Infinity Next CloudGuard AppSec - Deep Dive Webina...

Shay_Levin · ‎2021-06-17

The Infinity Next CloudGuard AppSec solution secures an organization's web applications.

No more endless manual rule tuning!!!

AppSec analyzes web transactions with a set of Artificial Intelligence engines that operate in unison to protect against sophisticated attacks.

AppSec utilizing the concept of Application Self Protection and powered by a patent-pending contextual AI engine.

Check the attached txt file , it includes commands that I used during the deployment.

Q&A is here:

#	Question	Answer(s)
1	Hello, what specific data is sent to cloud part from the agent and how do we handle that customer data in terms of data protection (i.e. are some data stored, if yes, how are they protected from un-authorised access?)	Data sent to cloud • Security event logs – This is controlled by the administrator through the ‘trigger’ object configuration. All these logs are observable by the admin. • Telemetry information – This includes process health metrics such as resource usage like CPU and memory, as well as statistical information. • AppSec security learning data – AppSec allows machine learning-based security by learning data that is sahred between agents of the same customer/tenant.
2	What would be a common delay while Appsec is inserted into the Web request flow? How the agent shall be sized (VM parameters and number of agents) according to the number of request/ number of web servers?	AppSec performance is affected by many variables which are dependent on the application it protects. For example: Number of requests per second Size of the requests Request type (binary, JSON, etc) Logging options The following are suggested configuration. It is recommended to check machine load and adjust accordingly. Minimal configuration: 2vCPU 4GB RAM 50GB Disk Recommended configuration: 4vCPU 8GB RAM 50GB Disk
3	For the Anti-Bot feature. What if the Javascript is blocked from being downloaded on the client side (on browser-end). In that case what happens?	We must have the .JS to run as part of the browser
4	What happens if the client's browser has JavaScript disabled? Will the webpage still be served without the agent security?	We require .JS to run as part of the customer broweser in order to collect the information related to AppSec decision
5	Hi - I read that in K8S 1.21 the ingress controller will be replaced by a new Gateway API How do you see this new API working with your WAF?	Our Ingress Controller is available in Docker-Hub. AppSec use its own Ingress that we publish. Once we will support version 1.21 we will update our Ingress accordingly
6	Are we going to have 'smaller sized' virtual appliances as we now support autoscale? The CPU, memory and Disk of the virtual appliance are quite large (costly).	You can change the default size of the VM and run on a smaller machine.
7	The virtual appliance is also a module of a CloudGuard gateway that I can activate on it?	No
8	as an nginx plugin, does that deployment option imply that appsec can be used for on-premise setups? if yes: does the nano agent maintain an HTTPs API connection to the management cloud service?	Yes and Yes
9	Web traffic only currently, right? what ETA for doing full inspection (IPS) on ALL traffic?	AppSec is focused to inspect only WebTraffic. We plan to introduce more security products on top of this platform such as: Access Control, IPS for Layer 3/4, DLP and more
10	since you are using AI i guess it should prevint while in learning mode , because if update the web application .the waf should learn the update and privent attack at the same time	Every application represented as an Asset in the Infinity Portal. If you have new application, you will have new Asset and the learning will start from scratch on this new asset.
11	maybe i am in ahead of time within the presentation. where are logs generated and where can logs me collected. e.g does the nano agent use nginx's syslog to export logs and debugs?	You will see the full logging capabilties as part of the Infinity Next management UI
12	If application behaviour changed, application has extensively tested in QA environment would it possible to transfer “application protection profile” identified in the learning mode from QA environment to PROD environment.	Yes
13	After I login to the infinity portal to the same location I see different menus , look like an older version . how can I move to the new views and menus ?	Please add me to your tanent (galk@checkpoint.com)and drop me an email with your tanet name , once I will upgrade your tanent , you can remove my user.
14	Can you, please, also elaborate how are the data handled (stored, protected) in the cloud?	The data is stored in Check Point's SaaS services
15	can we have AppSec as an aditional blade on our appliances to defend WebApp in customers DMZ zone located in private cloud. If phisical appliance cannot have it, do we have procedure how to deploy AppSec VM in private cloud?	AppSec VM for private cloud is available as an .OVF for VMware. You can also install the agent on every Linux based with NGINX deployed in your on-prem Hosts
16	The AppSec VM can be deployed on-Prem also?	Yes, you can deploy as a VM on your ESX
17	Are you going to add Rate Limit features or ddos?	Rate limit is on the roadmap. Regarding ddos the AppSec might not be a good place to do it, you would like to do it more closer to the perimiter
18	Question: Customer using F5 solution (WaaF). They can import the certificates on the F5 to decript the https traffic and allow the connections http to the customer application. So, they don't need to change the customer application. Is it possible to do this win AppSec VM (on-prem or Cloud)? Some cases, customer doesn't have loadbalance!	There is a section about it in the Admin guide also: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Infinity-Next-Admin-Guide/Top...
19	What is the ARN?	Amazon's unique resource name (Amazon Resource Name)
20	How can you size a VM for VMWARE to host the Infinity Gateway? Is there a table based on the amount of HTTP request, the size of CPU and memory?	Performance and sizing for Web traffic is very complicated to measure since the requests are very dynamic and depends on the users requests. Local Check Point contact will be able to provide answer per scenario
21	So, I can import the certificates of the customer on the VM to protect their application in HTTP's traffic	Yes
22	Will it be possible in the future to add exceptions from the Monitoring menu?	AppSec exception? You can already right click on a log in the monitoring and add exception. Try it 🙂
23	Is the option to add a Custom blocking page already available from the portal?	You should be able to have an option to customize the block page from the portal. It mat be still under tech preview (there is a switch at the lower left side of the screen)

Infinity Next CloudGuard AppSec - Deep Dive Webinar

Infinity Next CloudGuard AppSec - Deep Dive Webinar

Are you a member of CheckMates?

Infinity Next CloudGuard AppSec - Deep Dive Webinar

Infinity Next CloudGuard AppSec - Deep Dive Webinar