Proximus NXT partners with Check Point to offer businesses a cloud-native unified security solution
Proximus NXT partners with Check Point to deliver a cloud-native unified security solution for businesses
Modern cloud deployments are extremely complex and often involve multiple cloud environments. While public cloud providers invest significant resources in security, customers remain responsible for how they use these services. This represents a major challenge when scaling workloads and applications in the cloud.
Emanuel Da Costa, Security Engineer at Check Point Software Technologies, and Laurent Untereiner, Head of Sales Unit Network & Security at Proximus NXT, explain how a cloud-native unified security strategy can help automate security and optimize cloud deployments.
TS: Adopting a public cloud infrastructure means that security is now a shared responsibility between an organization and its cloud provider. Given this reality, how can companies implement automated and elastic network security to protect their assets and data while remaining aligned with the dynamic requirements of public cloud environments?
EC:
"When a company starts extending its data center into the public cloud, we see that the first step is usually to secure its networks. A unified security management solution — such as CloudGuard Cloud Network Security, which is part of Check Point Software’s CloudGuard platform — enables companies to consistently manage their security policies and provides a unified view across all public, private, hybrid clouds and on-premises networks."
"This solution helps prevent advanced threats through capabilities that are not natively provided by cloud providers, such as firewalling, IPS, Application Control, Anti-Bot, antivirus and sandboxing."
"CloudGuard Cloud Network Security not only provides scalability, high availability, elasticity and efficiency, but also ensures agility, rapid deployment and CI/CD workflow automation, which are essential capabilities in DevOps environments."
LU:
"Our customers’ development teams must primarily address rapidly and constantly evolving business requirements. Security is often perceived as a constraint that adds complexity and slows down development. As a result, communication between development teams and the teams responsible for infrastructure and application security is rarely optimal."
"The advantage of CloudGuard Cloud Network Security is that it enables transparent automation of the integration of security policies defined by security teams into deployments managed by development teams. The deployed environment automatically complies with established security templates, greatly simplifying the daily operations of all our customers’ teams."
"More broadly, the evolution of practices towards DevSecOps enables security to become a business enabler rather than a blocking factor, as it was often perceived in the past."
TS: Securing cloud workloads requires a different approach from protecting traditional assets in a data center, as best practices often challenge conventional thinking. How can organizations address the new challenges created by highly dynamic cloud environments, where rule-based tools and antivirus solutions are no longer sufficient?
EC:
"The growing adoption of cloud computing is transforming traditional monolithic applications into microservices, providing greater agility and flexibility but also creating new security challenges. The dynamic nature of these workloads also means that the number of assets hosted in complex environments is constantly increasing."
"CloudGuard Cloud Workload Protection addresses the security challenges created by these new types of workloads. First, the solution provides enhanced visibility into container and serverless environments, enables the detection of configuration issues that may create security risks, and verifies compliance with major standards such as CIS and NIST."
"CloudGuard Cloud Workload Protection also enables organizations to scan container and serverless environments and detect vulnerabilities throughout the application lifecycle, starting from the development phase. The solution provides developers with the necessary tools to perform security testing within CI/CD pipelines, public and private container registries where images are stored, as well as running containers."
"This avoids traditional security control processes — such as vulnerability management and penetration testing — that were previously performed after applications had already been deployed."
"Finally, CloudGuard Cloud Workload Protection provides the ability to detect and block threats in real time through automatic profiling capabilities and to stop application-layer attacks, including those identified by OWASP."
LU:
"The use of containers and serverless computing is no longer limited to testing environments. It is increasingly expanding into production environments that directly support business activities. These highly specific environments must be secured with dedicated solutions."
"To simplify daily management, it is essential that these new solutions can be easily managed by security teams. This is an extremely important criterion because these environments differ significantly from traditional workloads, both during deployment and throughout their lifecycle. The usual security practices are therefore not always applicable."
"Through strong visibility into threats and compliance, security teams can regain their efficiency. Advanced solutions such as CloudGuard Cloud Workload Protection address these specific requirements. Thanks to their expertise, Proximus NXT’s Check Point-certified engineers can support customers in implementing these solutions and adapting to the evolving security needs of highly dynamic cloud environments."
TS: As APIs become a fundamental component of modern application development, the attack surface continues to expand. Gartner estimates that by 2022, API attacks will become the most frequent attack vector leading to data breaches in enterprise web applications. Gartner also states that 40% of web application attacks are already carried out through APIs rather than user interfaces. Given these alarming trends, how can organizations secure web applications and APIs?
EC:
"CloudGuard for Application Security represents a new paradigm for application security. By leveraging machine learning and a contextual AI engine, CloudGuard AppSec learns how an application is typically used, establishes user and application behavior profiles, and assigns a score to each request accordingly."
"The solution can therefore precisely block illegitimate requests, protect APIs by enforcing approved schemas, and prevent automated bot attacks through JavaScript injection mechanisms that identify human and non-human interactions."
"This contextual AI-based approach eliminates false positives while maintaining high application security standards. Unlike traditional signature-based WAF solutions, CloudGuard AppSec automatically adapts when applications are updated and enables almost immediate transition to preventive deployment mode."
LU:
"Any solution entering today’s market must provide APIs to integrate with the rest of the environment, enable automation and allow centralized management. The number of APIs in production environments is growing exponentially and their use has become essential. It is therefore not possible to restrict access to them simply because security is not fully controlled."
"For traditional web applications, the use of WAF solutions has long been considered a best practice. However, securing APIs through third-party tools is still far from being a priority for our customers, who often rely solely on the native security implemented by the providers of these communication interfaces."
"Proximus NXT teams therefore have an important awareness-building role to play in ensuring that the benefits offered by APIs do not translate into vulnerabilities that could be exploited by potential attackers."
Get in touch with us! Our teams are here to support you. Whatever your challenge, we will work together to find the best solution.