The complexity of too many choices (source: The New York Times)
Too much choice is often confusing.
Think about all the different types of cereal, perfume, or even political parties in some countries.
However, often the multitude of choices is unavoidable.
For example, when flying to a far-away destination, you have to choose between multiple flight options, considering cost, duration of travel, number of legs, different airlines, comfort, layovers, etc.
This holds true for cloud marketplaces, like the AWS Marketplace.
With so many options to choose from, it is important to understand the listings. If you’d like to purchase CloudGuard to improve your AWS security with an industry-leading cloud network security solution, or even to get a 30-day free trial, you should understand the different offerings available to ensure that you get exactly what you need.
Check Point recently added three new offerings to the AWS Marketplace in order to provide AWS customers the opportunity to use CloudGuard with AWS Gateway Load Balancer (AWS GLB).
This blog post explains all the CloudGuard Network Security offerings in the AWS Marketplace and is an update to the previous explanatory blog post from August 2019.
Before I explain each offering, I will provide a little detail about the AWS Marketplace, CloudGuard Network Security, and AWS GWLB.
What is the AWS Marketplace?
AWS explains that the AWS Marketplace “enables qualified partners to market and sell their software to AWS Customers.”
In other words, AWS enables its customers to purchase software and services from 3rd party ISVs (Independent Software Vendors), Value-Added Resellers (VARs), and Systems Integrators (SIs) after these have been qualified by AWS.
Additionally, AWS writes that “AWS Marketplace is an online software store that helps customers find, buy, and immediately start using the software and services that run on AWS.” AWS Marketplace is a great win-win as it supports the AWS ecosystem of partners, provides easy-to-use services to AWS customers and improves the usability of AWS services.
There are currently over 16,000 different offerings in the AWS Marketplace, from over two thousand vendors, in eight different categories, with twelve pricing plans and eight delivery methods.
AWS Marketplace is a self-service portal for customers to choose, trial and purchase solutions from AWS partners, but without the additional overhead which is often associated with lengthy contract and pricing negotiations. Customers who purchase third-party services or solutions in the Marketplace pay AWS for these purchases as part of their regular monthly bills; AWS then pays the thrid-party partners.
What is CloudGuard Network Security?
CloudGuard Network Security (CGNS) is a cloud-native security gateway which delivers industry-leading advanced threat prevention and multi-layered network security for all public, private and hybrid cloud deployments.
Threat prevention security features include Firewall, DLP, IPS, Application Control, IPsec VPN, Antivirus and Anti-Bot, Threat Extraction and Threat Emulation.
Integrated with leading configuration management tools, CloudGuard enables rapid deployment and supports full automation to support CI/CD processes and Infrastructure as Code practices.
The Unified Security Management console provides consistent visibility, policy management, logging, reporting and control across all public, private and hybrid cloud networks as well as for on-premises deployments.
AWS Gateway Load Balancer
AWS Gateway Load Balancer (GWLB) is a new cloud service that makes it easy for customers to deploy, scale and manage multiple CGNS gateways, for many networking purposes.
AWS launched GWLB in November 2020; on the same day, Check Point announced that CloudGuard integrates with AWS Gateway Load Balancer at launch.
This video (from Check Point’s CPX360 Summit, February 2021) explains the benefits of GWLB to AWS and Check Point customers.
What CGNS offerings are available in the AWS Marketplace?
There are 9 CGNS offerings in the AWS Marketplace.
The differences between these offerings are due to:
- Functionality:
- Next Generation Firewall with Threat Prevention (also known as NGTP): This security gateway includes Firewall, IPS, Application Control, IPsec VPN, Antivirus, Anti-Bot, and Data Loss Prevention
- Next Generation Firewall with Threat Prevention and SandBlast (also known as NGTX): This security gateway includes all features of NGTP functionality and adds Threat Extraction (which removes exploitable content and promptly delivers sanitized content to users) and Threat Emulation (which prevents infections from new malware and targeted attacks using threat sandboxing with the best possible catch rate, and is virtually immune to evasion techniques).
- Support for AWS GWLB (yes/no)
- Management: Security Gateways are managed from a Security Management Server which provides consistent security policy management, enforcement, and reporting within a single pane of glass.
- (Note that certain offerings in the AWS Marketplace include only the security gateway, others include only the management server, and one offering – CloudGuard Network Security All-In-One – includes both)
- Pricing models:
- PAYG: Pay-as-you-go pricing allows you to pay only for what you use. The AWS Marketplace pricing reflects the full price of using Check Point’s offering: payment to Check Point for the software license and payment to AWS for the AWS infrastructure resources consumed.
- BYOL: Customers who have already obtained a software license from Check Point can use these licenses; the AWS Marketplace BYOL pricing is paid to AWS for the AWS infrastructure resources consumed.
Note also that different offerings also support different sets of AWS instances.
The table below shows the differences between the nine CGNS offerings in the AWS Marketplace, as well as the instances supported by each offering.
|
** |
Security Gateway Functionality |
Security Management****Functionality |
Supports GWLB? | |
|---|---|---|---|---|
|
CloudGuard Network Security Next-Gen Firewall with Threat Prevention |
PAYG |
Threat Prevention |
Not included.Choose one of the Check Point Security Management offerings |
No |
|
CloudGuard Network Security with Threat Prevention and SandBlast |
PAYG |
Threat Prevention and SandBlast |
Not included.Choose one of the Check Point Security Management offerings |
No |
|
CloudGuard Network Security with Threat Prevention & SandBlast BYOL |
BYOL |
Threat Prevention ORThreat Prevention and SandBlast (depends on customer’s existing license) |
Not included.Choose one of the Check Point Security Management offerings |
No |
|
PAYG |
Threat Prevention |
Not included.Choose one of the Check Point Security Management offerings |
Yes | |
|
CloudGuard Network Security for Gateway Load Balancer with SandBlast |
PAYG |
Threat Prevention and SandBlast |
Not included.Choose one of the Check Point Security Management offerings |
Yes |
|
CloudGuard Network Security for Gateway Load Balancer – BYOL |
BYOL |
Threat Prevention ORThreat Prevention and SandBlast (depends on customer’s existing license) |
Not included.Choose one of the Check Point Security Management offerings |
Yes |
|
PAYG |
Threat Prevention and SandBlast |
Included |
No | |
|
PAYG |
Not included.Choose one of the CloudGuard Network Security offerings |
Included |
N/A | |
|
BYOL |
Not included.Choose one of the CloudGuard Network Security offerings |
Included |
N/A |
Please note that the AWS Marketplace offerings allow you to deploy a single gateway each time.
For AWS Cloudformation templates or more comprehensive deployments (including Auto-Scaling, High Availability, etc.), please refer to sk111013.
For more information on:
- AWS Marketplace: The main page is here
- AWS GWLB: Read this blog
- CloudGuard Network Security: See the product page here
- AWS Cloudformation templates and more comprehensive deployments: see here
- The Check Point Cloud Security Blueprint documents, which outline best practices and principles for building secure cloud deployments: see here
About CloudGuard
Check Point CloudGuard provides unified cloud native security for all your assets and workloads, giving you the confidence to automate security, prevent threats, and manage posture – everywhere – across your multi-cloud environment.
CloudGuard provides multi-layer cloud security with multiple capabilities. One of these is CloudGuard Network Security, as explained above. Organizations with on-premises environments and in the process of migrating to the cloud with CloudGuard receive unified and consistent security management of all their on-prem and cloud environments and experience the:
- Most secure, easiest and quickest cloud migration
- Lowest total cost of ownership