BlogWizCheck PointCloud SecurityCloud
Blog3 minute read

CNAPP Meets Network Security in New Partnership

Wiz and Check Point are entering a strategic partnership to bridge the gap between cloud network security and CNAPP. This partnership promises efficient risk prioritization and prevention, offering a holistic approach to end-to-end cloud security.

Wiz has established itself as a clear leader in cloud security by creating a consolidated platform that focuses on visibility and risk across IaaS and PaaS platforms. Their initial offering included misconfiguration findings, workload scanning, compliance mapping, and more. Fast forward to today, Wiz has built on that platform at an extremely fast pace, making it a one-stop shop for many cloud security needs. Wiz continues to roll out new capabilities, both home grown and through acquisition, but they always hit the mark on what customers are asking for. Some notable expansions to the platform include agent deployment, data security, remediation and response, and CI/CD pipeline integrations. However, one area that Wiz has not yet touched is network security.

Naturally, this expansion will be coming. Soon, Wiz will be stepping into the cloud network security world, but not on their own. Rather than developing this capability on their own, Wiz will be partnering with industry-leading network security vendors, such as Check Point, to build valuable integrations which will benefit both parties.

What to expect

In a recent webinar, Wiz and Check Point discussed their plans for the coming partnership and integration. Here is some of what will be coming:

Wiz will continue to do what it does best, providing capabilities such as posture management, workload protection, and code security via its platform. However, by integrating network security tools such as cloud firewalls, WAFs, and API security from Check Point's CloudGuard suite, Wiz can offer a more holistic security posture management solution. 

First, we will see an enrichment of Wiz's security graph. Check Point tools, such as a WAF, will be added to the security graph schema, showing where in the attack path one of these technologies may lie, providing necessary context. In situations where Wiz identifies that a resource is exposed to the internet, Check Point can alert Wiz that there is already a WAF in place with the correct policies to block malicious traffic. At this point, Wiz can de-escalate the issue and lower the priority. 

This integration will also utilize automations that will remediate by modifying controls on either platform. An example that was given during the webinar is as follows: Wiz identifies a vulnerability on a public cloud resource, notifies Check Point, and Check Point will automatically block affected traffic with an IPS signature on the CloudGuard network gateway. 

In summary, users will be able to prioritize and validate security risks and then proactively stop them using automationa. At the moment, there is no definitive timeline for when this integration will be available to customers, but we do know that the plan does not end with these capabilities. Check Point hopes to expand this integration past its CloudGuard suite to continue to enrich Wiz with even more data in the future.

Better together

Wiz's ecosystem of integrations is a big part of its overall success in the market. For years, customers have been looking for a way to see all of their security findings under one pane of glass in order to consolidate and prioritize. Platformization has become a big topic of discussion for this reason. However, some don't want to sacrifice the existing tools that they know in love in order to consolidate. With the integrations that Wiz supplies for their customers, other security tools can either ingest or enrich Wiz data to give their customers a bigger picture without having to flip between tools. 

WWT can help you better understand how to prioritize your security risks across disparate platforms. Please contact us to learn more!

Technologies