Check Point CloudGuard Log.ic
Cloud Intelligence and Threat Hunting
Check Point CloudGuard Log.ic, Amount of Logs: 1,000GB, Log Retention Period: 1 Month
Our Price: Request a Quote
- Robust logs enrichment engine
- Cloud intrusion alerts
- Log.ic ‘Explorer’ visual exploration tool
- Firehose connector into 3rd party SIEM
- Threat Cloud and CloudBots integration
- A turnkey solution that integrates with your cloud infrastructures
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Overview:
CloudGuard Cloud Intelligence and Threat Hunting, part of the CloudGuard Cloud Native Security platform, provides cloud-native threat prevention and security intelligence for the public cloud. CloudGuard uses machine learning and threat research to detect activity anomalies, and with its intuitive visualization tool, provides intrusion alerts with rapid remediation.
Product Benefits
- Bullseye Threat Prevention: detect cloud anomalies to remediate at once, and quarantine threats utilizing the world’s largest threat intelligence feed
- Security for all IaaS and PaaS cloud assets: gain full visibility and security posture awareness for ephemeral assets like: AWS Lambda, NAT Gateways, load balancers, and more
- Context-Rich Visualization: Make sense of cloud big data with fascinating visualization, intuitive querying, intrusion alerts, and notifications on policy violations
Use Cases
- Alert & quarantine public cloud threats
- Expedite security investigation processes
- Enrich 3rd party SIEM solutions with critical data on ephemeral assets and security postures
Product Features
- Robust logs enrichment engine
- Cloud intrusion alerts
- Log.ic ‘Explorer’ visual exploration tool
- Firehose connector into 3rd party SIEM
- Threat Cloud and CloudBots integration
- A turnkey solution that integrates with your cloud infrastructures
Advanced Threat Prevention
Detect anomalies, activate alert, quarantine threats, and autoremediate utilizing the largest threat intelligence feed
Unparalleled Data Protection
Real-time cloud security monitoring and protection, with troubleshooting and security posture awareness for AWS, Azure, and GCP
Cloud Security Intelligence
Enhanced cloud security with contextualized visualization, intuitive querying, intrusion alerts, and notifications of policy violations.
Advanced Multi-Cloud Security Monitoring and Analytics
CloudGuard delivers advanced security intelligence, including cloud intrusion detection, network traffic visualization, and cloud security monitoring and analytics. Its object-mapping algorithms combine cloud inventory and configuration information with real-time data monitoring from a variety of sources from Amazon AWS, Microsoft Azure and Google Cloud native log, packet capture appliance, and alert tools.
The outcome is rich contextualized information, enhanced and simplified visualization, deep event correlation, querying, intrusion alerts and notifications of policy violation, enhancing Security Operation Centers (SOC) with relevant cloud security intelligence for faster and more efficient incident response.
CloudGuard Edge
Cloud Threat Intelligence
CloudGuard ingests cloud native log and event data, delivering contextualized visualization of entire public cloud infrastructure and cloud security analytics, helping to enhance:
- Real-time intrusion detection and policy violation alerts based on user-defined criteria
- Comprehensive investigation of security threats with cloud network security analytics, streaming the world's largest security intelligence database, ThreatCloud
- Continuous extended disaster recovery with CloudBots and advanced encryption
Forensics and Threat Hunting
CloudGuard ingests cloud native log and event data, delivering contextualized visualization of entire public cloud infrastructure and cloud security analytics, helping to enhance:
- Incident Response (Cloud Forensics): Alerts on network activity and account behaviors
- Network Troubleshooting: Real-time configuration and traffic monitoring in the VPC and VNET, including ephemeral services and cloud-native platform components from Amazon AWS, Microsoft Azure, and Google Cloud Platform.
- Compliance: Instant notifications on regulatory violations and ace audits
- Threat Hunting Processes: Leverage security intelligence and predictive cloud security analytics to advancing cybersecurity threat hunting processes.
Superior Automation and SIEM Integration
Advanced cloud security monitoring automation and Event Management (SIEM), for critical insights and integration of cybersecurity tools, and robust and seamless defense.
