Total Security option 1

Download Report

Transcript Total Security option 1 

CheckPoint new security architecture and R70 highlights
TOTALSECURITY™
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
What organizations want
total security
Total security across all
enforcement points
flexible security
The right protection
at the right investment
simple security
Ease of deployment
Ease of management
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
2
Introducing Check Point R70
with New Software Blade Architecture
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
3
What is a software blade?
A software blade is a
security building block
 Independent
 Modular
 Centrally managed
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
4
How does it work?
Select a container
Select the blades
©2009 Check Point Software Technologies Ltd. All rights reserved.
Configure the system
[Confidential]—For Check Point users and approved third parties
5
Two options to construct your solution
Option 1:
A La Carte
Option 2:
Pre-Defined Systems*
SG103
1 core
3 blades
SG407
4 cores
7 blades
SG805
8 cores
5 blades
*Examples
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
6
Total Security
Complete Security & Management Portfolio
Security
Gateway
Blades
Security
Management
Blades
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
7
Customer Benefits
TOTAL
SIMPLE
 Total security across all enforcement points
 Custom configuration for the right security at
the right investment
 Simple planning, fast deployment
MIGRATION
 Ease of consolidation
FLEXIBLE
SECURITY
CONSOLIDATION
LOWER
TCO
– Add/activate blades easily into existing
infrastructure
– Segregation of duties in a single system
– Dedicate system resources per software blade
 Simple migration and scaling
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
8
Check Point R70
Debut of Check Point Software Blade Architecture
NEW Check Point Security Gateway R70
IPS Blade: IPS Redefined
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
9
Check Point Security Gateway R70
The Evolution Continues
 Main-train release featuring Software Blade architecture
New IPS Software Blade
Improved Core Firewall Performance
New Provisioning Software Blade
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
10
Check Point IPS Blade
Debut of Check Point Software Blade Architecture
NEW Check Point Security Gateway R70
IPS Software Blade: Next Generation Integrated Intrusion Prevention
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
11
Check Point IPS Blade
Check Point IPS Blade:
• Complete intrusion prevention integrated
with firewall
• Enterprise-class performance
• Comprehensive and dynamic management
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
12
IPS Increases Threat Control
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
13
New Threat Control Engine
Utilizing multiple methods of detection and analysis for
accurate and confident security
• Pre-emptive and accurate detection via NEW! multimethod signature & behavioral prevention engine.
• Wide protection coverage for both server and client
vulnerabilities.
• Protection profiles with attack severity, confidence, and
performance settings to automatically set protections to
Detect or Prevent.
• Open language for writing protections and protocol
decoders.
• Application Identification for application policy
enforcement.
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
14
Complete Intrusion Protection






Protection against server vulnerabilities
Protection against client & OS vulnerabilities
Protection against malware and worm infections
Block stealthy P2P and IM applications
Prevent buffer overflow attacks
Protection against network reconnaissance gathering
Only gateway with IPS across product line
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
15
Performance
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
16
R70 Performance Enhancements
Network
 Deeper multi-core integration
 Multi-tier IPS filtering engine
– quickly filters ~90% of traffic
 Filter attacks only on the
relevant sections of the traffic
– reduce overhead
– Reduce false positives
 Performance Improvements
in Secure Platform OS
Firewall
Firewall
IPS Engine
IPS Engine
…
CoreXL
Secure Platform
Network
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
17
Ensure Total System Performance
Ensure firewall performance with
load threshold safety-valve
Automatically activate protections
based on your criteria:
• Estimated performance impact
• Severity level
• