There are multiple types of cloud security solutions to help organization reduce risk and improve security. Among them are:
- Cloud Workload Protection Platforms. Cloud workload protection technologies work with both cloud infrastructure as well as virtual machines, providing monitoring and threat prevention features.
- Cloud Access Security Brokers (CASB). Another category of cloud security solutions is often identified as Cloud Access Security Broker (CASB) platforms, which monitor activity and enforces security polices from an access perspective.
- SaaS. There are also a broad range of security tools and technologies that are delivered from the cloud, in a software-as-a-service (SaaS) model to help protect both cloud as well as on-premises workloads. Explore leading SaaS companies to learn about the overall SaaS market.
Cloud security solutions suites may well include capabilities from both cloud workload and CASB technologies, to help provide a comprehensive set of features to secure cloud access and deployments.
What should you know when selecting a cloud security solution for your business?
- Protection Features. It's important to identify the workloads you need to protect and ensure that the cloud security solution provides protection features that are appropriate for the given workload.
- Policy Integration. Organization often have on-premises directory systems; it's important to make sure that a given cloud security solution can integrate with existing policy systems and provide a uniform policy.
- Multicloud Scope. Given that so many companies now use a multicloud strategy, a solution must have the ability to work in a multicloud scenario, with diverse types of deployments. Vendor lock-in is to be avoided.
Below we outline the capabilities of 8 top cloud security solution providers that can help organizations to improve security posture and reduce risk. The vendors listed below cross multiple categories of cloud security solution, including both workload protection and CASB.
Check Point's CloudGuard platform has multiple capabilities to help organizations maintain consistent security policies and protect different types of cloud deployments. The platform encompasses security for both IaaS (infrastructure as a service) as well as SaaS (software as a service) cloud use cases.
A key differentiator for CloudGuard is the platform's SmartConsole, which offers the promise of multicloud visibility for security policy and control from within unified graphical user interface. With CloudGuard, organizations also benefit from the ability to protect workloads at the virtual machine level. This enables security policies to migrate with the workloads as they move between on-premises deployments and different cloud environments.
Ease of deployment is often highlighted by organizations as being a key benefit of the Check Point CloudGuard platform.
CloudPassage Halo is a cloud workload security solution that integrates a number of differentiated capabilities into its platform.
At the core of Halo is visibility across different workloads, including both cloud and servers to identify insecure configuration and to help organization maintain compliance with different regulatory and security policy requirements. CloudPassage takes an agent based approach to provide visibility across different workloads and deployments.
Looking beyond visibility, key differentiators for CloudPassage Halo include the platform's software vulnerability assessment and secure configuration assessment capabilities.
Lacework provides cloud workload protection for public cloud infrastructure. The Lacework platform continuously monitors cloud deployments for changes that could be indicative of misconfigurations or potential attacks.
Alerts are ranked based on criticality and context, which is an area of differentiation for Lacework, with its Polygraph feature. With Lacework's polygraph, there is a visual representation of different cloud assets, workloads, APIs and account roles to provide better context into how everything relates, which is critical to having the right context for security.
Users of the Lacework platform also benefit from regular reporting that provides insights into best practices and risks, to help further improve cloud workload security.
Netskope is generally ranked by analysts as being a Cloud Access Security Broker (CASB), though the company's Security Cloud platform now integrates a broad set of capabilities that goes beyond just securing cloud access.
Netskope's platform provides cloud access security, advanced threat protection and data protection. The Data Loss Prevention (DLP) capabilities are particularly powerful as they enable organization to identify and protect sensitive and personally identifiable information, wherever it is in a cloud deployment.
A key differentiator for Netskope is its CloudXD technology, which provides contextual detail about activity that can be used by enterprises to better understand both risks as well as overall cloud usage.
Palo Alto Networks has multiple cloud security solutions within its portfolio that provide different types of capabilities.