- Precise and smooth integration with third party SIEM solutions
- Comprehensive visibility of contextualized logs into ephemeral assets and security posture awareness
- CloudGuard feeds critical insights to SIEM solutions for further investigation.
Seamless SIEM Integration
Integrating IT and security technologies with CloudGuard is easy, fast, and flexible. CloudGuard includes out-of-the-box integrations with leading SIEM vendors:
Features:
Transforming Logs Into Security Log.ic
CloudGuard Log.ic (pronounced ‘Logic’) is a cloud-native threat protection and security intelligence solution for the public cloud. The latest addition to the CloudGuard family, it enriches cloud logs with context, transforms them into readable security logic, and enables security teams to take cloud security to the next level.
Using CloudGuard Log.ic businesses can:
- See every data flow and audit trail in today’s elastic cloud environments
- Make sense of cloud data and activities to expedite investigation processes
CloudGuard Log.ic delivers cloud intrusion detection, network traffic visualization and user activity analytics. Its object-mapping algorithms combine cloud inventory and configuration information with real-time monitoring data from a variety of sources including VPC Flow Logs, CloudTrail, Amazon GuardDuty, AWS Inspector, as well as Check Point’s Threat Cloud feeds, IP reputation and geo databases.
The outcome is rich contextualized information that is used within the CloudGuard Dome9 platform for enhanced visualization, querying, intrusion alerts and notifications of policy violations. It can also be piped to third-party SIEM solutions, anywhere.
With robust threat detection at core, CloudGuard Log.ic’s CloudBots technology also extends remediation capabilities indefinitely - allowing you to create custom response to any type of network alert, audit trail, or any other.
CloudGuard Log.ic is the only platform that attributes network traffic to cloud-native ephemeral services such as Amazon Lambda functions as well as other cloud-native platform components (RDS, Redshift, ELB, ALB, ECS) to provide a complete view and understanding of your cloud infrastructure across time.
CloudGuard Log.ic uses security best practices of signature detection, built-in rules, threat intelligence feeds and existing traffic flow to create a baseline of your network and user activity. It also uses AI and anomaly detection algorithms to spot potentially unauthorised or malicious activity within your cloud environments, including serverless applications. Log.ic can provide real-time policy violation and intrusion detection alerts based on user-defined criteria to the security admin team.
Feeding off of the world’s largest IOC database: CloudGuard Log.ic leverages Check Point’s ThreatCloud to enrich logs with intelligence from various feeds, including:
- 750M+ malicious hashes, sites and C&C addresses
- 11M behavioral signatures
- 2.5M daily detections o Dozens of external feeds
Auto-remediation with CloudBots: CloudBots is a serverless framework that triggers a remediation function with a single click deployment, running entirely within your environment. Add CloudBots to create custom response to any type of network alert, audit trail, or other, and remediate threats at once with CloudGuard Log.ic.
Expedite Investigation Processes With Big Data Analytics
CloudGuard Log.ic ‘explorer’ is a visual exploration tool that allows you to analyze the network activity and traffic traversing in and out of your cloud environment. You can choose from an extensive set of predefined queries or craft custom ones using CloudGuard Dome9’s expressive yet concise query language. The Explorer visualization feature lets you see every element and traffic in your VPC at a glance, and from there, zoom into the relevant entity or connection. Use CloudGuard Log.ic’s rich contextualized visualization to fire: Deep investigation, Incident response, and Threat Hunting.
Enrich Your SIEM to See The Cloud
CloudGuard Log.ic’s firehose connector feeds the enriched log traffic in a highly contextualized JSON format to various SIEM products for further investigation. Pipe into Splunk, ArcSight, LogRythm and more, to nurture with critical data on ephemeral as sets and security posture awareness.
Documentation:
Download the Check Point Cloudguard Log.ic Datasheet (PDF).
Pricing Notes:
- All Prices are Inclusive of GST
- Pricing and product availability subject to change without notice.
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote
Our Price: Request a Quote