Introduction to CloudGuard CNAPP

Check Point CloudGuard Cloud Native Application Protection Platform (CNAPP) is a SaaS platform that provides unified, cloud-native security across your applications, workloads, and network. You can use it to automate security, prevent threats, get compliance and manage posture for all of your cloud environments: from Amazon AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. and Microsoft Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. to GCP Google® Cloud Platform - a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube., Kubernetes Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts., and more.

Protect your Private and Public Clouds

CloudGuard CNAPP Cloud-Native Application Protection Platform - a cloud-native security model that encompasses Cloud Security Posture Management (CSPM), Cloud Service Network Security (CSNS), and Cloud Workload Protection Platform (CWPP) in a single holistic platform. ensures network security and enforces security policy, prevents changes not approved, and enforces the previously defined configuration. Regardless if you use public or private clouds, CloudGuard CNAPP facilitates server configuration management. Its flexible security management tools ensure compliance and decreases configuration errors and possible breaches.

Its powerful layer of Threat Intelligence transforms cloud big data into high-definition, actionable security logic. Customize alerts and built-in queries, quarantine threats, and stop attacks in progress.

Secure Kubernetes Containers

CloudGuard CNAPP offers a depth of coverage for all container types, rich visualization of cloud assets, and an assessment of security posture to quickly identify misconfiguration issues and threats. Understand at a glance what is running in your container environment and how it is configured. Visualize Kubernetes data flows and get visibility of container misconfigurations and anomalies.

Create and Manage Custom Compliance Rules

Create custom compliance rules with intuitive GSL language, and align with NIS and CIS security benchmarks, with the largest number of rulesets and compliance frameworks across cloud environments.

Overview of the Main Menu

The main menu along the left side of the main screen provides navigation to the CloudGuard pages and features. You can search through the menu items with the search bar located above the menu (Search Navigation). Start to enter the name of the page, and CloudGuard offers you a list of menu items with this name.

The menu options appear as sections in this Administration Guide.

Note - The search of the Code Security menu items is not supported.

Menu Icon	Section in this Guide	Description
	Introduction to CloudGuard Getting Started with CloudGuard	Get to know CloudGuard: Learn the user interface Learn how to onboard new environments Go over basic configurations See Dashboards
	Risk Management	Maximize the productivity of security teams Increase visibility of each asset's risk score
	Events	See the Posture Findings, Threat and Security Events that occur in your cloud environments, based on configured policies See the finding details in the CloudGuard portal or receive messages to different notification targets, such as email and SNS
	Assets	Manage protected assets in onboarded environments in CloudGuard Configure and manage Organizational Units
	Cloud Security Posture Management (CSPM)	Assess the compliance of your cloud environments Select built-in rulesets or build your compliance test rulesets
	Network Security	Visualize the security policies in your environments Protect and manage your cloud assets, such as Security Groups Control access to cloud assets
	Cloud Infrastructure Entitlement Management (CIEM)	Reduce your attack surface by ensuring that cloud entitlements or permissions respect the principle of least privilege See Cloud Users and Cloud Roles
	Workload Protection	Manage serverless functions in your AWS environments and Kubernetes clusters Use Image Assurance to analyze Kubernetes and Container Registry A collection of repositories used to store and access container images. images at each stage of their life cycle Use Admission Control to help you configure and control operations for Kubernetes clusters
	Cloud Detection and Response (CDR)	Use Intelligence to hunt for and visualize threats and anomalous behavior in your environments through cloud log files
	Code Security	Build the Code Security functionality into your CI/CD pipeline to detect and prevent risk in cloud deployments
	Reports	Generate reports that show summaries, trends, and insights based on data that CloudGuard collects.
	Integration Hub	Enable seamless integration with internal and external third-party applications, APIs, and services.
	Settings	Manage your CloudGuard account Configure users and roles, organizational units Create and manage notifications for security policies Learn how to install and use the CloudGuard mobile app to gain access to your protected environment (IAM Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations. Safety)