Blog
ExtraHop Reveal(x) for AWS + Check Point
Automated Event-Driven Security in the Cloud
Stephen DeSanto
February 27, 2020
Defense-in-depth exists as a cloud security best practice because perimeter-focused tools designed to prevent attacks can't protect your AWS environment on their own. You also need the ability to quickly detect and mitigate the impact and spread of successful attacks.
The new ExtraHop Reveal(x) for AWS integration with Check Point security gateways enables cloud-focused security teams to take automated action on suspect domains and IP addresses used to stage the successful attacks that avoid detection at the perimeter.
Watch the video below for a quick overview of how the integration works. You can also keep reading for more information about the new integration's value and how to get started.
Here's a 2-Minute Video About How It Works
How It Works:
When Reveal(x) for AWS detects a high-risk security threat, it sends a message through AWS Simple Notification Service (SNS) to a subscribed AWS Lambda function. An AWS Lambda function subscribed to the SNS topic receives the message with detection participants and takes automated action on the offender's IP address.
Why It's Valuable:
Reveal(x) for AWS uses Amazon VPC Traffic Mirroring to bring agentless network detection and response (NDR) to the cloud. ExtraHop captures copies of network traffic packets and analyzes the data with cloud-scale machine learning to detect successful attacks and power response automation.
ExtraHop applies analytics and machine learning to all east-west and north-south traffic, providing broad visibility, detection, and investigation across the entire attack surface.
By natively integrating with Check Point Identity Awareness gateways, Amazon SNS, and AWS Lambda, Reveal(x) for AWS eliminates the need to use direct API calls to target individual firewalls. Instead, AWS Lambda encodes the targets as a single environment variable, significantly reducing configuration.
How to Get Started:
To get started using the Reveal(x) integration with Check Point, visit the ExtraHop Solution Bundles Gallery and download the Check Point Integration Awareness Integration bundle.
You can also find a video that provides step-by-step instruction for getting your integration up and running.
Discover more