We are very pleased to announce the general availability of CloudGuard Network Security for Azure Virtual WAN on May 18.

This integration provides Azure customers with an industry-leading cloud firewall – enabling them to confidently migrate to Azure with maximum security and operational efficiency.

This blog post will explain the announcement in more detail with some background about Azure Virtual WAN, how CloudGuard is tightly integrated with the service to provide the best-in-class Azure security, the value and benefits to Azure customers, and next steps for readers who want to learn more and try it for themselves.

Background

The wide adoption of cloud architectures is being driven by the desire to transform businesses for greater efficiency, speed, agility, and cost controls. While cloud solutions offer many advantages over traditional IT infrastructure, legacy security approaches do not address the dynamic nature of cloud environments, and can expose organizations to a new set of security risks.

Security insertion and management is a significant challenge for the cloud. Organizations struggle to manage disparate security solutions for their on-premises and cloud environments, resulting in a lack of consistent policy enforcement that makes regulatory compliance difficult. At the same time, the frequency and sophistication of threats continues to increase. Security solutions protecting premises-based environments do not extend easily to the cloud, often leaving cloud assets and workloads exposed and making them attractive targets for cyber criminals. Once a cloud environment is breached, attacks are able to spread laterally from VM to VM within the cloud and even extend to corporate networks.

In addition, organizations often own and maintain multiple datacenters in multiple regions and on multiple platforms. This creates a challenge for security managers: maintaining, securing, and connecting multiple datacenters. Complex connectivity and security posture causes security issues and lack of agility in business growth. Network security in the cloud is more complex than it is on-premises because the cloud is dynamic and ephemeral. When connecting cloud infrastructures with existing infrastructures (on-premises and branch offices), the challenge is even greater.

Overview of Microsoft Azure Virtual WAN

Azure Virtual WAN is a cloud networking service with a hub-and-spoke architecture for connecting multiple Azure regions, on-premises sites, remote users, branch offices and other clouds, as can be seen in the diagram below. Virtual WAN benefits include simplified network management, improved reliability, and reduced costs through optimized routing and traffic flow. Virtual WAN customers can easily deploy and manage complex hybrid networks, enhance application performance, and improve user experiences across different locations.

Azure Virtual WAN (source: Microsoft)

In other words, Azure Virtual WAN simplifies cloud networking and connectivity. It is increasingly popular with enterprise customers with diverse and complicated distributed IT deployments, and we have seen significant interest in Virtual WAN from a wide variety of organizations across all industries.

What is the best way for customers to secure their Azure Virtual WAN deployments?

CloudGuard Network Security

Check Point’s CloudGuard platform offers unified cloud native security across applications, workloads, and networks, giving organizations the confidence to automate security, prevent threats, and manage posture, at cloud speed and scale.

One of CloudGuard’s capabilities is cloud network security, which extends Check Point’s industry-leading on-prem network security into a wide range of public, private and hybrid clouds.

CloudGuard inherits all of the on-premises technology blades, including:

Check Point network security solutions are rated with the highest security effectiveness score of 99.7% malware prevention and the lowest false positive rate of 0.13% according to the latest Miercom benchmark report. They are also recognized as a long-term leader by third-party analysts firms including The Forrester Wave™: Enterprise Firewalls, 2022.

Organizations with on-premises environments and in the process of migrating to the cloud receive unified and consistent security management of all their on-prem and cloud environments and experience the easiest, quickest and most secure cloud migration with lowest total cost of ownership and lowest organizational risk.

Integration with Azure Virtual WAN

The CloudGuard integration with Azure Virtual WAN is now generally available, after successfully completing POCs with over 25 customers who participated in the Early Availability program.

CloudGuard is deployed inside the Virtual WAN hub directly from Azure Marketplace, with a same consumption-based pricing model. It improves Azure security through this tight integration, and provides organizations with consistent and unified security management for Azure Virtual WAN and hybrid-clouds with maximum operational efficiency.

With this centralized connectivity and security inside the hub, organizations can enjoy streamlined and consistent security across all their distributed environments. CloudGuard can inspect all traffic flows and supports all security use cases, so organizations can ensure comprehensive protection against various threats.

