Check Point sees CloudGuard Log.ic as an ideal product for MSSPs, and it was designed out of the gate for that market.

Cybersecurity vendor Check Point Software Technologies has announced the release of CloudGuard Log.ic, their new cloud-native solution which provides logic-driven and context-rich security intelligence. This allows operations teams to see every IaaS and PaaS asset, understand cloud activities, and easily launch forensics. Initially, it is a product for the public cloud, but the plan is to move beyond that within the next year.

Check Point acquired this technology last fall, when it purchased Israeli startup Dome9 for $175 million. It fills what had been a limitation in Check Point’s cloud-based capabilities.

“Check Point took their main threat prevention engine and adapted it to the cloud, but a lot of stuff in the cloud didn’t fit this network-based approach,” said Zohar Alon, Head of the Cloud Product Line at Check Point, who had been the co-founder and CEO of Dome9 before they were acquired. That is why they bought Dome9.

At that time, Dome9’s offering was still in beta.

“We never reached General Availability under the Dome9 brand,” Alon said. “We never had paying customers. We had announced a beta capability in April 2018. We showed the implications that having access to massive amounts of data could lead to with Big Data analytics. Now Check Point has the ability from this technology to use logic for data analysis in the cloud, on systems that generate more and more events.”

The lack of full cloud visibility has been a major problem to effective analysis of the threat environment.

“80 per cent of the events from data flows in SIEM environments in the public cloud go unanalyzed,” Alon stated. “With this, every interaction is revealed. I can see every container talking to every load balancer. I can see them and also contextualize them, and can use any kind of schema to funnel any data through Log.ic.” Its enrichment engine  collates data from a variety of sources including VPC Flow Logs and AWS CloudTrail, and can also integrate with third-party SIEM solutions, such as Splunk and ArcSight.

The Dome9 software was repackaged and rebranded as CloudGuard Log.ic  — a pun, of sorts, on Log I See – although it is pronounced as logic. The product has also been enhanced from its Dome9 days though, as well as rebranded.

“We added a lot of awareness to the existing Check Point existing product line,” Alon said. “At Dome9, we thought we would just analyze big cloud flow logs at first, but with the integration with the endpoints and large SD WAN deployments, we have also made the product much more robust and less single-purpose, due to the acquisition.”

The plan, within a fairly short time frame, is to take Log.ic beyond the public cloud.

“At first, it is targeted at the public cloud, but by the New Year, we expect to use it to analyze other environments,” Alon indicated. “The challenge now is how to enable Log.ic across more clouds, because crunching logs and Big Data is expensive. When this is done, the solution will still be hosted in the cloud, but the idea is to let customers analyze more than just their public cloud logs, and be able to do on-prem and private cloud as well. This will be our data lake.”

Alon emphasized that Dome9 has designed the technology to work with the MSSP model, and that this capability also characterizes Log.ic.

“Today over half our sales are to large enterprises, but the rest of it splits nicely between MSSPs and emerging startups,” he said. “I had an earlier tour at Check Point before, and I established the managed security service security product line there back in 1997. I know that specialty partners and channels have the knowledge and capabilities to do things that the vendor can forget. We had over 25 partners to offer Dome9 managed services. From Day Zero, this was our play. It wasn’t just a multi-tenanted  SaaS solution. It’s MSSP to the bone, and was from the get-go.”

Alon believes that this technology, now backed by Check Point’s power in the market, will be an enormous hit with customers because it addresses a major pain point.

“Dome9 was a cool vendor in 2014, at a time when customers thought Amazon was a bookstore,” he said. “Our biggest challenge then was to stay alive until the market got there, and understood the value. When you saw the growth trajectory, you knew you would hit this trend – if you live long enough. By 2015, we knew that we weren’t going to die, and that enterprises were willing to pay for this.

“Today, I think cycles are shortening, as customers become more sophisticated. A lot of it is thanks to AWS, and the ability to do collaboration around sophisticated stuff. Developers with GitHub and Slack are also setting the mindset. Rocket science can become here and now very quickly. We don’t expect that a single customer of cloud solutions will not opt in for Cloud Log.ic, especially with Check Point not having had a cloud-based logic and analytics solution before. There is a lot of demand waiting to erupt.”

CloudGuard Log.ic is available now.