Check Point has extended the capabilities of its unified CloudGuard Cloud Native Security platform with the launch of new CloudGuard Application Security (AppSec), a fully automated web application and API protection solution, enabling enterprises to secure all their cloud-native applications against both known and zero-day attacks.

CloudGuard AppSec, part of the CloudGuard Workload Protection capabilities, eliminates the need for manual tuning and high rate of false-positive alerts associated with legacy Web Application Firewalls (WAFs), using contextual AI to prevent attacks from impacting cloud applications and enabling enterprises to take full advantage of cloud speed and agility.

Web Application Firewalls (WAFs)

WAFs cannot keep up with the speed of breaches at which today’s cloud-native applications evolve Web application breaches doubled in 2020 but legacy rule based WAFs cannot keep up with the speed at which today’s cloud-native applications evolve. These first-generation approaches rely on threat signatures and complex manual rule tuning.

This problem is magnified as organisations move to running containerised apps: a 2020 container usage study found that 49% of all containers are live for less than 5 minutes, and 21% for less than 10 seconds. These rapid changes cause legacy WAFs to produce an unsustainable overload of false positive alerts and manual admin work, often forcing security teams to leave these solutions in ‘alert only’

Automation of application security

Web applications are increasingly targeted by criminals, but traditional WAFs are simply unable to keep pace with the speed at which today’s cloud apps change and demand constant manual management, which leaves organisations dangerously exposed to attacks and costly breaches,” said TJ Gonen, Head of Cloud Product Line, at Check Point Software.

Our strategy is to help enterprises secure their most critical workloads – their applications and data – with a unified platform that protects all workloads, including serverless functions and containers, from code to application runtime, all at the speed of DevOps. CloudGuard AppSec simply automates all aspects of application security, with virtually no need for ongoing management, in any cloud environment or infrastructure.

Integrated security

"Protecting workloads and applications in the cloud requires a holistic suite of capabilities,” said Frank Dickson, Program Vice President of Security & Trust at IDC Research.

However, the journey to workload protection starts with securing your web applications and APIs. Check Point addresses this need for integrated application security and demonstrates their cloud acumen with the introduction of CloudGuard’s newest capability which includes automated application security."

CloudGuard AppSec security capabilities

  • Continuous protection for applications as they evolve: CloudGuard AppSec blocks application attacks such as site defacing, information leakage, user session hijacking, and all of the OWASP Top 10 web application security risks. The solution’s AI engine continually adapts to application changes and self-updates to ensure continuous security.
  • Advanced API attack prevention: As applications evolve, they create and expose more APIs. CloudGuard AppSec automatically blocks criminals from leveraging APIs to expose sensitive data, inject commands or to extract API keys.
  • Automated bot protection: CloudGuard AppSec uses behavioral analysis to distinguish between human and non-human interactions with applications, to prevent credential stuffing, brute force attacks and site scraping, and offers customisable protection to manage non-malicious web bots.

Customer feedback

We needed the ability to protect our unique application and the various types of data it processes in our complex, dynamic Google Kubernetes environment,” said Mark Unak, CTO at Harqen.ai.

Thanks to Check Point’s CloudGuard application security solution, we now have a best-in-class, automated prevention against the internet’s most hostile and advanced security threats.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?