CloudGuard Network Security for Public Clouds
Built for agility and architected for prevention, CloudGuard Network Security delivers unified security, centralized management, and cloud-native automation across all public cloud environments.
Automated, Unified Security for Public Cloud Environments
CloudGuard Network Security brings prevention-first protection, dynamic policy enforcement, and full-stack automation to public cloud infrastructure while extending consistent security across hybrid and multi-cloud environments.
Cloud-Native, Cloud-Ready
One Policy Across All Clouds: Apply a single, unified firewall policy to AWS, Azure, GCP, and OCI using dynamic cloud tags and objects, no matter how fast your infrastructure changes.
Elastic Security for Elastic Workloads
Automate Everything, from Scaling to Provisioning: CloudGuard integrates with cloud-native scaling tools and CI/CD pipelines to deploy and adapt security at cloud speed.
Threat Prevention at Cloud Speed
Stop Threats in Their Tracks: Protect cloud traffic, east-west and north-south, with advanced AI-driven threat prevention. Leverage automation to respond instantly across regions and workloads.
Protecting Multi-Cloud and Hybrid-Clouds with CloudGuard Network Security
Learn how Check Point CloudGuard Network Security delivers unified protection across multi-cloud, hybrid, and private cloud environments, along with best practices, architectural guidance, and real-world use cases in AWS, Azure, and Nutanix.
Read the White Paper
Native Integration With Leading Providers
CloudGuard Network Security brings unified management, automated provisioning, and dynamic object discovery with automatic policy updates for all leading cloud service providers
- Amazon Web Services (AWS Marketplace) Integrates natively with AWS services such as GuardDuty, Security Hub, Gateway Load Balancer, Transit Gateway, Cloud WAN, and VPC Flow Logs.
- Microsoft Azure (Azure Marketplace)
Integrates natively with Microsoft Sentinel, Azure Virtual WAN, Gateway Load Balancer, and Defender for Cloud. - Google Cloud Platform (GCP Marketplace)
integrates with Google Cloud Load Balancers, Deployment Manager, Google Cloud-native objects, and Packet Intercept for WAN support. - Oracle Cloud Infrastructure (OCI Marketplace)
Integrates with Oracle’s network load balancer and dynamic routing gateways, and segmentations, providing seamless cloud-to-on-prem connectivity. - Private Clouds and More (Learn More)
Fully automated and seamless integrations with VMware, Cisco ACI/ISE, OpenStack, Nutanix, Nuage, and Kubernetes.
Hear How Check Point Achieves 100% Score in CyberRatings Cloud Firewall Test
Enterprise-Grade Security for Public Cloud and Hybrid Environments
CloudGuard delivers a single, cloud-native solution to prevent threats, automate enforcement, and manage policies across all your public cloud and hybrid infrastructure.
- Real-Time Threat Prevention and Response
Stop zero-day attacks and advanced malware before they impact your cloud workloads powered by ThreatCloud AI and automated response playbooks. - Unified, Tag-Driven Policy Enforcement
Write policies once and apply them everywhere, across public clouds, using cloud-native constructs like tags, labels, and metadata for dynamic enforcement. - East-West and North-South Cloud Traffic Protection
Segment cloud networks and inspect lateral traffic between services and VPCs/VNETs using identity and application-aware controls. - Seamless Cloud-Native Automation
Built for DevOps speed! Deploy and scale security using Terraform, REST APIs, and CI/CD pipelines without manual configs or bottlenecks. - Centralized Control with Full Cloud Awareness
Manage policy, visibility, and logs across clouds with dynamic object sync and real-time updates.
Consistent. Scalable. Cloud-Native.
CloudGuard Network Security delivers comprehensive protection across AWS, Azure, GCP, and OCI, combining IPS, AV, Anti-Bot, Threat Emulation, and AI-powered detection with dynamic object management, scalable automation, and centralized policy control.
Security
- Blocks known and unknown threats at cloud scale, securing both east-west and north-south traffic across VPCs, VNets, and regions.
- Enables full-stack visibility and granular access control within dynamic, distributed cloud architectures.
- Maintains continuous protection as assets and tags change; no manual rule updates are required.
Management
- Enforces unified security across public cloud gateways and environments from Smart-1 Cloud.
- Automatically adapts to changes in cloud infrastructure using metadata, labels, and cloud-native inventory.
- Supports secure, multi-team collaboration with role-based access and SSO integration.
Deployment
- Natively integrates with AWS Auto Scaling, Azure VMSS, GCP MIG, and more via CME and API-driven provisioning.
- Easily fits into DevOps pipelines using Terraform, REST APIs, and template-based onboarding.
- Delivers repeatable, reliable deployments across hybrid and multi-cloud environments.
CloudGuard Network Security Features
Enterprise-grade cloud firewall protection tailored for dynamic public cloud environments, with unified policy, automated scaling, and AI-driven threat prevention. Designed for elasticity and speed, CloudGuard Network Security empowers security and platform teams to enforce adaptive controls, integrate with native cloud tooling, and respond instantly to threats across multi-cloud and hybrid deployments from a single, centralized management plane.
Efficiency & Scale
Accelerate secure public cloud operations with dynamic object awareness, scalable gateway automation, and policy enforcement that evolves as your cloud environment grows.
