Full Protection Mode

In CloudGuard, there are two modes to manage Amazon AWS Security Groups:

  • Full Protection

  • Read-Only

Full Protection provides the CloudGuard administrator with full control of AWS security policy definition, access leases, and the ability to interact with dynamic policy objects.

Full Protection

In Full Protection mode, you can manage an AWS Security Group only through CloudGuard. CloudGuard detects attempts to modify a security group from the AWS environment (such as the AWS console), which trigger Tamper Protection and can also send an alert/notification. CloudGuard overrides the change that is made and reverts it back to the definition of the Security Group defined in CloudGuard.

The alerts and notifications initiated from Tamper Protection occur when you turn on Full Protection for the desired regions in your cloud account. CloudGuard locks down the configuration of the security groups within that region to ensure that the security group stays properly configured.