Look for

Be a Thought Leader the tee!

We invite you to share your thoughts,

feedback, and experiences using
Check Point CloudGuard security
Share your
solutions. expertise with our
team located near
the CloudGuard
We value your feedback. booth.
Get a
CloudGuard
Price Pack!
*while supplies last
marketing.peerspot.com 202
2
CloudGuard CNAPP
Broader view, better focus, and prevention first.

Abigael Levy | Cloud Security Product Manager

Q1 2024

©2024 Check Point Software Technologies Ltd.

The questions we will answer

What is CNAPP?
Cloud-Native Application Protection Platform.

How CloudGuard CNAPP protects you?

Our 6-module prevention first CNAPP.

Why is a new paradigm needed for cloud security?

Presenting CNAPP+P.

©2024 Check Point Software Technologies Ltd.

WHAT IS CLOUD-NATIVE APPLICATION PROTECTION PLATFORM

A UNIFIED PLATFORM THAT

IDENTIFIES HELPS REMEDIATE EXCESSIVE RISK PRIORITIZES

©2024 Check Point Software Technologies Ltd.

THE “CLOUD” HARBORS MULTIPLE TYPES OF RISKS

Misconfigurations Sensitive Data Excessive Permissions Vulnerabilities Exposed Secrets Exposed Assets

©2024 Check Point Software Technologies Ltd.

 THOUSANDS OF RISKS

User DevOps/Dev

Mobile/IoT Contactors

SaaS App Data Center

©2024 Check Point Software Technologies Ltd.

 AND EVEN IF YOU REMEDIATE SOME, MORE ARE ADDED DAILY

User DevOps/Dev

Mobile/IoT Contactors

SaaS App Data Center

©2024 Check Point Software Technologies Ltd.

WHY IS A NEW PARADIGM REQUIRED?

Remediation is tedious, slow, and

resource-intensive.

Overwhelming number of zero-day

vulnerabilities.

The CISO organization has handed

control to DevSecOps.

©2024 Check Point Software Technologies Ltd.

INTRODUCING
A NEW
PARADIGM Cloud
Cloud Native
Native Application
Application
IN CLOUD Protection
Protection Platform
SECURITY + Prevention Platform
Misconfigurations
CLEAN YOUR CLOUD FROM
MISCONFIGURATIONS
Sensitive Data Continuous enforcement of rule sets across all major cloud providers, assets,
workloads, and Infrastructure as Code.

Excessive Permissions

Vulnerabilities

Exposed Secrets

Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
LEADING 3RD PARTY TICKETING AND
OPS SERVICES INTEGRATIONS
Sensitive Data

Excessive Permissions

Vulnerabilities

Exposed Secrets

Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
USE CLOUDBOTS TO AUTO REMEDIATE
MISCONFIGURATIONS
Sensitive Data Recommendations, single-click, and automatic remediation.

Excessive Permissions

Vulnerabilities

Exposed Secrets

Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
PROTECT YOUR SENSITIVE DATA
Assess security posture and prioritize remediation by focusing on assets
with sensitive data (e.g., PII, PCI, etc.).
Sensitive Data

Excessive Permissions

Vulnerabilities

Exposed Secrets

Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
PROTECT YOUR SENSITIVE DATA
Assess security posture and prioritize remediation by focusing on assets
with sensitive data (e.g., PII, PCI, etc.).
Sensitive Data

Excessive Permissions

Vulnerabilities

Exposed Secrets

Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
REDUCE RISK CREATED BY
EXCESSIVE PERMISSIONS
Sensitive Data Visibility on effective permissions and privilege levels

Excessive Permissions

Vulnerabilities

Exposed Secrets

Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
REDUCE RISK CREATED BY
EXCESSIVE PERMISSIONS
Sensitive Data Visibility on effective permissions and privilege levels

Consolidated View Detailed View

Excessive Permissions

Vulnerabilities

Exposed Secrets

Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
REDUCE RISK CREATED BY
EXCESSIVE PERMISSIONS
Sensitive Data • Zero-in on over-privileged identities and enforce least-privilege access with a
click.

Excessive Permissions

Vulnerabilities

Exposed Secrets

Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
SCAN FOR VULNERABILITIES
ACROSS THE SDLC
Sensitive Data

CI/CD-Integrated static code analysis and software composition analysis

Excessive Permissions
Code (inspecting open-source dependencies).

Vulnerabilities
Scan container images in registry for vulnerabilities, malware, and
Build prevent their deployment.

Exposed Secrets

Agentless workload scanning boosted by container agents for deep inspection

Runtime and remediation at runtime, as well as risky serverless functions.
Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
FIND EXPOSED SECRETS
DURING BUILD
Sensitive Data CI/CD integrated scanning with 2800+ built-in detectors that identify exposed
API keys, passwords, and more.

