This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Michael_Thompso
Participant
‎2021-12-28 05:56 PM

Cloudguard appsec and azure app service

Hi,
Can cloudguard appsec protect PaaS service like azure app service ?

0 Kudos
3 Replies
Shay_Levin
Admin
Admin
‎2021-12-29 02:18 AM

No, it can't as the certificate and private key can't be exported from Azure Paas.

So if AppSec doesn't have the private key, it can't intercept the traffic, also it can only protect web services.

If you are using PaaS DB or Storage service, AppSec is not the relevant product.

The same for CloudGuard Network Security. you can protect your PaaS service up to the transport layer (4), the GW won't be able to catch many of the IPS signatures for example.

In order to use CloudGuard Network security with PaaS, you will need to use a private endpoint and UDR.

We will have an SK that explains exactly how to do that in a few days.

Michael_Thompso
Participant
‎2021-12-29 07:11 AM
In response to Shay_Levin

Thanks for your response. Follow-up question since you brought up certs. For every application we want protected by appsec we would need to upload the cert to appsec correct? Also, when it comes to renewing the certs we would have to upload it again. Is there a more efficient way to handle certificate management if we had 100s of web apps to protect? 

0 Kudos
Shay_Levin
Admin
Admin
‎2021-12-30 03:01 AM
In response to Michael_Thompso

No, the certificates are being managed on the cloud provider, it's explained in the admin guide.

You just need to associate the AppSec instances with a role that provides access to the certificate on the certificate manager and the private key on the secret manager.

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events