Check Point Connectra NGX R60

Download Report

Transcript Check Point Connectra NGX R60 

Check Point Connectra
NGX R60
Patrick Hanel
17 July 2015
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Agenda
 SSL VPN
- Anywhere access
- Everywhere issue
- The future of SSL VPN
 Check Point Connectra:
Secure Web-based connectivity
- Integrated endpoint security and application security
- Universal updateability
- Easy deployment and management
- Flexible platform options
- Uniqueness in SSL VPN
17 July 2015
2
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
SSL VPN: Anywhere Access
Add more remote users
beyond current 20 percent
 Less technical employees
 Partners
Reduce remote access
support costs
 Browser based; no client
maintenance
 Less end user complexity
Additional access options
 Access from home PC, corporate
Day Extenders
• Email
• Basic applications
• Home computer
Teleworkers
• Email
• Applications
• Company
computer
PC, Internet kiosk
17 July 2015
Intranet
• Email
• Applications
• Files
Extranet
• Portal
• Applications
• Files
Mobile workers
• Email
• Basic applications
• Company computer
or public computer
Extranet access
•Partner computers
3
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
SSL VPN: Everywhere Access
 With IPSec you knew who was coming in
Firewall,
antivirus
Companyowned PC
+
Access
Agreement
Partner
PC
 With SSL VPN you don’t (usually)
Company- Employee
owned PC home PC
17 July 2015
Partner
PC
Public
Internet kiosk
Completely
unmanaged/unsecured
4
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
SSL VPN: The Everywhere Issue
“Spyware is no longer just an
annoying pest swarming home
PCs; rather, it has evolved into
a serious enterprise security
threat.”
– IDC Worldwide Spyware 2004-2008
Internal applications
•Generally nonhardened
SSL VPN Gateway
Forecast and Analysis (Nov. 2004)
External endpoints
• Range from secure to
completely unsecured
17 July 2015
5
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
The Future of SSL VPN: Unification
Key SSL VPN
Needs
Anywhere Access
Network Access
SSL VPNs will follow IPSec
evolution: Connectivity + Security
ANYWHERE ACCESS
 Browser-based access
 Provide access to client/server applications
EVERYWHERE SECURITY
Enforce Policy
and Secure Data
Secure
Applications
 Manage the everywhere security problem
 Harden applications from security threats
UNIFIED MANAGEMENT
Easy to Deploy
17 July 2015
 Minimize deployment and support time
6
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Check Point Connectra
Web Connectivity with Unmatched Security
Authentication
Server (Optional)
Web
Server
Email
Server
File Share
Server
Non-Web
Application
Server
Check Point Connectra
Anywhere Access
Network Access
Enforce Policy
and Secure Data
Secure
Applications
Easy to Deploy
17 July 2015
Unified Web Security Gateway
 Secure Web-Based Connectivity
 Integrated Endpoint Security
 Integrated Application Security
 Easy Deployment and Management
 Flexible Deployment Options
7
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Secure Web Based Connectivity
Connectra Web Portal
Access client/server applications
through browser plug-in
Web-based access to email
Access Web sites
and applications
Access file share servers
17 July 2015
8
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Integrated Endpoint Security
Key benefits
 Minimizes risk from
unsecured endpoints
 Stops ID, password,
and data theft
• Scans for spyware and malware
• Enforces endpoint security
compliance (antivirus/firewall)
• Provides secure browser for data
encryption and cache cleaning
• Real-time endpoint security updates
Check Point
Connectra
Guest PC, unmanaged
• Limit access rights
Public PC using secure
browser
• Grant higher access rights
 Spyware and malware
 Antivirus and firewall
compliance
 Secure browser
17 July 2015
Spyware detected
• Deny access
9
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Integrated Application Security
Key benefits
 Ensures internal
applications and resources
are secure
 Increases security
protection for when
endpoints are less secure
 Application Intelligence
and Web Intelligence
Application-layer protection
•
–
Block malicious data
•
–
DNS, FTP, HTTP, Microsoft CIFS,
etc.
Buffer overflows, DOS attacks, SQL
injection, worms, etc.
Real-time security updates
Normal user
Hacker/
infected PC
Check Point
Connectra
17 July 2015
Normal user
10
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Universal Updateability
 Perimeter, Internal, Web Strategy: Universal Updateability
– Update to All Security Components
• Application Intelligence and Web Intelligence
• Endpoint Security
– Universal SmartDefense
Delivers the power to
update each Check Point
solution in real time
against the latest known
and unknown security
threats
17 July 2015
11
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Easy Deployment and
Management
Key benefits
 Authentication Integration
 Simplifies installation
and management
 Leverages existing
infrastructure
SmartCenter
Server
– LDAP, RADIUS, SecureID
 Application Integration
– OWA, Citrix, iNotes, etc.
– Email, File Share
– SSO
Authentication
Server
 Management
– Web-based
– Optional SmartCenter
integration
SSL
Management Station
(SmartCenter)
17 July 2015
Check Point
Connectra
Check Point
VPN-1
12
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Connectra NGX R60 and SmartCenter
 Unified Security
Management
– NGX SmartCenter
•
•
•
•
17 July 2015
SmartView Tracker
SmartView Monitor
Smart Update
SmartDefense Service
13
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Flexible Platform Options
Key benefits
 Match platform with
price/performance
requirements
• Available as dedicated appliance or
software for open servers
 Connectra appliance
– Turnkey solution
– Hardened Check Point or
OPSEC hardware platform
– Multiple platforms to match
deployment size
 Connectra software
– Software for open servers
– Based on SecurePlatform
Connectra software
17 July 2015
Connectra appliance
14
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Connectra Uniqueness in SSL VPN
Connectra 2.0 warrants
consideration, especially when
compared with other enterprise
remote-access solutions. It has all of
the core features, plus solid endpoint security.
Key SSL VPN
Needs
With Connectra 2.0, Check Point
March 14,
2005
Software Technologies
Ltd.
leverages its vast experience
securing networks, applications and
client endpoints to provide the most
comprehensive security feature set
we've seen in an SSL VPN product to
date.
CONNECTIVITY
Anywhere Access
Network Access
 Almost all vendors deliver similar set of
connectivity features
SSL Network Extender a solid performer
SECURITY
Enforce policy
and Secure Data
Secure
Applications
 Some deliver some features
 Most rely on third-party startups to fill in gaps
Connectra the most integrated security, only
solution with real-time security updates
MANAGEABILITY
Easy to Deploy
17 July 2015
 Standalone solutions, no integration
Unified Security Architecture: Centralized
security management
15
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential
Thank You!
Authentication
Server (Optional)
Web
Server
Email
Server
File Share
Server
Non-Web
Application
Server
Check Point Connectra
Anywhere Access
Network Access
Enforce Policy
and Secure Data
Secure
Applications
Easy to Deploy
17 July 2015
Unified Web Security Gateway
 Secure Web-Based Connectivity
 Integrated Endpoint Security
 Integrated Application Security
 Easy Deployment and Management
 Flexible Deployment Options
16
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential