Cloud App Security lack of integration with checkpoint FW

%3CLINGO-SUB%20id%3D%22lingo-sub-113808%22%20slang%3D%22en-US%22%3ECloud%20App%20Security%20lack%20of%20integration%20with%20checkpoint%20FW%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-113808%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20cloud%20app%20security%20as%20part%20of%20our%20microsoft%20estate%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20also%20have%20checkpoint%20firewalls%20as%20our%20main%20firewall%20for%20our%20on%20site%20security%3C%2FP%3E%3CP%3EUnfortunatley%20according%20to%20the%20compatibility%20matrix%20for%20the%20two%20products%20this%20is%20one%20of%20the%20least%20compatible%26nbsp%3B%20match%20ups%20we%20could%20have.%3C%2FP%3E%3CP%3EWhy%20both%20microsoft%20and%20checkpoint%20are%20major%20security%20players%20..%20checkpoint%20is%20still%20the%20major%20firewall%20producer%20.%3C%2FP%3E%3CP%3EIt%20works%20for%20shadow%20IT%20but%20we%20cant%20see%20users%20or%20data%20quantities%20which%20is%20a%20real%20pain%20to%20be%20honest.%3C%2FP%3E%3CP%3EIf%20we%20had%20palo%20alto%20we%20would%20be%20able%20to%20see%20all%20of%20this%3C%2FP%3E%3CP%3EIs%20this%20likely%20to%20change%20anytime%20soon%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-113808%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-160605%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud%20App%20Security%20lack%20of%20integration%20with%20checkpoint%20FW%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-160605%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Mical.%3C%2FP%3E%0A%3CP%3EWe%20will%26nbsp%3Bfollow%20up%20with%20our%20colleagues%20in%20CheckPoint%20of%20the%20extend%20support%20you%20described.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECC%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F112613%22%20target%3D%22_blank%22%3E%40Danny%20Kadyshevitch%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-160586%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud%20App%20Security%20lack%20of%20integration%20with%20checkpoint%20FW%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-160586%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20all%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eunderstand%2C%20but%20I%20guess%20that%20Checkpoint%20has%20these%20attributes.%20But%20of%20course%20you%20have%20to%20have%20appropriate%20license%2Fblade%20activated.%26nbsp%3BCheckpoint%20has%20Identity%20Awareness%20blade%2C%20which%20collects%20for%20example%20Active%20Directory%20users%2Fcomputers%20and%20extend%20its%20log%20information%20with%20this.%20Also%20there%20is%20way%20to%20enable%20Application%20Control%2FURL%20filtering%2FIPS%20blade%2C%20switch%20on%20accounting%20information%26nbsp%3Bon%20firewall%20rules%20to%20gather%20traffic%20data%2C%20and%20show%20such%20a%20information%20in%20Event%20Manager%2C%20Report%20Manager%2C%20guess%20there%20should%20be%20some%20way%20how%20to%20extend%20support%20of%20CheckPoint%20devices%20for%20CloudApp%20Security.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-113938%22%20slang%3D%22en-US%22%3ERe%3A%20Cloud%20App%20Security%20lack%20of%20integration%20with%20checkpoint%20FW%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-113938%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Steve%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECloud%20App%20Security's%20Shadow%20IT%20Discovery%20is%20based%20on%26nbsp%3Binteligent%3CSPAN%3E%26nbsp%3Banalysis%20of%26nbsp%3Btraffic%20logs%26nbsp%3Bgenerated%20by%20the%20customer's%20Proxy%2FFirewall.%26nbsp%3BThefore%2C%20the%20granualrity%20of%20the%20Discovery%20report%20and%20the%20ability%20to%20provide%20visibilty%20into%26nbsp%3Bspecific%20users%20and%20data%20quantities%20tightly%20relies%20on%20the%20data%20logged%20in%20the%20traffic%20by%20the%20appliance.%26nbsp%3BCloud%20App%20Security%20cannot%20show%20or%20analyze%20attributes%20that%20are%20not%20included%20in%20your%20logs.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EAs%20you%20saw%20in%20the%20compatibiltiy%20matrix%20(available%20at%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fset-up-cloud-discovery%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fset-up-cloud-discovery%3C%2FA%3E)%2C%20Checkpoint%20Firewalls%20do%20not%20include%20username%20nor%20data%20quanitites%20information.%3C%2FP%3E%0A%3CP%3EUnfortunatley%2C%20I%20am%20not%20aware%20of%20any%20plans%20from%20Checkpoint%20to%20add%20these%20attributes.%20However%2C%20I%20can%20assure%20you%20that%20once%20they%20are%20added%20Cloud%20App%20Security%20will%20support%20them.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3ENiv%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

We have cloud app security as part of our microsoft estate 

We also have checkpoint firewalls as our main firewall for our on site security

Unfortunatley according to the compatibility matrix for the two products this is one of the least compatible  match ups we could have.

Why both microsoft and checkpoint are major security players .. checkpoint is still the major firewall producer .

It works for shadow IT but we cant see users or data quantities which is a real pain to be honest.

If we had palo alto we would be able to see all of this

Is this likely to change anytime soon ?

3 Replies

Hi Steve,

 

Cloud App Security's Shadow IT Discovery is based on inteligent analysis of traffic logs generated by the customer's Proxy/Firewall. Thefore, the granualrity of the Discovery report and the ability to provide visibilty into specific users and data quantities tightly relies on the data logged in the traffic by the appliance. Cloud App Security cannot show or analyze attributes that are not included in your logs.

As you saw in the compatibiltiy matrix (available at https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery), Checkpoint Firewalls do not include username nor data quanitites information.

Unfortunatley, I am not aware of any plans from Checkpoint to add these attributes. However, I can assure you that once they are added Cloud App Security will support them.

 

Thanks,

Niv

 

 

Dear all,

 

understand, but I guess that Checkpoint has these attributes. But of course you have to have appropriate license/blade activated. Checkpoint has Identity Awareness blade, which collects for example Active Directory users/computers and extend its log information with this. Also there is way to enable Application Control/URL filtering/IPS blade, switch on accounting information on firewall rules to gather traffic data, and show such a information in Event Manager, Report Manager, guess there should be some way how to extend support of CheckPoint devices for CloudApp Security.

Thanks Mical.

We will follow up with our colleagues in CheckPoint of the extend support you described.

 

CC - @Danny Kadyshevitch