data is encrypted in transit:ElasticSearchDomain should have nodeToNodeEncryptionOptions.enabled = false Enforce creation of ElasticSearch instances in VPCs:ElasticSearchDomain should have vpc
Offir_Zigelman
inside CloudGuard Dome9 2019-11-12
views 314
Employee+

New CloudGuard Log.ic: map zoom in/out buttons

The Log.ic Network Activity (VPC Flow Logs) map now supports zoom in and out buttons, which can be used to focus on specific elements in large environments.
Offir_Zigelman
inside CloudGuard Dome9 2019-11-10
views 306
Employee+

New CloudGuard Dome9 Feature: Bulk update Azure credentials

Dome9 now allows to update all Azure subscriptions with the same App Id in a single Bulk Operation. This capability allows to change the credentials for all the subscriptions on the same Azure tenant (that use the same App for the onboarding) while changing the credentials for one of the subscriptions.