Check Point


Case Studies

By shifting focus to cloud FinOps with AllCloud, Check Point uses their flagship CloudGuard security solution to identify abnormal NAT Gateway traffic and implement a quick configuration leading to significant AWS cost savings.

About Check Point

Established in 1993, Check Point is one of the world’s leading and veteran IT security companies, offering a wide range of software products for network security, endpoint security, web application security, mobile security, data security, and cloud security. Publicly traded on Nasdaq (CHKP), Check Point headquarters are located in Israel and California, with a workforce of over 6000 employees in more than 70 offices worldwide. Among Check Point’s comprehensive security software solution suite is its CloudGuard platform, providing cloud-native automated security across the customer’s entire cloud network, applications, and workloads to support threat prevention and posture management, full visibility and intelligence, and multi-cloud security.

Check Point is a long-standing AllCloud partner and customer, and CloudGuard is a high-demand third-party product supporting advanced automated cloud security for many of AllCloud’s customers.

Summary

The Check Point AWS environment is vast and complex with over 1000 accounts. The company wanted to find a way to maximize cost savings on AWS but knew it would involve more than just engineering tactics. It would require a shift in organizational culture that puts FinOps at the heart of all engineering and development activities. With the support of AllCloud’s FinOps experts, Check Point succeeded in building that culture, and the results are already clear: when analyzing network traffic using its own CloudGuard security product, the Check Point team – laser-focused on cost optimization – detected traffic coming through NAT Gateway that was unnecessarily eating into precious resources. With a simple and quick configuration, the traffic was rerouted via VPC endpoints, leading to significant cost savings in the AWS environment. Check Point continues to evolve its cloud FinOps culture and yields ongoing annual savings reaching seven figures.

Challenge

As noted in Building a Cloud Center of Excellence to Save on AWS Costs, Check Point has been placing major efforts in creating awareness of cost optimization as part of the company culture and approach to R&D. As part of those efforts, the Check Point team focuses on finding creative ways to enhance the efficacy and profitability of its many products, one of them being CloudGuard, its flagship cloud-native security platform. Beyond a general FinOps approach, the Check Point team decided to seek out opportunities for special projects designed to close any loopholes where resources may be lost and realize the maximum ROI of CloudGuard in customer environments.

Solution

The Check Point cloud environment is super complex with 1000+ accounts in AWS alone, making monitoring and tracking extremely demanding. With CloudGuard being the main consumer of cloud resources in the organization, the Check Point team decided to investigate the efficiency of CloudGuard across this complex ecosystem and ascertain where optimizations could be made to boost the efficiency of the product. 

During the analysis, AllCloud uncovered a substantial amount of network traffic using NAT Gateway to route between AWS resources, however the source of that traffic was unclear. By using CloudGuard, the Check Point team was able to ascertain the traffic source as DynamoDB, and reroute it using VPC endpoints, the AWS best practice for routing traffic between two AWS services with no need for access to the internet. By configuring this reroute, Check Point was able to eliminate the use of NAT Gateway as a connector between AWS resources, thereby setting into motion significant savings of what were unnecessary and previously hidden costs.

Although CloudGuard is a security product for cloud traffic analysis and is not specifically designed for FinOps purposes, the Check Point team leveraged CloudGuard to detect a powerful opportunity for cost optimization of the AWS environment. Fixing the problem and rerouting traffic via VPC endpoints was a simple and quick fix, yet yielded impressive savings on overall AWS spend. The ability to get creative with FinOps and devise the solution was not just a feat of engineering; even more so, it reflects the organizational change in Check Point’s company culture of prioritizing AWS cost optimization and demonstrates what can be achieved when the entire org places FinOps as a top priority.

Results

  • By mistakenly using NAT Gateway, AWS traffic costs may increase up to 5X. The CloudGuard cost optimization configuration rerouting network traffic from NAT Gateway to VPC endpoints, discovered and engineered by the Check Point team, led to savings of over $350K per year.
  • General ongoing cost optimization activities throughout Check Point’s cloud environment have yielded cost savings in the seven-figure region for the company.
  • Beyond actual cost savings, Check Point has succeeded in building a strategy and culture of cloud cost optimization that is shifting the focus of the engineering and development teams, helping them to understand the critical importance of making FinOps part of their daily roles and responsibilities.
  • This has ensured that the focus on FinOps is organic to R&D, coming from the bottom up – from the developers and engineers themselves – and not just a request from management. With this approach, the internal environments of developers are continually reviewed for cost optimization opportunities, reducing the implications of automation, reviewing storage and logs, and reviewing every process previously taken for granted, all this leading to reduced costs per developer of over 40%.

 

“The key is education. With the support of AllCloud, cost optimization is now part of the culture and conversation in R&D. Cost is a fundamental consideration when implementing new initiatives on our AWS environment. Check Point is no longer reactive when it comes to cloud costs – we are proactive. This is how we are making a powerful impact on revenue in the cloud, from the ground up.”

–  Ron Tzrouya, Cloud FinOps Team Lead, Check Point Technologies