Security Total Cost of Ownership: Infrastructure Design
Download
Report
Transcript Security Total Cost of Ownership: Infrastructure Design
Security Total Cost of Ownership: Infrastructure
Design, Solution Selection, and Case Studies
Tommi Aittamaa
Channel Manager
Finland & Baltic
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
Agenda
ROI Market Trends
What we wanted
What we got
Total Cost of Ownership
Check Point and TCO
considerations
Examples and case studies
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
2
Influencing factors
Regulation
Peers
Historical Financial health
attacks
Business
initiatives
Vendors
External
©2009 Check Point Software Technologies Ltd. All rights reserved.
Cost
cutting
Corporate
culture
Internal
[Confidential]—For Check Point users and approved third parties
3
Traditional SW ROI
…Technical
risk
...Market risk
…Regulatory risk
Risk
avoidance
…Higher availability
…Improved performance
…Additional features or scalability
Improved
service
…New
service
…New market or market differentiation
…New approach
Opportunity
enabling
Cost savings
…Elimination of manual effort
…Faster deployment / service activation speed
…Reduced ‘per unit’ management cost
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
4
“…yes, but
security is a
special case…”
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
5
The Customer Environment…
Impossible to
manage
Complicated
Complex
Too many
vendors
Can such
complexity
deliver a
high level of
security?
©2009 Check Point Software Technologies Ltd. All rights reserved.
Network
security
[Confidential]—For Check Point users and approved third parties
6
Security Categories
Products that primarily improve security state
SS
• Network and Host based controls
• Authentication / Authorisation systems
• Encryption systems
• Secure data transportation
• Data leak prevention
• User Provisioning
• Software and log management tools
• Vulnerability assessment
• Patch management
• Security information management
Products that primarily improve operational efficiencies
©2009 Check Point Software Technologies Ltd. All rights reserved.
OE
[Confidential]—For Check Point users and approved third parties
7
ROI application to Security
Security Stage
• More significant for risk averse
corporate cultures
Risk
avoidance
SS
Improved
service
• Requires historical risk analysis
and industry comparative data
Opportunity
enabling
• May apply to technology
• Best if “business enabling”
Cost savings
OE
• Significantly easier to measure
• History may create cynicism
operational efficiencies
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
8
Current focus
• More significant for risk
averse corporate cultures
Risk
avoidance
SS
Improved
service
• Requires historical risk analysis
and industry comparative data
Opportunity
enabling
• May apply to technology
• Best if “business enabling”
Cost savings
OE
©2009 Check Point Software Technologies Ltd. All rights reserved.
• Significantly easier to
measure
• History may create cynicism
[Confidential]—For Check Point users and approved third parties
9
Current focus
Risk
avoidance
More
significant
risk
• Organisational• risk
appetite
has for
decreased
averseiscorporate
cultures
• Financial resilience
lower
SS
• Organisational
changes creating exposure
• Requires historical risk analysis
and industry comparative data
Improved
service
Opportunity
enabling
Cost savings
May apply
to technology
• Security as an•overall
contributor
• Besthighlighted
if “business enabling”
• Security processes
by operating
conditions
• Automation
OE
• Significantly easier to
• Outsourcing and
offshoring
measure
• Antifraud
• History may create cynicism
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
10
Shifting focus
• Significant only for risk
averse corporate cultures
Risk
avoidance
SS
You don’t save your way out of
a recession. Some companies
will not only survive, they will
thrive. They will do so by
investing while capital is cheap
and competition is distracted
Improved
service
Opportunity
enabling
Cost savings
OE
©2009 Check Point Software Technologies Ltd. All rights reserved.
© 2009
• Significantly easier to
measure
• History may create cynicism
[Confidential]—For Check Point users and approved third parties
11
Market Evolution
Complexity
SaaS
Flexibility
Virtualisation
Cloud
Web
Client/Server
Centralized hardware based
infrastructure
1960
1970
©2009 Check Point Software Technologies Ltd. All rights reserved.
Centralized software based
infrastructure
1980
1990
2000
2007
[Confidential]—For Check Point users and approved third parties
12
Effective Asset Management
Facility
Hosted
data
centre
Hardware
Extend
asset
lifetime
Data
centre
design
Decrease
power
usage
©2009 Check Point Software Technologies Ltd. All rights reserved.
