4. Malware analysis using Check Point forensics. CloudGuard SaaS
We got to the last product from our Check Point Forensics article series. This time we will talk about cloud protection. It is difficult to imagine a company that does not use cloud services (the so-called SaaS). Office 365, GSuite, Slack, Dropbox, etc. And of greatest interest here is cloud-based email and cloud-based file storage. What our employees use every day. However, cloud services are located outside our network and there is no perimeter for them, as such. This, in turn, greatly increases the likelihood of an attack on our users. There are not many security options for cloud applications. Below we look at the Check Point CloudGuard SaaS solution, which it protects against and, most importantly, what forensics and reporting it provides. It may be interesting to those who want to spend security audit of their cloud services.
Check Point CloudGuard SaaS
The principle of operation of CloudGuard SaaS is quite simple. The service is a cloud platform that integrates through the API with other SaaS services (office365, GSuite, box, dropbox, etc.).
In essence, CloudGuard SaaS is a layer between the cloud service and the user. All letters or files are checked by various CheckPoint engines before they reach the user. The platform itself is naturally integrated with Check Point ThreatCloud and the SandBlast cloud sandbox. You can also configure integration with various user authentication services (Centryfy, okta, Azure AD, etc.) to fully check connecting devices. All control takes place through an intuitive web interface.
Key Features of Check Point CloudGuard SaaS:
- Zero-Day Threat Protection
- Phishing protection
- Identity protection
- Data Leakage Prevention
- SaaS Shadow IT Discovery
- Intuitive Cloud Management
More details about these functions can be found in the excellent webinar by Alexei Beloglazov (Check Point company):