Recent years have seen a noticeable increase in large-scale cyberattacks that compromise a significant amount of sensitive data or cause substantial business disruption. Check Point Software Technologies Ltd. collectively refers to such breaches as “Gen V” threats, the risk of which it’s hoping to mitigate with its latest offering.

Unveiled today, CloudGuard is a set of security tools designed to protect companies’ infrastructure- and software-as-a-service deployments. An off-premises environment can often be tricky to protect since it’s hosted by a third-party provider rather than on a company’s internal hardware. The main challenge is that security policies have to be enforced individually on each provider’s platform, which increases the risk of human error for enterprises that use a lot of cloud services.

“We see time and time again that there is complacency about cloud security,” said Don Meyer, Check Point’s head of product marketing. “Cloud providers make sure the infrastructure is available, but it’s the customer’s responsibility to protect whatever they do there.”

CloudGuard aims to provide “comprehensive cyber protection for the cloud.” For IaaS environments, the toolkit offers automated threat detection and centralized administrative controls meant to ease policy enforcement. Companies looking to protect SaaS deployments such as a Box repository, meanwhile, have access to similar capabilities as well as technology Check Point dubs Guard ID.

In particular, the software is aimed at account takeovers, which the company said comprise about half of all breaches of enterprise SaaS applications. Account takeover is a form of hijacking in which users are coaxed to give up their credentials via phishing, spyware or malware scams. The company says it has patent-pending technology that incorporates machine learning, user behavior analysis and device information to protect against those threats.

Such takeover attacks pose a major security issue, with one recent study finding that one in nine online accounts is opened fraudulently. Check Point says Guard ID can automatically block unauthorized users and login attempts from compromised employee devices. 

The mechanism is complemented by an automated data protection engine. According to Check Point, CloudGuard lets companies require that important records be encrypted and prevent attempts by authorized users to share such sensitive data. It integrates with a customer’s existing directory and authentication services to support whatever policies the company has defined. “If we see in the policy engine that something should be encrypted and it isn’t, we can prevent access to that data,” he said.

Check Point is also bringing its “sandboxing” features to cloud documents. Sandboxing intercepts documents containing macros or executable code and strips out the potentially harmful material, delivering a sanitized document to the end user. Meyer said such payloads are increasingly being delivered via cloud applications like Google Docs and Office 365.

“Malware running in a Google Doc can hit a PC, and when that PC connects to the corporate network, it essentially provides a protected tunnel to infect the network,” he said. “There are few mechanisms in place to prevent that lateral spread.”

To top it all off, the suite offers integration with the provider’s other products, which enables enterprises to centrally enforce rules across cloud environments and employee devices. The IaaS protection component of CloudGuard is available immediately while the SaaS-focused features are expected to roll out early in the second quarter.

With reporting by Paul Gillin

Image: Unsplash