Software
Virtualised
Content
Hosted
[Confidential]—For Check Point users and approved third parties
13
What we wanted
If only management understood the risks and knew
why security was important, I wouldn’t have such a
hard time getting budget
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
14
What we wanted
2001: Computer Fraud and Security
– Maintaining senior management’s commitment to
security is critical, for without the consistent support
of top management, security will fail.
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
15
What we wanted
2002: CERT
– The survivability of an organization’s mission requires that
senior management and their organizations shift their
thinking from an IT-based, security centric, technology
solution point of view, to one that is more enterprise-wide,
based on survivability and that utilizes risk management
approaches.
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
16
What we wanted
2004: SecurityFocus
– The reporting required by ITIL keeps an organization's
management well informed about the effectiveness of their
organization's information security measures. The reporting
also allows management to make informed decisions about
the risks their organization has.
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
17
What we got
CSO speaks to board and
management
Management expects to see
results
– Security finally has to
contribute to something
– Improvements and progress
General cost savings
requirements also apply to
security
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
18
What does the business think of security?
Delay to revenue growth,
expansion and new
application delivery
Source of downtime
Continued investment
without return
BUT, UNDERSTOOD AS A
COST OF DOING
BUSINESS
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
19
What this means for security
Cost management is primary: TCO, TCO, TCO
Technology and processes must be standardized
Need to justify purchasing according to:
– “Why can’t we use what we already bought?
– “Show me how we will save money over the next three-to-five years”
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
20
TCO Components
Cost is one element
Applicability, extensibility and
management are fundamental
Soft skills are also crucial
– Skills development
– Mistakes and error correction
– Daily activities and methodologies
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
21
How to revise security architectures with
TCO in-mind
What can we do to
improve security in a
complex business
environment?
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
22
Infrastructure Design, Solution Selection
Solution price
– Can we better utilize our existing
platforms?
Extensibility
– Can we integrate traditionally
dedicated protections into
existing platforms?
Leverage skills
– Can we use management tools
that we already know in order to
do more?
Less mistakes
– Can we predict the impact of
new protections before we apply
them?
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
23
Solution price: consolidation and
extensibility
Network analysis
– Add more networks and services to
reduce firewall footprint
System consolidation
– Consolidate multiple Endpoint and
Gateway solutions when possible
Gateway virtualization
– Compress multiple firewalls into
fewer virtualized devices
IDS/IPS integration
– Integrate some IDS/IPS functionality
into our firewalls to reduce our overall IDS/IPS footprint
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
24
The Customer Environment…
Impossible to
manage
Complicated
Complex
Too many
vendors
Can such
complexity
deliver a
high level of
security?
©2009 Check Point Software Technologies Ltd. All rights reserved.
Network
security
[Confidential]—For Check Point users and approved third parties
25
In 2009 customers have a choice
network security solutions
Check Point Software Blades
Corporate HQ
IPS
Web Security
VPN
Firewall
Branch Office
VPN
Firewall
OR
Etc…
multiple projects
dedicated hardware
dedicated management
©2009 Check Point Software Technologies Ltd. All rights reserved.
Lower
oneinvestment
project
Lower
TCO
multiple
configurations
single management
[Confidential]—For Check Point users and approved third parties
26
What is a software blade?
A SOFTWARE BLADE IS A
BUILDING BLOCK
INDEPENDENT
MODULAR
CENTRALLY MANAGED
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
27
gatewayblades
endpointblades
©2009 Check Point Software Technologies Ltd. All rights reserved.
managementblades
[Confidential]—For Check Point users and approved third parties
28
Total Security
Complete Security & Management Portfolio
Security
Gateway
Blades
Security
Management
Blades
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
29
Check Point Security Gateway R70
The Evolution Continues
Main-train release featuring Software Blade architecture
New IPS Software Blade
Improved Core Firewall Performance
New Provisioning Software Blade
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
30
Introducing: Check Point Endpoint Security
Unified Management
Single Agent for Endpoint Security
Firewall/NAC
Program Control
Antivirus
Anti-spyware
Data
Security
Remote Access
15 years
leadership in
firewalls
Based on awardwinning
ZoneAlarm
Market-leading
Pointsec®
technology
12 years leadership
in remote access
VPN
Mitigates the broadest range of endpoint risks
Unifies all essential components
Only solution that includes both data security and remote access
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
31
Appliance consolidation: UTM
Annual Costs for
Legacy Systems
Check Point UTM-1 270
Total Security 3 Years
Firewall
IPS
VPN Gateway
Gateway Anti-virus
URL Filtering
Messaging Security
Sub-total
$675
$525
$450
$525
$450
$1,125
$3,750
3 Year Subtotal
$11,250
$8,600
3 Year Power Costs
3 Year Rack Costs
$3,038
$1,080
$506
$180
3 Year TCO
$15,368
$9,286
$8,600
$8,600
Source: List pricing from multiple vendors, assumes 15% annual support / subscription
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
32
Endpoint security consolidation
Separate
Vendors
Anti-virus software
Personal firewall
Port protection
Media Encryption
Disk encryption
VPN Client
TOTAL
$30
$25
$20
$20
$70
$15
$180
Endpoint
Vendor 1
Endpoint
Vendor 2
$60
$30
Check Point
$85
$70
$80
$15
$145
$15
$125
$85
Source: CDW: 500 to 1,000 user licenses
Additional TCO components:
One agent on the desktop: one agent = low TCO
– Faster to set policy, provision systems and update software
Helpdesk: less agents = less trouble tickets
– Easier to resolve issues and restore employee productivity
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
33
Gateway virtualization
Cost savings across multiple
axes
– Fast provisioning
– Simplified policy
– Smaller hardware footprint
– Reduced support and
maintenance costs
Appliance models further
reduce TCO
Two virtualization options
– VSX and VPN-1 VE
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
34
Virtualization TCO Comparison
10 Firewall
Appliances
VSX-1 9070
New device acquisition
Annual renewal
Annual Rackspace
Power consumption
1 Year TCO
$0
$22,500
$600
$9,000
$32,100
$60,000
$9,000
$60
$696
$69,756
3 Year TCO
$96,300
$89,268
Comparison of 3 Year TCO of legacy systems versus
new VSX-1 9070
10 physical vs. 10 virtual gateways
Additional advantages through management simplicity
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
35
Creating Virtual Systems
Provide a name
for the Virtual
System and
assign it to the
previously created
VSX Cluster
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
36
Creating Virtual Systems
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
37
Creating Virtual Systems
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
38
Integrated IPS
Dedicated IPS R70 IPS Blade
3 Year TCO
3 Year TCO
1000 Mbps IPS Sensor
Annual subscription
Year 1 Sub-total
$35,000
$5,250
$40,250
$0
$3,000
$3,000
IPS Blade
$50,750
$9,000
With R70, advanced IPS enters the firewall
Enables migration away from dedicated IDS/IPS to IPS software blade in
the gateway
IDS/IPS device to software blade replacement results in around 40% OPEX
reduction per-device
CAPEX reductions even more significant
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
39
TCO considerations and security
management
Re-write security policies
– When was the last time we rewrote our rules instead of just
adding a new rule?
Reorganize policies
– Are we assessing rule utilization
in order to improve gateway
functionality?
Revisit our management
methods
– Are we still doing the same
things that we’ve been doing for
ten years?
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
40
TCO and security predictability
Simple user error can have
devastating business impact
– Requires validation and
approval
– Compliance with audit rules
Applying new protections
can stop network traffic or
services
– Requires performance
analysis
– Confidence-level of
protections
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
41
Overcoming these issues with Check Point
Investment protection
– Existing licenses maintain value
SmartCenter – leveraging existing
human capital
– Unification of management tools
leverages common knowledge base
– Extends existing skills to new
protections, appliances, solutions
SmartProvisioning – Enabling process
replication
– Standardization, quality and speed
SmartWorkflow – Extending audit and
change control
– Consistent with compliance and quality
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
42
Summary
Security invisibility is
over
Must focus on
business needs
TCO is the primary
focus
Management,
processes and soft
skills are key
Check Point enables
simplification and
cost reduction
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
43
Thank you!
[email protected]
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
44