Check Point has launched a new tool that offers cloud-native threat protection and security intelligence. The tool, CloudGuard Log.oc, enables customers to view any data flow and audit trail in flexible, scalable cloud environments. The tool is designed to help customers better understand their cloud data and activities, speeding up technical research processes.
Log.ic is part of Check Point’s CloudGuard family of cloud security products. The new tool protects users by detecting anomalies in the cloud and blocking dangers and intruders. In addition, CloudGuard Log.ic offers a context-rich visualization that makes it possible to thoroughly investigate security incidents in public cloud infrastructures such as Amazon Web Services (AWS).
The core of CloudGuard Log.ic is an engine that collects data from various sources to build a contextual awareness of security in public cloud environments. This includes information from VPC Flow Logs and AWS CloudTrail, for example. The solution is to use security and DevOps teams to search faster for threats and respond more quickly to incidents. It also allows them to (re)evaluate the security policy and apply it to multiple accounts.
CloudGuard Log.ic can also be integrated into third-party SIEM solutions. Think for example of Splunk and ArcSight.
Notifications
Thanks to an integration with Check Point’s ThreatCloud intelligence overviews of malicious IPs, the whole provides advanced threat prevention. Users can also create simple, customised alerts. These alerts are triggered when suspicious network and user activity, compliance violations and misconfigurations occur. Important events, statistics and traffic by e-mail or various ITMS tools such as ServiceNow, PagerDuty and Jira are also directly reported on.
The tool also provides an analysis of allocations to users, groups and roles. Federated events can thus be followed up by following up configuration changes and relating them to an individual or specific role. Finally, CloudGuard Log.ic includes CloudBots auto-remediation features to automatically respond to specific alerts of malicious activity. The functions can also automate further steps.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.