Excessive Permissions

Vulnerabilities

Exposed Secrets

Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
FIND EXPOSED SECRETS
DURING BUILD
Sensitive Data CI/CD integrated scanning with 2800+ built-in detectors that identify exposed
API keys, passwords, and more.

Excessive Permissions

Vulnerabilities

Exposed Secrets

Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
FIND EXPOSED SECRETS
DURING BUILD AND RUNTIME
Sensitive Data Runtime scanning of workloads, including VMs, containers, and serverless
functions for exposed secrets.

Excessive Permissions

Vulnerabilities

Exposed Secrets

Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
DISCOVER PUBLICLY
EXPOSED ASSETS
Sensitive Data Analyze network connections and IAM permissions using a graph database.

Understand and visualize exposure using Context Graph.

Excessive Permissions

Vulnerabilities

Exposed Secrets

Internet LBPublicP MainServer MainServer Default

LOADBALANCER NETWORK SUBNET
SECURITY
Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
DISCOVER PUBLICLY
EXPOSED ASSETS
Sensitive Data Analyze network connections and IAM permissions using a graph database.

Understand and visualize exposure using Context Graph.

Excessive Permissions

Vulnerabilities

Exposed Secrets

nSerwer Default MainServer MainServer MainServer

SUBNET NETWORK NETWORK VIRTUAL
SECURITY INTERFACE MACHINE
Exposed Assets

©2024 Check Point Software Technologies Ltd.

Misconfigurations
DISCOVER PUBLICLY
EXPOSED ASSETS
Sensitive Data Analyze network connections and IAM permissions using a graph database.

Understand and visualize exposure using Context Graph.

Excessive Permissions

Vulnerabilities

Internet LBPublicP MainServer MainServer

LOADBALANCER NETWORK SECURITY

Exposed Secrets

Exposed Assets
Default Main Server Main Server Main Server
SUBNET NETWORK SECURITY NETWORK VIRTUAL MACHINE
GROUP INTERFACE

©2024 Check Point Software Technologies Ltd.

CLOUD DETECTION
AND RESPONSE
Real-time visibility into your cloud through
activity and network logs.

Identify anomalous activity,

malicious traffic, and risky behavior.

Detect and prevent threats and malicious

behavior on workloads (containers and serverless).

©2024 Check Point Software Technologies Ltd.

CDR: TIMELINE AND CONTEXT-AWARE EVENT VISUALIZATION

©2024 Check Point Software Technologies Ltd.

Misconfigurations Sensitive Data Excessive Permissions Vulnerabilities Exposed Secrets Exposed Assets

©2024 Check Point Software Technologies Ltd.

CSPM CWPP
Cloud Security Cloud Workload
Posture Protection
Management

THE
Code
DSPM
Data Security
COMPLETE Security
Posture
Management 6 MODULE Static Code &
Composition
Analysis

CIEM CDR
Infractructure Cloud Detection
Entitlement and Responde
Management

©2024 Check Point Software Technologies Ltd.

 CLOUDGUARD CONNECTS THE DOTS…

User DevOps/Dev

Mobile/IoT Contactors

SaaS App Data Center

©2024 Check Point Software Technologies Ltd.

 …AND FOCUSES YOUR ATTENTION WHERE IT MATTERS

User DevOps/Dev

Mobile/IoT Contactors

Excessive
Exposed App VM with Log4j Permissions DB with PII

SaaS App Data Center

©2024 Check Point Software Technologies Ltd.

 NO ALERT FATIGUE

FOCUS ONLY AN
ASSETS AT HIGH-RISK
Asset risk score calculation
Convergence: Misconfigurations, CVEs,
exposed credentials, and malware.

Context enrichment
Priority filter based on exposure (network and IAM).

Effective impact evaluation

Risk coefficient based on business priority, privilege
Address high-risk issues. levels, and data sensitivity.

©2024 Check Point Software Technologies Ltd.

 AND NOW CLOUDGUARD
IS TAKING YOU TO THE NEXT LEVEL

Preventing Front Preventing “Service

Door attacks with Door” attacks with
AI-Based WAF Cloud Network Security

Preventing attacks on
everything in between.

©2024 Check Point Software Technologies Ltd.

 CloudGuard 6-module CNAPP+P, is the
1
unified platform to secure your cloud.

YOUR TAKE
AWAYS FROM
TODAY.

©2024 Check Point Software Technologies Ltd.

YOUR TAKE It enables you to concentrate your
AWAYS FROM 2 efforts and attention on high-value
assets at risk and potential attack paths.
TODAY.

©2024 Check Point Software Technologies Ltd.

YOUR TAKE
AWAYS FROM
TODAY.
Get full end-to-end breach
3 prevention with CloudGuard Network
Security and AI-powered WAF.

©2024 Check Point Software Technologies Ltd.

Questions?

©2024 Check Point Software Technologies Ltd.