The first architecture diagram below shows a single-hub design, where the CloudGuard security gateways can be seen inside the hub, supporting all ingress, East-West and egress traffic flows.

Single hub architecture diagram

The second architecture diagram below shows a two-hub design, for organizations who want to deploy a 3rd party SD-WAN as well as CloudGuard security gateways inside the hub.

Double hub architecture diagram

For a deeper dive into these designs, please watch the Under the Hood technical session.

Let’s look into the main benefits in detail:

  1. The best available protection for your cloud deployment
  • Objective third-party analysts show that CloudGuard Network Security has the highest security effectiveness score, with proof-points from Miercom lab testing as well as consistent and continuous Forrester and recognition – see above.
  • CloudGuard is powered by Check Point ThreatCloud for unknown attacks: the world’s most powerful threat intelligence inspects 4M files and receives updates from 100s of millions of global Check Point enforcement points per day.
  1. Cloud-Native and tightly integrated with Azure Virtual WAN
  • CloudGuard is cloud-native and built for cloud principles of elasticity, agility, availability, low latency, resilience, and is easily scalable to support dynamic traffic growth and business needs.
  • Customers deploy the cloud security gateways automatically into the Azure Virtual WAN hub directly from the Azure Marketplace using an Azure Managed Application, with PAYG pricing based on the volume of inspected traffic so organizations pay for what they use instead of what they deploy.
  • CloudGuard integrates natively with Azure Routing Intent for solution configuration, resulting in a centralized, simpler, more consistent, scalable and easier way to secure multi-spoke networks, with automated deployment, setup and configuration.
  1. Greater operational efficiency and simplicity
  • The automated deployment reduces complexity – there is no need to setup and configure complicated vNET routing, updates, patching and monitoring. As spokes are added to the Virtual WAN, CloudGuard is able to apply automated policies, keeping rules and posture current.
  • Check Point’s unified security management provides consistent visibility, policy management, logging, and control across all hybrid-clouds and on-prem from a single pane-of-glass.
  • The integration enables agile maintenance, upgrades, and updates, thus significantly reducing operational overhead.

Additionally, CloudGuard Network Security for Azure Virtual WAN is generally available in all Azure regions, and was extensively tested by over 25 customer POCs as part of Check Point’s early availability program.

Main use cases

  • Network security: Consistently prevent advanced threats, gain full cloud visibility and control.
  • Prevent lateral attacks: Reduce cloud attack surfaces and segment different parts of the organizational IT.
  • Scale rapidly: The tight integration with Azure Managed Application enables quick automation, easy scaling and orchestration.
  • Secure VPN Connectivity: Enable secure and centralized connectivity to additional parts of your networks.
  • Unified Security Management console: Consistent visibility and control for public, private, hybrid and on-premises networks.

Summary

The general availability of CloudGuard Network Security for Azure Virtual WAN extends Check Point’s best-in-class network security and enables organizations to protect their Virtual WAN deployments with confidence, as part of their cloud journey and their digital transformation.

CloudGuard’s integration with Virtual WAN is cloud-native and reduces the operational overhead of cloud security teams, allowing them to focus more on security and less on logistics and complicated connectivity and routing. The consumption-based pricing lets organizations pay for what they use and not for what they deploy.

We are grateful to the Microsoft team for their close partnership, and extend kudos to all at Check Point whose teamwork, results-orientation and professionalism contributed to this success.

How to get started

To read more about CloudGuard Network Security for Azure Virtual WAN, read the press release or visit the dedicated webpage.

To watch the Microsoft and Check Point’s joint customer pre-launch webinar, click here.

If you are interested in more technical details of the integration, you can watch the Under the Hood technical session and the following:

If you would like to schedule a deep-dive personalized workshop around CloudGuard or best practices for secure migration, please fill in the form here and a cloud security architect will contact you to discuss your needs and schedule next steps.

If you would like to see CloudGuard in action, please fill in the form to schedule a demo, and a cloud security expert will help to understand your needs.

If you are ready to purchase CloudGuard on Azure Marketplace, please click here.

If you have any other questions, please contact your local Check Point account representative or channel partner using the contact us link.

Follow and join the conversations about Check Point and CloudGuard on TwitterFacebookLinkedIn and Instagram.

You may also like