Report | Modern Security for Modern Environments: CloudGuard Network Security for Azure Virtual WAN
This report by John Grady discusses the security challenges of modern, distributed environments and how CloudGuard Network Security from Check Point addresses these issues. It focuses on securing hybrid and multi-cloud environments, especially Azure Virtual WAN, by protecting applications, APIs, and connectivity from modern threats. Download the report to learn how CloudGuard improves security and operational efficiency for cloud environments.

1
APRIL 2024
Modern Security for Modern Environments: CloudGuard Network Security for Azure Virtual WAN John Grady, Principal Analyst
Abstract: Modern environments are incredibly distributed and application-centric, making securely connecting and protecting resources, locations, and users harder than ever. Companies have historically used a variety of tools to protect different parts of their network and types of resources. However, this sprawl of point tools has reached a point of diminishing returns. Security teams today need unified network security securing connectivity across the entire environment, protection for applications and APIs, and integrated advanced security capabilities. CloudGuard Network Security from Check Point provides these capabilities, enabling Azure Virtual WAN customers to protect their hybrid, multi-cloud environments and applications from modern threats, while maximizing operational efficiency.
Infrastructure-as-a-service Usage Is Pervasive, but Difficult to Secure Organizations continue to migrate application workloads to the cloud to improve flexibility, increase scale, and strengthen resiliency. Research from TechTarget’s Enterprise Strategy Group found that organizations using infrastructure as a service (IaaS) report a majority (55%) of their production applications and workloads now reside in public clouds. This was expected to increase to 62% by the end of 2023.1
Companies obviously see the value in shifting to the cloud, but this migration does come with its own challenges (see Figure 1). These can generally be grouped into three categories:
• Threats. More than half of the respondents (52%) cited an increase in the threat landscape as a top public cloud infrastructure security challenge. Bad actors take advantage of zero-day exploits and targeted penetration attacks to compromise resources in the cloud. They also use malware to gain a foothold in on-premises environments and move laterally into the public cloud. Attacks on web applications and APIs have become commonplace and embedded in a variety of business processes. Keeping pace with the ever-expanding threat environment has only grown more difficult.
• Scale. Simply keeping pace with the amount of IaaS usage is also a common issue, as cited by 39% of respondents. The on-demand and elastic nature of the cloud makes ensuring consistent security significantly more difficult, especially given the need for security teams to coordinate with application owners and cloud operations groups. Maintaining protection within clouds—and securing connectivity between clouds, users, and locations—has only grown more difficult.
• Staff and skills. At the same time, many organizations struggle to adequately staff their security teams when it comes to IaaS. Nearly one-third of respondents (30%) report not having enough IaaS security skills, and an additional 28% indicate they don’t have enough staff focused on IaaS security. While some principles of cybersecurity translate from on-premises environments, the nuance of the public cloud makes finding specialists in public cloud security important, but difficult.
1 Source: Enterprise Strategy Group Complete Survey Results, Network Security Trends in Hybrid Cloud Environments, December 2021. All Enterprise Strategy Group research references and charts in this showcase have been taken from this survey results set.
This Enterprise Strategy Group Showcase was commissioned by Check Point Software and is distributed under license from TechTarget, Inc.
© 2024 TechTarget, Inc. All Rights Reserved
S H O W C A S E
https://research.esg-global.com/reportaction/NetworkSecurityinHybridCloudEnvironmentsCSR/Marketing
Showcase: Modern Security for Modern Environments: CloudGuard Network Security for Azure Virtual WAN
2
Figure 1. Public Cloud Infrastructure Security Challenges
Security Teams Require Tools Providing Both Efficacy and Efficiency To address these challenges, security teams have historically had to choose between two options: integrated tools from cloud service providers (CSPs) or virtual instances from third-party security providers. While each alternative provides some benefit to users, there are clear drawbacks as well.
