Best practices to secure your Azure Virtual WAN

Posted by

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

In this guest blog post, Hezi Bahry, Manager of Product Management Cloud Security at Check Point Software Technologies, details how Check Point’s CloudGuard can bolster Azure Virtual WAN security.

 

To best address today’s modernized IT requirements, many organizations choose a distributed environment strategy, which includes the use of different infrastructures serving different business needs, as in Figure 1 below. Global organizations may have a large on-premises datacenter, with tens or hundreds of branch offices around the world; they utilize Microsoft Azure’s global presence to serve different business needs. Such a decentralized IT environment requires organizations to manage and maintain complex connectivity, and their security needs may vary between these different parts of a global IT environment.

 

Figure 1 pic png.png

 

Figure 1: Multiple physical and cloud-based datacenters (source: Microsoft)

 

Maintaining and securing the peering configurations of multiple physical and cloud-based datacenters creates operational and security challenges, especially when the datacenters have different requirements and use different security solutions. To address these challenges, Microsoft developed Azure Virtual WAN, which can be understood as a cloud-native version of the hub-and-spoke model (see Figure 2 below). Connecting decentralized datacenters, branch offices, and remote users to Azure Virtual WAN simplifies networking connectivity while providing streaming of traffic with low latency.

 

Figure 2 pic.png

 

Figure 2: Azure Virtual WAN architecture (source: Microsoft)

 

Companies can attain business objectives by enhancing the security of their Azure Virtual WAN environment for scenarios such as:
• Migrating to Azure and needing to secure traffic and workloads on new cloud infrastructure.
• Implementing a new Azure Virtual WAN architecture and requiring advanced threat prevention.
• Evaluating unified and consistent security management of Azure, multi-cloud, and/or hybrid-cloud deployments together with on-premises security.
• Looking to improve the operational efficiency and automation of cloud network security.

 

How Azure Marketplace and Check Point can enhance security

 

For the past three decades, Check Point Software Technologies Ltd. has been a leader in cybersecurity. Across the ever-evolving digital world, from enterprise networks through cloud transformations, Check Point secures remote employees, defends critical infrastructures, and protects more than 100,000 organizations from the most imminent cyber threats.


Check Point’s partnership with Microsoft, dating back to the 1990s, enables joint customers to feel more confident to adopt and consume more Azure cloud services safely and securely. Check Point’s cloud security solution, CloudGuard, natively integrates with more than 50 Microsoft services and solutions, including Microsoft Sentinel, Microsoft Defender for Cloud, Azure Stack, and Azure Kubernetes. The latest is CloudGuard’s support for Azure Virtual WAN, a Microsoft Network-as-a-Service. Virtual WAN is already generating significant interest because of its operational improvements and advanced feature sets. Organizations using Azure Virtual WAN’s capabilities need to ensure that deployments are protected, which is where Check Point CloudGuard Network Security can enable multiple scenarios.


“Protecting your cloud infrastructure must be automated and operationally efficient to meet today’s business needs,” said TJ Gonen, Check Point’s VP of Cloud Security. “The focus on improving the cloud team’s daily operations is at the center of Azure Virtual WAN, and Check Point is excited to partner with Microsoft to make cloud network security quick, easy, and intuitive.”


Reshmi Yandapalli, Principal Product Manager, Azure Core-Networking, said, “The partnership between Check Point and Microsoft Azure provides a best-in-class solution that can secure network traffic for cloud deployment. Check Point CloudGuard for Azure Virtual WAN delivers a fully integrated and automated solution allowing customers to seamlessly protect their applications and workloads."


Check Point’s solution for Azure Virtual WAN security


Check Point and Microsoft have worked together to integrate CloudGuard Network Security with Azure Virtual WAN. The integration centralizes and simplifies the security and operations for Azure and Check Point customers (see Figure 3 below).

 

Figure 3 pic.jpg

 

Figure 3: CloudGuard provides Azure Virtual WAN security (source: Microsoft and Check Point)

 

The tight integration of CloudGuard with Azure Virtual WAN has already generated high interest from several leading organizations in different industry verticals. The solution has been tested in numerous proofs of concept with early design partners, with feedback that the cloud-native security solution is able to meet the enterprise security requirements of highly regulated, top-tier organizations.


