Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nir_Naaman
Employee
Employee

SandBlast Now News - Early Availability - CGI TAP for AWS

I’m happy to announce that CGI TAP for AWS is now available as an Early Availability release.

See https://github.com/CheckPointSW/CloudGuardIaaS/tree/master/terraform/aws/modules/tap for the onboarding page and Terraform template. The Terraform template automates the provisioning of the CGI TAP in the customer’s VPC.

Initial feedback received from the field is that it works like MAGIC!

In order to facilitate customer onboarding, the SandBlast Now registration page (https://now.checkpoint.com/register/index.html) has been updated to allow customers to fill in their contact information – and the request is forwarded to Check Point HQ for processing.

 

Product Overview

Check Point CloudGuard IaaS TAP for AWS delivers unparalleled, seamless cyber observability into your AWS environment. The offering includes a CloudGuard IaaS gateway that is automatically deployed via Terraform in the customer’s VPC, for performing Deep Packet Inspection (DPI) on inter-VPC (“North-South”) and intra-VPC (“East-West”) network traffic. AWS Traffic Mirroring is provisioned as part of the Terraform template to selectively mirror network traffic to the CloudGuard IaaS instance for inspection. CloudGuard IaaS TAP’s passive operation means that there is zero impact to the business traffic: no added latency, no potential packet loss, nor any need for routing changes within the VPC.

CloudGuard IaaS TAP applies a multitude of industry-leading analytics engines on the traffic in real time, including application fingerprinting, reputation-based and behavioral analysis, pre-infection and post-infection pattern matching, static and dynamic content inspection, as well as applying various AI models for anomaly detection and false positive reduction. These engines leverage Check Point’s ThreatCloud, a real time collaborative big data repository delivering up to date threat intelligence that drives threat prevention. The analytical results are delivered to a Cyber Defense Center SaaS Web portal, in the form of logs for further analysis and visualization. Packet captures can also be extracted for further triage and network forensics. Threat Emulation reports accessible from the portal provide further deep insight into transmitted file payloads. Insightful reports can be generated and scheduled for tracking compliance posture and providing management visibility.

CloudGuard IaaS TAP is delivered as a plug and play system. Application and threat visualization appears on the Cyber Defense Center portal within minutes of automated deployment. In contrast with competing solutions that rely only on baselining and behavioral analysis for anomaly detection, CloudGuard IaaS TAP combines the power of ThreatCloud threat intelligence and the industry’s largest application fingerprinting library with its integrated set of behavioral analytics, in order to deliver immediate insights into the traffic patterns, as well as reducing the false-positive noise level that is characteristic of pure-behavioral analysis.

TLS-encrypted network traffic can be transparently decrypted by the CloudGuard IaaS TAP’s patent-pending, revolutionary Cooperative Inspection capability. Cooperative Inspection provides true plug and play operation, with no need to pre-register protected servers nor import their certificates. Ultra-fast, secure, and with no interference with the traffic stream (no Man in the Middle necessary), Cooperative Inspection can even interoperate with client certificates and certificate pinning applications. Alternatively, CloudGuard IaaS TAP can inspect TLS traffic in its encrypted form, analyzing envelope data, including SNI and certificate attributes, as well as peer endpoints and traffic volumes and periodicity.

The Cyber Defense Center is a scalable, multi-tenant, multi-tier platform, allowing customers to enjoy cyber defense as a service from Check Point service partners. Tiering support also enables delegation of duties, so that complex environments can be divided into subdomains, while retaining a birds-eye view and reporting capability for the entire estate, on a single pane of glass. Furthermore, the same unparalleled CloudGuard IaaS TAP capabilities can also be incorporated into private cloud and legacy networks, providing end-to-end observability of all IT assets. In addition to SaaS, the Cyber Defense Center can alternatively be purchased as a self-contained private cloud solution.

 

Highlights

  • Multiple CloudGuard IaaS TAP instances can be launched for horizontal scalability and high availability, with detected events automatically consolidated on the Cyber Defense Center.
  • Fully integrated, real time advanced threat detection capabilities include: IDS, Application fingerprinting, Anti-Virus and Anti-Bot, and Threat Emulation (evasion-resistant sandboxing).
  • Some of the advanced analytical tools on the Cyber Defense Center include:
    • Threat Topology – a heuristics-based flexible graphical mapping of VPC network traffic, supporting rapid identification of anomalous behavior
    • Activity Mapping – data flow analytics for identifying traffic anomalies such as data exfiltration
    • Vulnerability Sonar – patent-pending fully-passive detection of exposed, vulnerable and potentially-compromised servers and endpoints
    • Recurrent Connections – AI-based detection of automation-based flows (i.e. bots)
    • AnalystMind – add-on AI Machine Learning-based identification of top-priority threats
  • Integrated Threat Intelligence Platform (TIP) allows SOCs to manage custom threat indicators that augment Check Point’s ThreatCloud intelligence. Indicators can be fed into the TIP manually, in bulk, as well as using automated input feeds supporting industry standard STIX/TAXII and CSV-based threat intelligence sharing formats and protocols. The TIP’s output feeds can also be consumed in real time by inline CloudGuard IaaS gateways, delivering a Detect – Analyze – Prevent cycle.
  • Check Point ThreatCloud Managed Security Services and Incident Response Service can be purchased as an add-on, providing the customer’s SOC with proactive and reactive support by the industry’s cyber experts.
0 Replies