Tools from CSPs are often easy to use and scale because they are natively integrated into the underlying cloud platform and align well with the skills cloud teams and developers have. Unfortunately, these tools only address the CSP platform in which they operate, which can contribute to tool sprawl in multi-cloud organizations, as well as lack of consistency between these tools. Additionally, the security capabilities of these tools may be limited to a “check- the-box” standard. For example, rather than full Layer 7 visibility, they may offer control only at Layer 3 and 4 or have basic antimalware functionality. This may result in some organizations believing their security is good enough, at least until they realize it is not.
Conversely, the offerings from third-party security providers typically provide strong protections supported by years of R&D and threat intelligence. However, these tools require more operational overhead to deploy properly because they are not integrated into the underlying cloud platform. Licensing enough security capacity and ensuring the networking and load balancing is properly configured is often a manual process with these tools, all of which may be less familiar to cloud and developer teams.
To effectively secure public cloud infrastructure, security teams require the best of both worlds: the same level of protection organizations are accustomed to on-premises but delivered as a cloud-native service. This requires three key attributes: • A cloud-native, as-a-service architecture. Nearly half (49%) of Enterprise Strategy Group research
respondents cite availability on CSP marketplaces as a significant factor influencing their organization’s decision to purchase third-party network security tools for public cloud infrastructure. More than one-third (36%) look for
Showcase: Modern Security for Modern Environments: CloudGuard Network Security for Azure Virtual WAN
3
usage- or consumption-based pricing. Cloud environments are elastic and dynamic, and the security tools that protect them should be as well. One of the benefits of using cloud platforms is only paying for what is used, rather than having to provision and pay for additional overhead “just in case.” Security tools that follow this approach allow organizations to better realize the economic benefits of the cloud.
• Strong security. Nearly two-thirds (61%) of respondents cite security efficacy ratings as a significant influence on their organization’s decision to purchase third-party network security tools for public cloud infrastructure. This includes not only full Layer 7 visibility and best-of-breed threat prevention, but application protections as well. Many workloads are tied to web applications and use APIs, necessitating the need for web application and API protection (WAAP) controls to protect against OWASP Top 10 and other application exploits. However, to avoid creating a complex sprawl of point tools, these capabilities should be part of a broad network security solution.
• Usability. More than half of respondents (54%) say technical documentation or reference architectures for third- party tools are an important buying criterion. This points to the difficulty of deploying and configuring virtual machines to protect cloud environments and is a key area where significant improvement is needed. By deeply integrating third-party tools with CSP infrastructure, organizations can provision and scale security in lockstep with the underlying infrastructure. Most importantly, they can do so without the need to manually configure the supporting components, such as load balancers. This ensures not only that the environment is protected, but that it is protected quickly so developers are not slowed by security processes.
CloudGuard Network Security for Azure Virtual WAN from Check Point CloudGuard Network Security for Azure Virtual WAN is Check Point Software’s solution for modern IaaS security of Azure Virtual WAN deployments. It is a cloud-native, consumption-based solution that is tightly integrated with Microsoft Azure infrastructure services to help security teams maximize operational efficiency. At the same time, it provides the high level of advanced threat prevention that security teams are accustomed to seeing from Check Point in their on-premises environments.
The cloud-based hybrid mesh network firewall platform is built on a cloud-native architecture and integrated into Microsoft Azure Virtual WAN, offering automated deployment and configuration into the Virtual WAN hub, dynamic policy updates, and supporting dynamic throughput. CloudGuard Network Security for Azure Virtual WAN provides the same next-generation firewall capabilities Check Point is known for providing on premises. This includes full Layer 4-7 firewalling to provide application visibility and control, URL filtering to control inbound and outbound internet traffic, and advanced threat prevention capabilities to detect and block sophisticated malware. The solution also includes SSL decryption to detect encrypted threats. A key area of differentiation for the solution is the addition of WAAP, when using Check Point CloudGuard WAF, to block application-centric threats such as the OWASP Top 10 and other more advanced attacks, and cloud-native application protection platform (CNAPP) capabilities for additional cloud security when using CloudGuard CNAPP.
