Check Point Connectra NGX R60
Download
Report
Transcript Check Point Connectra NGX R60
Check Point Connectra
NGX R60
Patrick Hanel
17 July 2015
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Agenda
SSL VPN
- Anywhere access
- Everywhere issue
- The future of SSL VPN
Check Point Connectra:
Secure Web-based connectivity
- Integrated endpoint security and application security
- Universal updateability
- Easy deployment and management
- Flexible platform options
- Uniqueness in SSL VPN
17 July 2015
2
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
SSL VPN: Anywhere Access
Add more remote users
beyond current 20 percent
Less technical employees
Partners
Reduce remote access
support costs
Browser based; no client
maintenance
Less end user complexity
Additional access options
Access from home PC, corporate
Day Extenders
• Email
• Basic applications
• Home computer
Teleworkers
• Email
• Applications
• Company
computer
PC, Internet kiosk
17 July 2015
Intranet
• Email
• Applications
• Files
Extranet
• Portal
• Applications
• Files
Mobile workers
• Email
• Basic applications
• Company computer
or public computer
Extranet access
•Partner computers
3
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
SSL VPN: Everywhere Access
With IPSec you knew who was coming in
Firewall,
antivirus
Companyowned PC
+
Access
Agreement
Partner
PC
With SSL VPN you don’t (usually)
Company- Employee
owned PC home PC
17 July 2015
Partner
PC
Public
Internet kiosk
Completely
unmanaged/unsecured
4
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
SSL VPN: The Everywhere Issue
“Spyware is no longer just an
annoying pest swarming home
PCs; rather, it has evolved into
a serious enterprise security
threat.”
– IDC Worldwide Spyware 2004-2008
Internal applications
•Generally nonhardened
SSL VPN Gateway
Forecast and Analysis (Nov. 2004)
External endpoints
• Range from secure to
completely unsecured
17 July 2015
5
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
The Future of SSL VPN: Unification
Key SSL VPN
Needs
Anywhere Access
Network Access
SSL VPNs will follow IPSec
evolution: Connectivity + Security
ANYWHERE ACCESS
Browser-based access
Provide access to client/server applications
EVERYWHERE SECURITY
Enforce Policy
and Secure Data
Secure
Applications
Manage the everywhere security problem
Harden applications from security threats
UNIFIED MANAGEMENT
Easy to Deploy
17 July 2015
Minimize deployment and support time
6
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point Connectra
Web Connectivity with Unmatched Security
Authentication
Server (Optional)
Web
Server
Email
Server
File Share
Server
Non-Web
Application
Server
Check Point Connectra
Anywhere Access
Network Access
Enforce Policy
and Secure Data
Secure
Applications
Easy to Deploy
17 July 2015
Unified Web Security Gateway
Secure Web-Based Connectivity
Integrated Endpoint Security
Integrated Application Security
Easy Deployment and Management
Flexible Deployment Options
7
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Secure Web Based Connectivity
Connectra Web Portal
Access client/server applications
through browser plug-in
Web-based access to email
Access Web sites
and applications
Access file share servers
17 July 2015
8
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Integrated Endpoint Security
Key benefits
Minimizes risk from
unsecured endpoints
Stops ID, password,
and data theft
• Scans for spyware and malware
• Enforces endpoint security
compliance (antivirus/firewall)
• Provides secure browser for data
encryption and cache cleaning
• Real-time endpoint security updates
Check Point
Connectra
Guest PC, unmanaged
• Limit access rights
Public PC using secure
browser
• Grant higher access rights
Spyware and malware
Antivirus and firewall
compliance
Secure browser
17 July 2015
Spyware detected
• Deny access
9
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Integrated Application Security
Key benefits
Ensures internal
applications and resources
are secure
Increases security
protection for when
endpoints are less secure
Application Intelligence
and Web Intelligence
Application-layer protection
•
–
Block malicious data
•
–
DNS, FTP, HTTP, Microsoft CIFS,
etc.
Buffer overflows, DOS attacks, SQL
injection, worms, etc.
Real-time security updates
Normal user
Hacker/
infected PC
Check Point
Connectra
17 July 2015
Normal user
10
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Universal Updateability
Perimeter, Internal, Web Strategy: Universal Updateability
– Update to All Security Components
• Application Intelligence and Web Intelligence
• Endpoint Security
– Universal SmartDefense
Delivers the power to
update each Check Point
solution in real time
against the latest known
and unknown security
threats
17 July 2015
11
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Easy Deployment and
Management
Key benefits
Authentication Integration
Simplifies installation
and management
Leverages existing
infrastructure
SmartCenter
Server
– LDAP, RADIUS, SecureID
Application Integration
– OWA, Citrix, iNotes, etc.
– Email, File Share
– SSO
Authentication
Server
Management
– Web-based
– Optional SmartCenter
integration
SSL
Management Station
(SmartCenter)
17 July 2015
Check Point
Connectra
Check Point
VPN-1
12
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Connectra NGX R60 and SmartCenter
Unified Security
Management
– NGX SmartCenter
•
•
•
•
17 July 2015
SmartView Tracker
SmartView Monitor
Smart Update
SmartDefense Service
13
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Flexible Platform Options
Key benefits
Match platform with
price/performance
requirements
• Available as dedicated appliance or
software for open servers
Connectra appliance
– Turnkey solution
– Hardened Check Point or
OPSEC hardware platform
– Multiple platforms to match
deployment size
Connectra software
– Software for open servers
– Based on SecurePlatform
Connectra software
17 July 2015
Connectra appliance
14
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Connectra Uniqueness in SSL VPN
Connectra 2.0 warrants
consideration, especially when
compared with other enterprise
remote-access solutions. It has all of
the core features, plus solid endpoint security.
Key SSL VPN
Needs
With Connectra 2.0, Check Point
March 14,
2005
Software Technologies
Ltd.
leverages its vast experience
securing networks, applications and
client endpoints to provide the most
comprehensive security feature set
we've seen in an SSL VPN product to
date.
CONNECTIVITY
Anywhere Access
Network Access
Almost all vendors deliver similar set of
connectivity features
SSL Network Extender a solid performer
SECURITY
Enforce policy
and Secure Data
Secure
Applications
Some deliver some features
Most rely on third-party startups to fill in gaps
Connectra the most integrated security, only
solution with real-time security updates
MANAGEABILITY
Easy to Deploy
17 July 2015
Standalone solutions, no integration
Unified Security Architecture: Centralized
security management
15
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Thank You!
Authentication
Server (Optional)
Web
Server
Email
Server
File Share
Server
Non-Web
Application
Server
Check Point Connectra
Anywhere Access
Network Access
Enforce Policy
and Secure Data
Secure
Applications
Easy to Deploy
17 July 2015
Unified Web Security Gateway
Secure Web-Based Connectivity
Integrated Endpoint Security
Integrated Application Security
Easy Deployment and Management
Flexible Deployment Options
16
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential