GenAI apps and agents introduce entirely new attack surfaces. Traditional security controls weren’t built to prevent prompt injection, data leakage, or AI-driven abuse, leaving organizations exposed.

CloudGuard WAF closes that gap. Its dual-layer ML engine autonomously protects GenAI apps, APIs, and agents with high accuracy and minimal false positives-no manual tuning, no noise, no guesswork.

https://www.checkpoint.com/resources/items/white-paper-cloudguard-waf-security-for-genai-applications

#CheckPoint #CloudGuard #WAF

Traditional WAFs are more expensive than they look: Hidden costs pile up-manual tuning, false positives, downtime, and breach fallout that drain your team, your time, and your budget.

Meet Check Point CloudGuard WAF: Our AI-powered, prevention-first approach eliminates noisy alerts, cuts operational overhead, reduces risk exposure, and delivers industry-leading protection-making it the most cost-effective WAF on the market.

(1/2)

#CheckPoint #CloudGuard #CloudGuarWAF #ChillwithCloudGuard

This weeks Post of the Week is on Best-in-Class GenAI Security with CloudGuard WAF + Lakera.

We’re excited to announce the expansion of CloudGuard WAF with integrated Lakera GenAI security now delivering prevention-first protection for Web, API, and GenAI applications.

If you want a quick breakdown of what’s new and why it matters, we put it all into one place.

Read the full post here: https://ow.ly/HBH350XBbXT

#CheckPoint #CloudGuard #WAF #Lakera

💸 Is your WAF quietly burning budget behind the scenes?

Manual rule updates, constant triage, blocked customers, and the looming cost of a breach… traditional WAFs stack hidden expenses fast.

#CheckPoint's #CloudGuard #WAF does the opposite. Its AI-driven engine delivers ~99.4% accuracy and near-zero false positives.

The result:
✔️ Up to 3x lower operational costs
✔️ Fewer business losses
✔️<1% breach probability

👉 Dive into the full blog + try our TCO calculator: https://blog.checkpoint.com/securing-the-cloud/how-cloudguard-waf-lowers-risk-and-total-cost-of-ownership-tco

See how top WAFs including #Microsoft Azure, #Cloudflare, #AWS, and #CheckPoint #CloudGuard #WAF -performed in real-world traffic simulations.

Metrics that matter: Detection Rate | False Positive Rate | Balanced Accuracy.

👉 Check the WAF Comparison Project 2025: https://blog.checkpoint.com/artificial-intelligence/waf-security-test-results-how-does-your-vendor-rate/

IT Services Associate in the IT Services Industry gives #CheckPoint #CloudGuard WAF 5/5 Rating in Gartner Peer Insights™ API Protection Market.

Read the full review here: https://gtnr.io/bCz77yqmB

#gartnerpeerinsights #ChillwithCloudGuard

🎉 Check Point Software Technologies has been named a #RepresentativeVendor in the 2025 Gartner® Market Guide for Web Application and API Protection (WAAP)!

What defines a next-gen WAAP?

📌 Prevention-first mindset
📌 AI-driven detection
📌 Cloud-native agility

Explore how Check Point Software Technologies was recognized within the report.

Don’t just react. Prevent.

👉 Read more here: https://blog.checkpoint.com/securing-the-cloud/understanding-market-guide-for-cloud-web-application-and-api-protection-how-cloudguard-waf-sets-a-new-standard-in-web-api-protection

#CloudGuard #CloudGuardWAF #WAAP #CheckPoint #ChillwithCloudGuard

Curious about WAF as a Service? Learn how it can act as a critical protection for corporate web applications and APIs, protecting them against exploitation and potential misuse: https://www.checkpoint.com/cyber-hub/cloud-security/what-is-web-application-firewall/what-is-waf-as-a-service/

#cloudsecurity #CloudGuard #LevelUpYourWAF

WatchTowr Labs discovered a significant vulnerability, CVE-2024-24919, in Check Point's CloudGuard Network Security appliances. This flaw allows attackers to perform an arbitrary file read operation, specifically targeting the shadow password file, which grants them the ability to read any file on the system if run as a superuser. The researchers demonstrated this by sending a crafted HTTP request to the device, resulting in the return of the shadow password file content. Despite the vendor's claim that the vulnerability only affects devices with username-and-password authentication enabled, the researchers found no clear reason for this limitation based on the code analysis. They also noted the vendor's remediation advice, suggesting placing the vulnerable device behind another hardened device, which they found amusing due to its impracticality.

The discovery process involved analyzing the decompiled code to identify paths that could lead to file traversal and reading operations. The researchers highlighted a particular string table comparison mechanism that, when manipulated, allowed them to specify a directory traversal path in their request. This led to the successful retrieval of the shadow password file, showcasing the potential impact of the vulnerability.

WatchTowr Labs expressed concern over the vendor's downplaying of the severity of the bug, especially since it is already being exploited in the wild. They emphasized the importance of treating this as a full unauthenticated remote code execution (RCE) vulnerability and urged device administrators to update their systems immediately. The vendor, Check Point, has released a hotfix to address the issue, which administrators are advised to apply.

https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

https://support.checkpoint.com/results/sk/sk182336

#cybersecurity #checkpoint #cloudguard #vulnerability #cve #rce #hotfix #update #watchtowr

Check Point Vulnerability Report: CVE-2024-24919

Date: May 29, 2024

CVE: CVE-2024-24919

Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor

CWE: [[CWE-22]], [[CWE-425]]

Sources: Check Point, [Tenable](CVE-2024-24919 | Tenable®) Tenable Blog

Synopsis

A critical vulnerability (CVE-2024-24919) has been identified in Check Point's CloudGuard Network Security appliance, allowing unauthorized actors to access sensitive information.

Issue Summary

The vulnerability, categorized as an 'Exposure of Sensitive Information to an Unauthorized Actor,' affects Check Point's CloudGuard Network Security appliances. Attackers can exploit this vulnerability to read sensitive information from gateways connected to the Internet and enabled with Remote Access VPN or Mobile Access. The flaw is actively exploited in the wild, making it a high-priority issue for administrators.

Technical Key Findings

The vulnerability arises from a path traversal issue in the appliance's handling of certain HTTP requests. Attackers can manipulate the request paths to access files on the device, bypassing standard access controls. The exploit involves sending crafted HTTP requests to the vulnerable endpoint, allowing unauthorized file reads.

Vulnerable Products

• Check Point CloudGuard Network Security appliances with Remote Access VPN or Mobile Access enabled.

Impact Assessment

Exploiting this vulnerability can lead to unauthorized access to sensitive information, such as configuration files and password hashes. This could potentially escalate to full system compromise if critical files are accessed and misused.

Patches or Workaround

Check Point has released a hotfix to address this vulnerability. Administrators are urged to apply the patch immediately. The company also recommends placing the vulnerable gateway behind another security gateway with IPS and SSL inspection enabled as a temporary mitigation.

Tags

#CheckPoint #CVE-2024-24919 #InformationDisclosure #PathTraversal #NetworkSecurity #CloudGuard #SecurityPatch #VulnerabilityManagement #threatintelligence