CloudGuard Network Security for Azure Virtual WAN provides the following benefits for enhanced security and improved security operations:


Managed application: CloudGuard is provided as an Azure Managed Application. This simplifies all the operational aspects of IaaS solutions, providing automated deployment and configuration, automated updates and upgrades, as well as health checks and monitoring of the solution. Most important, it moves the operational overhead from the customer to Check Point so the organization can be more efficient and focus more on security and less on operations.


Cloud-native elasticity: CloudGuard is provided in a scalable active/active configuration, which allows it to share traffic loads and is thus fully adaptable to the dynamic nature of customer traffic elasticity.


Cloud-native consumption model: Adopting popular cloud-native business models, the CloudGuard solution is provided using a single dimension consumption model based on the throughput of customer traffic inspected.


Consumption through Azure Marketplace: Customers can easily consume and be billed for the managed application by subscribing in the Azure Marketplace. CloudGuard Network Security is also eligible to address an organization’s Microsoft Azure Consumption Commitment (MACC).

 

Best-of-breed security: CloudGuard protects all traffic flows in Azure Virtual WAN.


Industry-leading threat prevention: CloudGuard has an industry-leading catch rate of malware, ransomware, and other types of attacks: Highest security effectiveness score with a 100 percent block rate, 100 percent malware prevention, 100 percent exploit resistance, and zero percent false positives.


Recognized as a long-term leader by third-party analysts: For 22 consecutive years, Check Point has been a Leader in the Gartner Magic Quadrant for Network Firewall. Check Point has a Recommended rating from NSS Labs and more than 28 years of security gateway intellectual property and cybersecurity technology innovation.


Single pane of glass: Customers using Check Point Security Management can connect the newly deployed Virtual WAN security infrastructure with their existing Security Management server and control their vWAN security, public clouds, private clouds, and on-premises security from a single pane of glass (using the same comprehensive security management capabilities, including the discovery engine, advanced datacenter objects, and tag-based policy).


Management-as-a-Service: Customers not currently using Check Point Security Management can connect the newly deployed Virtual WAN security infrastructure with Check Point’s web-based Management-as-a-Service.

 

These benefits will help security engineers and managers focus on security instead of the overhead of sizing, deployment, configuration, and maintenance.

 

Supported security use cases (security technologies)


Firewall and IPS
Anti-virus, anti-bot, and anti-malware
Application control and URL filtering
SandBlast adds threat emulation and threat extraction for zero-day attacks
• Secured site-to-site IPsec VPN

 

Next steps


For a demo of the new solution, please watch this video.

 

CloudGuard Network Security for Azure Virtual WAN is currently in early availability. The early availability program provides a wide range of benefits, including VIP support from a Check Point Cloud Security Architect. If you would like to join the program, please click here.


To receive a personalized demo of CloudGuard for Azure Virtual WAN, please click here.


If you would like to discuss this in more detail with your Check Point account team or security engineer, or with your Check Point channel partner, please click here.

 

Additional content for learning and reading


If you are migrating to the cloud and evaluating cloud network security solutions, download the Buyer’s Guide to Cloud Network Security to understand:


• The top 10 considerations when evaluating and choosing a cloud network security solution in more detail.
• An overview of Check Point CloudGuard and how it answers these top 10 considerations.
• The relative benefits of the solutions provided by leading cloud providers and third-party security vendors.


Another helpful document is the Forrester Total Economic Impact of CloudGuard Network Security. Forrester Research interviewed a $10 billion+ U.S.-based healthcare company that uses CloudGuard to secure its hybrid-cloud deployment and generated a 169 percent ROI. To read this document, click here.


Do you want to read more about cloud security? Download the Check Point cloud security blueprint documents:


Introduction to Cloud Security Blueprint introduces the cloud security blueprint and describes key architectural principles and cloud security concepts.
Cloud Security Blueprint: Architecture and Solutions explains the blueprint architecture, describes how Check Point’s cloud security solutions enable you to implement the blueprint, and how these address the cloud security challenges and architectural principles that were outlined in the first document.
This document provides reference architectures for implementing the cloud security blueprint. 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.