Palo Alto Networks acquired RedLock in October 2018, bringing in Cloud Workload Protection platform capabilities that provide public security and compliance. Capabilities from RedLock are being combined with features from Palo Alto's Evident platform to provide cloud security analytics, advanced threat detection, continuous security, and compliance monitoring. Misconfiguration identification and the ability to identify potentially vulnerable host systems are core features of the platform.
Among the key differentiators of the RedLock by Palo Alto Networks platform is the ability to conduct threat investigations across cloud workload deployments to help identify and remediate threats. The system also benefits from an artificial intelligence engine that correlates resource configuration, user activity, network traffic, host vulnerabilities and threat intelligence to create context for cloud workload security.
There are a number of different technologies for cloud security within the expansive Symantec cybersecurity portfolio. Among them is Symantec Cloud Workload Protection, which can automatically discover what an organization is running across multicloud deployments
Aside from cloud visibility, which is often a blind spot for some organizations, Cloud Workload Protection integrates monitoring for unauthorized changes, file integrity and user activity. A key differentiator is the platform's application binary monitoring capabilities, which can identify potential corruption in application code.
Another strong key feature is the platform's ability to help identify misconfigured cloud storage buckets, which could potentially be leaking corporate information.
Cloud visibility, monitoring and alerting are core capabilities of the Threat Stack Cloud Security platform. The real differentiator for Threat Stack, however, is in the platform's focus on identifying cloud intrusions and then working with different tools to remediate whatever the threat.
Tracking various threats is enabled via the dashboard, which provides insight into cloud configuration, potentially vulnerable servers and status of alert remediation.
Regulatory compliance with different regulatory certification efforts is another key capabilities of the platform, with compliance rule set templates designed to make it easier for organizations to have the right configuration and controls in place for cloud workloads.
Adding elastic security policies for cloud servers as they are deployed is among the key attributes of Trend Micro's Deep Security for Hybrid Cloud.
If security issues are detected, Deep Security's dashboard interface provides actionable insights to help rapidly remediate.
Among Deep Security's key differentiators is its integration with Trend Micro's extensive threat defense capabilities, delivering additional context about potential threats that organizations need to consider and defend against.
Cloud Security Solutions Comparison Chart
|Check Point Cloud Guard||Workload security for both on-premises and cloud virtualized workloads||Automated deploymentSecurity policy control and enforcement||SmartConsole for multi-cloud visibility||On request|
|CloudPassage Halo||Regulatory and security policy compliance||Workload visibilityLog based intrusion detection||Software vulnerability assessment and secure configuration assessment capabilities||All three versions are licensed by usage level, with automatic discounts as usage increases.|
|Lacework||Cloud workload protection for public cloud infrastructure||Monitoring of workloads for changesBest practise guidance for workload security||Polygraph features for visual representation cloud assets, workloads, APIs and account roles||Free trial available. Full pricing not publicly disclosed.|
|Netskope||Cloud Access Security Broker capabilities||Threat detectionData Loss Prevention (DLP)||CloudXD technology which provides contextual detail about activity||Contact Netskope for pricing|
|RedLock by Palo Alto Networks||Public cloud compliance||Cloud security analytics
|Threat hunting capabilities for investigation||Contact Palo Alto Networks for pricing|
|Symantec Cloud Workload Protection||Multi-cloud workload monitoring security||User activity monitoringFile integrity monitoring||Application binary monitoring||SaaS Contract with Flexible Pricing.
Small 1 vCPU server at $60 per server/ year
Medium - 2 or 3 vCPU at $174.96/server/yer
Large - 4 or more vCPU at $350.04 / server/year
|Threat Stack Cloud Security Platform||Cloud intrusion prevention||Vulnerability detectionRegulatory compliance rulesets||Remediation workflow capabilities for cloud intrusions||Pricing is per agent per month.
Contact vendor for full details
|Trend Micro Deep Security||Multi-cloud security detection and protection||Host based intrusion preventionVulnerability scanning||Integration with broader Trend Micro threat defense capabilities.||Varies based on cloud deployment size and volume discounts.
On a single AWS large EC2 instance the estimated monthly cost is $22