cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Employee+
Employee+

How does CloudGuard controller makes your life easier?

The first Check Point cloud controller connector was released around 2 years ago to transform the way we consume objects in security policies and opening a revolutionary new security model for designing and operating policies with an automated and zero-touch approach that helps security practitioners focusing on analyzing security events and improving security postures and designs instead of performing basic operational tasks. 

Since that first release a number of new features and connectors have been added so that almost any organization today can leverage this functionality (for free by the way). In the past months I have met a number of customers sharing with me different use cases enjoying this function in multiple ways to improve their day to day security challenges. I realized it could be very interesting for the community to share how each setup is leveraging CloudGuard Controller so I invite you to share your use case in this thread explaining how the organization you work with enjoys this function. I will start by sharing the policy I use as an example on how to leverage it:

 

The example above protects a hybrid infrastructure with on-prem, azure and aws environments where each and every asset has been previously tagged according to the security needs. Any new application that is for instance ruled by PCI requirements only needs to be use the "PCI" tag in order to be automatically added with the right access and protection without modifying or reinstalling the policy above. 

What is your use case?

Tags (1)
2 Replies

Re: How does CloudGuard controller makes your life easier?

Great post. What is the name of the type of object you have for the tagged VMs such as "connectivity-internal"? Dynamic objects? 

0 Kudos

Re: How does CloudGuard controller makes your life easier?

The Cloudguard is a very helpful feature.

the introduction of datacenter object based on TAGS even in vCenter (no NSX) by R80.20M2 will make easier making a rule base configuration in response to the infrastructure team, that will deploy VMs, and they need.