In today’s IT world, security is top of mind for enterprises of all sizes and cloud is no exception. Check Point Software Technologies Ltd. is a leading provider of cyber security solutions to governments and corporate enterprises globally. Its multi-level security architecture offers industry-leading products from network and endpoint security to cloud security. We’re excited to partner with Check Point and add their suite of security services to the Alkira network services marketplace. Integrating Check Point CloudGuard into the Alkira marketplace allows customers to enforce stateful security services for application traffic between on-premises environments and the cloud workloads, as well as between the cloud workloads in a single and multiple public clouds. With a joint solution, enterprises can standardize network connectivity and security posture for the cloud networks.
The adoption of cloud in the last decade has been instrumental in driving innovation from the software industry and increasing our productivity on a daily basis. As a result, securing cloud infrastructure has become critical as enterprises expand their footprint in the cloud due to business and application needs. Though using cloud services is widely seen as simple and easily consumable, implementing network security for cloud networks at scale can be a rather humbling experience. Cloud engineers need to address a myriad of considerations. For example, at a minimum, here are some of the considerations for a successful cloud firewall deployment in an AWS environment:
- Deploy a Security VPC (Virtual Private Cloud) spanning multiple Availability Zones for high-availability
- Support connecting large quantities of cloud networks and propagating routes dynamically
- Secure inbound and outbound traffic flows
- Ensure traffic symmetry when there are multiple firewall instances
- Utilize multiple route tables in cloud networks to steer traffic flows between VPCs and on-premises networks through the Security VPC
- Leverage advanced cloud networking features such as Transit Gateway to achieve traffic inspection through the firewall instances in Security VPC, while keeping data and pricing in check
Alkira’s Integration with Check Point CloudGuard
Stemming from conversations with our customers and working closely with the Check Point team, the joint solution allows enterprises to focus on protecting their cloud assets connected to Alkira with the Check Point CloudGuard Network Security gateway without encountering the aforementioned cloud native challenges. Bringing Check Point CloudGuard security gateways to the Alkira network services marketplace allows customers to automatically deploy firewalls in the Alkira Cloud Exchange Point® (CXP), globally distributed multi-cloud points of presence. The firewalls are consumed as a service, allowing them to inspect both east-west and north-south traffic flows with ease, while maintaining full control of their security posture. By connecting multi-cloud networks through the Alkira Cloud Services Exchange ® with integrated CloudGuard security gateways enabled as a service, cloud engineers no longer need to deploy a Security VPC in each cloud region. They can selectively choose which traffic flows to apply service insertion through the CloudGuard security gateways without worrying about things like traffic symmetry or multiple route tables. CloudGuard security gateways deployed in the Alkira Cloud Exchange Points connect to the customer’s existing Check Point unified security management platform in order to enforce security policies consistently across the environment.
Figure 1: Solution Integration
The diagram illustrates the ability for customers to deploy Check Point CloudGuard security gateways on-demand and autoscale them in the Alkira CXPs, so they can inspect traffic between any cloud or on-premises connections, as well as external ingress and egress communication. The joint solution is an easy button for customers to secure their cloud workloads without having to perform tedious do-it-yourself configurations separately for each public cloud. In case of enterprises having cloud workloads in multiple regions, the CloudGuard security gateways can be provisioned in multiple Alkira CXPs. Alkira’s solution ensures that traffic going across regions is forwarded to the appropriate CloudGuard security gateway only once, preventing unnecessary waste of the gateway resources and increasing overall firewalling capacity. In terms of configurations on the Alkira side, cloud engineers simply use Alkira intent-based policies to determine which traffic needs to be inserted with CloudGuard security gateway’s services. The concepts of scope and matching rules within the intent-based policies allow them to be applied enterprise-wide or as narrow as the connections between two single IP addresses. Policy highlighting visualizes which network elements are affected by the selected intent-based policy, as depicted below.
Figure 2: Alkira Intent Based Policy
As cloud adoption continues to accelerate and the use of multi-cloud is becoming a reality for many enterprises, cloud network security is as important as ever. We’re proud to partner with Check Point to deliver a solution that simplifies security policy management across clouds and allows our customers to focus on long-term security goals. The integration of Check Point CloudGuard Network Security gateways in the Alkira network services marketplace empowers our customers on their multi-cloud journey with unparalleled agility, scalability and security.
If you want to learn more about the integrated solution, contact us at [email protected]
Take our 30 minutes challenge and see how you can secure your network for the cloud era https://success.alkira.com/thirty-minute-challenge.html