When Check Point Software acquired Israeli startup Spectral a yr in the past, it joined the ranks of different community safety suppliers acknowledging the rising risk of software program provide chain assaults. Spectral helped fill a essential hole in CloudGuard, Check Point’s unified risk safety and community safety platform for public and hybrid clouds, with its code scanning and leakage detection instruments.
Spectral gives infrastructure as code (IaC) scanning, code-tampering prevention, hardcoded secrets and techniques detection supply controls, and CI/CD safety and supply code leakage detection instruments. It supplied the underpinning of Check Point’s Cloud-Native Application Protection Platform (CNAPP), which is now a part of CloudGuard, one among 4 core Check Point product strains.
Understanding the Role of CNAPP
CNAPP is gaining lots of consideration as builders shift to cloud-native utility growth to help new enterprise functions and digital transformation initiatives. Gartner describes CNAPPs as “an built-in set of safety and compliance capabilities designed to assist safe and defend cloud-native functions throughout growth and manufacturing.”
Developers are more and more counting on open supply code and microservices from a extensively distributed and sometimes huge group to compose their containers and serverless capabilities. While the supply code might come from a longtime ecosystem, it is not uncommon for some elements to have roots from unknown or out of date sources. CNAPP permits organizations to determine DevSecOps processes the place software program builders take the lead in discovering potential flaws in code earlier than deploying utility runtimes into manufacturing, says Melinda Marks, a senior analyst at Enterprise Strategy Group.
“This is necessary for stopping safety points earlier than you deploy your functions to the cloud as a result of when you deploy them, they’re accessible for the hackers,” Marks says.
Agentless Scanning and Other New Features
After integrating Spectral’s instruments into CloudGuard upon finishing final yr’s acquisition, Check Point added some essential new capabilities to the CNAPP, rolled out this month, together with permissions and entitlement administration, agentless scanning, and deeper threat scoring of a corporation’s complete atmosphere. Check Point officers underscored the corporate CNAPP push final week throughout its annual CPX 360 occasion in New York.
“We considerably enriched the platform to handle many necessary components of the cloud-native management atmosphere,” Check Point chief product officer Dorit Dor tells Dark Reading. Check Point additionally introduced plans to feed all information from CloudGuard to its new Horizon Events, a unified dashboard that gathers logs from your complete Check Point ecosystem. Check Point launched Horizon Events late final yr, and an early entry model is now accessible.
For Check Point, including CNAPP to CloudGuard was essential. Check Point’s key opponents are additionally on the CNAPP bandwagon. Among them, Palo Alto Networks has considerably emphasised its Prisma Cloud, which just lately gained added Software Composition Analysis (SCA) and Secret Scanning capabilities. In December, Palo Alto Networks acquired provide chain safety software supplier Cider Security.
Check Point Shares CNAPP Roadmap
Dor touted Spectral’s “very robust” secret scanning capabilities. She defined that builders might plug it into their CI/CD environments and implement insurance policies as code by means of open coverage brokers.
Dor introduced the roadmap for CloudGuard, noting that Check Point is seeking to implement extra AI. Check Point plans to enhance observability and visibility to assist builders establish malicious code. Also within the pipeline, Check Point is engaged on permitting CloudGuard to deal with your complete software program invoice of supplies (SBOM) lifecycle, in the end enabling and imposing them.
Check Point can also be engaged on enhancing how CloudGuard works with community safety. “Network Security has been there for a very long time; we’ve a really mature community safety resolution,” Dor stated. “But the problem now could be to make it communicate extra of the language of the builders.” Check Point is addressing that by integrating community safety into its AWS Security framework and providing it with the AWS community safety as a service. Dor famous that Check Point just lately built-in CloudGuard community safety with Microsoft Azure, permitting directors to handle their Microsoft environments.
“It’s an area for steady funding,” Dor stated. With a route towards multi-cloud protection, the purpose is to allow it to “help your builders natively and to help the system administration and supplying you with one cloud management airplane.”