- Infrastructure-Aware Policy Automation
Continuously adapts security policies based on real-time updates to cloud-native tags, labels, and dynamic infrastructure metadata across AWS, Azure, GCP, and OCI. - Built-In CI/CD and IaC Integration
Supports Terraform, REST APIs, and automation tools like Ansible for zero-touch provisioning and GitOps workflows while maintaining consistent security at deployment time. - Template-Driven Gateway Management at Scale
Provision and manage gateways in public clouds using scalable templates and profiles, enabling platform teams to enforce at scale.
Visibility & Control
Gain centralized control and deep visibility into your multi-cloud infrastructure with dynamic object management, real-time event detection, and robust integrations.
- Unified Policy & Object Control
Apply and manage consistent, reusable, and self-adapting policies across AWS, Azure, GCP, and hybrid environments from a single console or API with dynamic object syncing. - Automated Event Triggers
Use rules to detect cloud-specific behaviors or anomalies and trigger alerts, scripts, or remediation in real-time. - SIEM and API Integration
Integrate with your SIEM of choice, Splunk, QRadar, ArcSight, and more, using encrypted Syslog, JSON, LEEF, and REST APIs for full event pipeline coverage.
Resilience & Prevention
Block threats across public clouds before they cause damage with AI-driven prevention, elastic high availability, and automated response actions.
- Prevention-First Architecture
Stop zero-days, malware, and exposed workloads with CVEs in real-time with IPS, sandboxing, content disarm, and ThreatCloud AI-powered analysis. - Built-In Resilience at Scale
Ensure always-on protection with cloud-native high availability using ElasticXL and secure, synchronized gateway clusters across availability zones. - Automated Threat Response Across The Enterprise
Uses Infinity Playblocks to isolate assets, block malicious activity, and update policies dynamically across the environment – from clouds to endpoints.
Built for Every Cloud Stakeholder
CloudGuard Network Security delivers robust, scalable protection tailored to the priorities of every team, from executive leadership to security operations and cloud engineering.
Whether you’re reducing risk, automating infrastructure, or accelerating cloud transformation, CloudGuard provides the prevention, visibility, and control to meet your goals without slowing you down.
For Security Operations & Response
Detect, investigate, and respond faster with high-fidelity alerts, actionable context, and automation that keeps your team ahead of threats.
Focus on What Matters With High-Fidelity Signals
Leverage ThreatCloud AI and SmartEvent to surface real threats with low false positives, enriched with cloud context, identity data, and behavioral analysis.
Investigate Faster With Unified Visibility
Centralize logs and events across all cloud gateways in Smart-1 Cloud and stream them in structured formats in real-time to SIEM platforms like Splunk, QRadar, and others.
Respond in Real Time With Automated Playbooks
Use Infinity Playblocks to trigger containment actions, isolate assets, and update firewall policies dynamically across cloud and hybrid environments.
Keep Policies Clean and Scalable Across Clouds
Manage rule changes, cleanup, and policy tuning from a single console-automated by tags, synced with cloud infrastructure, and ready for audit or rollback.
For Cloud Infrastructure & Operations
Deliver scalable, automated security without slowing down your cloud pipelines or disrupting platform teams.
Deploy and Scale Security Natively in the Cloud
Provision gateways across AWS, Azure, GCP, and OCI using Cloud Management Extension (CME), with full support for auto-scaling groups, VMSS, and MIG. Scale up or down automatically.
Automate Everything With IaC, APIs, and CI/CD
Integrate security into Terraform, REST APIs, and GitOps pipelines using SmartProvisioning and CME. Keep security deployment in lockstep with your infrastructure code.
Build Policies That Adapt to Infrastructure
Use dynamic tags, labels, and metadata from your cloud providers to keep policies up to date with no IP lists or manual rules to maintain.
Protect Workloads Without Adding Agents
Secure traffic between services, containers, and regions using agentless threat prevention and native integration with Kubernetes, Transit Gateway, and vWAN.
For Executive & Security Leadership
Drive measurable risk reduction, enforce consistent governance, and scale cloud security in lockstep with your enterprise strategy.
Reduce Risk Exposure Across Multi-Cloud Environments
Block advanced threats like zero-day attacks and ransomware before they reach your workloads-powered by ThreatCloud AI and real-time cloud-native threat prevention.
Enforce Policy and Governance at Scale
Standardize enforcement across AWS, Azure, GCP, and hybrid environments using dynamic, tag-driven policies managed from Smart-1 Cloud, with complete visibility and auditability.
Align Security with Cloud Strategy and Business Goals
Support secure cloud adoption and zero trust initiatives with security that integrates natively into cloud architectures, from WAN hubs to CI/CD pipelines.
Maximize ROI with Unified Security Operations
Consolidate network security, logging, and automation into a single cloud-delivered platform to reduce tool sprawl, operational complexity, and total cost of ownership.
Learn More About CloudGuard Network Security
Learn more about the intricate features and capabilities that make the Cloud Network Security cloud-adapted next-gen firewall the industry-leading security solution for private clouds, multi-cloud, and hybrid cloud environments, as independently tested and assessed by multiple analysts.
Merging Network and App Firewalls into the Cloud Prevention Mesh
Learn about CloudGuard Network Security’s policy-driven framework that blocks attacks across clouds and throughout the enterprise.
CloudGuard Network Security at a Glance
Discover how CloudGuard Network Security brings unified, zero-day-ready protection to your cloud with automated enforcement and unified control.
