When
Check
Point
Software
acquired
Israeli
startup
Spectral
a
year
ago,
it
joined
the
ranks
of
other
network
security
providers
acknowledging
the
growing
threat
of
software
supply
chain
attacks.
Spectral
helped
fill
a
critical
gap
in
CloudGuard,
Check
Point’s
unified
threat
protection
and
network
security
platform
for
public
and
hybrid
clouds,
with
its
code
scanning
and
leakage
detection
tools.
Spectral
offers
infrastructure
as
code
(IaC)
scanning,
code-tampering
prevention,
hardcoded
secrets
detection
source
controls,
and
CI/CD
security
and
source
code
leakage
detection
tools.
It
provided
the
underpinning
of
Check
Point’s
Cloud-Native
Application
Protection
Platform
(CNAPP),
which
is
now
part
of
CloudGuard,
one
of
four
core
Check
Point
product
lines.
Understanding
the
Role
of
CNAPP
CNAPP
is
gaining
a
lot
of
attention
as
developers
shift
to
cloud-native
application
development
to
support
new
business
applications
and
digital
transformation
initiatives.
Gartner
describes
CNAPPs
as
“an
integrated
set
of
security
and
compliance
capabilities
designed
to
help
secure
and
protect
cloud-native
applications
across
development
and
production.”
Developers
are
increasingly
relying
on
open
source
code
and
microservices
from
a
widely
distributed
and
often
vast
community
to
compose
their
containers
and
serverless
functions.
While
the
source
code
may
come
from
an
established
ecosystem,
it
is
common
for
some
components
to
have
roots
from
unknown
or
obsolete
sources.
CNAPP
enables
organizations
to
establish
DevSecOps
processes
where
software
developers
take
the
lead
in
discovering
potential
flaws
in
code
before
deploying
application
runtimes
into
production,
says
Melinda
Marks,
a
senior
analyst
at
Enterprise
Strategy
Group.
“This
is
important
for
preventing
security
issues
before
you
deploy
your
applications
to
the
cloud
because
once
you
deploy
them,
they’re
available
for
the
hackers,”
Marks
says.
Agentless
Scanning
and
Other
New
Features
After
integrating
Spectral’s
tools
into
CloudGuard
upon
completing
last
year’s
acquisition,
Check
Point
added
some
critical
new
capabilities
to
the
CNAPP,
rolled
out
this
month,
including
permissions
and
entitlement
management,
agentless
scanning,
and
deeper
risk
scoring
of
an
organization’s
entire
environment.
Check
Point
officials
underscored
the
company
CNAPP
push
last
week
during
its
annual
CPX
360
event
in
New
York.
“We
significantly
enriched
the
platform
to
address
many
important
elements
of
the
cloud-native
control
environment,”
Check
Point
chief
product
officer
Dorit
Dor
tells
Dark
Reading.
Check
Point
also
announced
plans
to
feed
all
data
from
CloudGuard
to
its
new
Horizon
Events,
a
unified
dashboard
that
gathers
logs
from
the
entire
Check
Point
ecosystem.
Check
Point
introduced
Horizon
Events
late
last
year,
and
an
early
access
version
is
now
available.
For
Check
Point,
adding
CNAPP
to
CloudGuard
was
critical.
Check
Point’s
key
competitors
are
also
on
the
CNAPP
bandwagon.
Among
them,
Palo
Alto
Networks
has
significantly
emphasized
its
Prisma
Cloud,
which
recently
gained
added
Software
Composition
Analysis
(SCA)
and
Secret
Scanning
capabilities.
In
December,
Palo
Alto
Networks
acquired
supply
chain
security
tool
provider
Cider
Security.
Check
Point
Shares
CNAPP
Roadmap
Dor
touted
Spectral’s
“very
strong”
secret
scanning
capabilities.
She
explained
that
developers
could
plug
it
into
their
CI/CD
environments
and
implement
policies
as
code
through
open
policy
agents.
Dor
presented
the
roadmap
for
CloudGuard,
noting
that
Check
Point
is
looking
to
implement
more
AI.
Check
Point
plans
to
improve
observability
and
visibility
to
help
developers
identify
malicious
code.
Also
in
the
pipeline,
Check
Point
is
working
on
allowing
CloudGuard
to
handle
the
entire
software
bill
of
materials
(SBOM)
lifecycle,
ultimately
enabling
and
enforcing
them.
Check
Point
is
also
working
on
enhancing
how
CloudGuard
works
with
network
security.
“Network
Security
has
been
there
for
a
long
time;
we
have
a
very
mature
network
security
solution,”
Dor
said.
“But
the
challenge
now
is
to
make
it
speak
more
of
the
language
of
the
developers.”
Check
Point
is
addressing
that
by
integrating
network
security
into
its
AWS
Security
framework
and
offering
it
with
the
AWS
network
security
as
a
service.
Dor
noted
that
Check
Point
recently
integrated
CloudGuard
network
security
with
Microsoft
Azure,
allowing
administrators
to
manage
their
Microsoft
environments.
“It’s
a
space
for
continuous
investment,”
Dor
said.
With
a
direction
toward
multi-cloud
coverage,
the
goal
is
to
enable
it
to
“support
your
developers
natively
and
to
support
the
system
administration
and
giving
you
one
cloud
control
plane.”
About Author
