Check Point CloudGuard is cloud security
CloudGuard Dome9 is an innovative service that allows enterprises to easily manage the security and compliance of their public cloud environments at any scale across Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP). CloudGuard Dome9 offers technologies to visualize and assess security posture, detect misconfigurations, model and actively enforce gold standard policies, protect against attacks and insider threats, cloud security intelligence for cloud intrusion detection, and comply with regulatory requirements and best practices. Businesses use CloudGuard Dome9 for faster and more effective cloud security operations, pain-free compliance and governance, and Rugged DevOps practices.
CloudGuard Dome9 has product capabilities across four functional areas
- Security Operations: Visualize assets, assess security posture, fix misconfigurations and threats, manage the cloud firewall, and enforce security from a single source of network authority
- Privileged Identity Protection: Protect against compromised credentials and identity theft using a cloud’s native IAM capabilities to safeguard access to actions that can have a big impact
- Compliance and Governance: Manage the compliance lifecycle for standards such as PCI DSS, from automated data aggregation and assessment to remediation and reporting
- Cloud Security Intelligence: CloudGuard Dome9 Magellan is a cloud-native security intelligence technology that delivers cloud intrusion detection, network traffic visualization and user activity analytics
Key features
- larity: Powerful visualization of cloud assets, including network topology, firewalls and more
- CloudBots: Auto-remediation solutions for AWS that accelerate the resolution of dangerous misconfigurations and enforce compliance
- Magellan: Cloud security intelligence that combines cloud inventory and configuration information with real-time monitoring data from a variety of sources
- Tamper Protection: Continuous monitoring and automation reversion of unauthorized modifications
- Privileged Identity Protection: Just-in-time privilege elevation with out-of-band authorization for IAM actions
- Compliance Engine: Comprehensive compliance management including automated continuous compliance to help assess and enforce regulatory requirements and security best practices
Key benefits
Agentless, cloud-native architecture for today’s cloud
The CloudGuard Dome9 service uses the native security controls provided by public clouds to protect all cloud resources, including built-in services such as AWS RDS, GCP compute engine instances, and Azure LBs, meeting the needs of today’s public clouds that agent-based solutions cannot address. CloudGuard Dome9 allows you to protect multiple cloud environments by combining cloud-agnostic policy automation with cloud-native security capabilities. You can specify policies once across multiple clouds, and the system uses underlying cloud controls to implement the policy on each cloud.
Faster Time-to-Value with CloudGuard Dome9
With no software to install and no agents to manage, you can secure your environment with CloudGuard Dome9 in under five minutes. You never have to worry about software updates and scaling problems. CloudGuard Dome9 integrates with your AWS accounts leveraging innovative cross-account trust policy to gather security information, rather than sharing keys and credentials.
Remediate in Place — Find it, fix it, stay fixed
CloudGuard Dome9 is not just a monitoring solution. In addition to powerful visualization capabilities that allow you to review security posture in real-time to discover any vulnerabilities, compromised workloads, open ports or misconfigurations, CloudGuard Dome9 also allows administrators to take the necessary actions to rapidly mitigate risk through remediation from a single platform. No more patchwork of tools needed for monitoring, remediation, or enforcement, thus bringing agility to the security and compliance lifecycle.