It addresses four main use cases:
• Hybrid cloud network security. Modern environments are highly interconnected, with even internal traffic often moving across external boundaries. CloudGuard Network Security for Azure Virtual WAN helps organizations more efficiently apply consistent policies across their environment by supporting segmentation across both virtual and global clusters through intra-hub and inter-hub inspection, ingress and egress inspection via Azure Virtual WAN hub, and on-premises to cloud, site-to-site VPN connectivity.
CloudGuard Network Security for Azure Virtual WAN is a cloud-native, consumption-based solution that is tightly integrated with Microsoft Azure infrastructure services to help security teams maximize operational efficiency.
https://owasp.org/www-project-top-ten/
Showcase: Modern Security for Modern Environments: CloudGuard Network Security for Azure Virtual WAN
[Confidential]
©TechTarget, Inc. or its subsidiaries. All rights reserved. TechTarget, and the TechTarget logo, are trademarks or registered trademarks of TechTarget, Inc. and are registered in jurisdictions worldwide. Other product and service names and logos, including for BrightTALK, Xtelligent, and the Enterprise Strategy Group might be trademarks of TechTarget or its subsidiaries. All other trademarks, logos and brand names are the property of their respective owners. Information contained in this publication has been obtained by sources TechTarget considers to be reliable but is not warranted by TechTarget. This publication may contain opinions of TechTarget, which are subject to change. This publication may include forecasts, projections, and other predictive statements that represent TechTarget’s assumptions and expectations in light of currently available information. These forecasts are based on industry trends and involve variables and uncertainties. Consequently, TechTarget makes no warranty as to the accuracy of specific forecasts, projections or predictive statements contained herein.
Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of TechTarget, is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact Client Relations at cr@esg-global.com.
About Enterprise Strategy Group TechTarget’s Enterprise Strategy Group provides focused and actionable market intelligence, demand-side research, analyst advisory services, GTM strategy guidance, solution validations, and custom content supporting enterprise technology buying and selling.
contact@esg-global.com
www.esg-global.com 4
• Secured connectivity. From a connectivity perspective, CloudGuard Network Security for Azure Virtual WAN
supports both secure private and internet access. The solution intelligently connects users, based on their geography, using a VPN client via SSL VPN to the gateway residing in the closest hub. If the resource the user is accessing resides in a different cloud data center, traffic is routed using the Azure backbone to minimize latency. Gateways can support up to 13,500 concurrent users. Further, CloudGuard Network Security for Azure Virtual WAN secures internet access by connecting users through a cloud data center for inspection and policy enforcement before exiting to the internet.
• Protecting web-facing applications. CloudGuard Network Security for Azure Virtual WAN may be used together with CloudGuard WAF to protect against front-door attacks. CloudGuard WAF includes protections for APIs, offers support across multiple cloud providers, and is AI-based, meaning customers do not have to wait for an updated signature in order to block an unknown threat. It reduces false positives and eliminates the need for any manual tuning.
• Consistent and efficient security management. Check Point enables visibility and enforcement across on- premises and Azure Virtual WAN deployments, as well as public and private clouds, from a single pane of glass, helping to streamline hybrid cloud security management.
Conclusion Organizations continue to migrate workloads to the cloud regardless of how prepared their security team is to protect them. In many cases, security teams attempt to transition the same technologies they have used on premises, with the expectation that they will work properly in the context of the cloud. Unfortunately, because these tools are siloed from the cloud infrastructure, making deployment difficult, this approach too often results in security creating a bottleneck for cloud and development teams.
Security is now tasked with both protecting and enabling the business. Security teams must be able to support and cooperate with development teams to turn business risk into business opportunity. To do this, they require tools that provide the same level of protection organizations are accustomed to on-premises but that are delivered as a cloud-native solution. CloudGuard Network Security for Azure Virtual WAN offers these capabilities to help security teams deliver best-of-breed protection for Azure Virtual WAN deployments while maximizing operational efficiency.
mailto:cr@esg-global.com mailto:contact@esg-global.com http://www.esg-global.com/
Infrastructure-as-a-service Usage Is Pervasive, but Difficult to Secure Security Teams Require Tools Providing Both Efficacy and Efficiency CloudGuard Network Security for Azure Virtual WAN from Check Point Conclusion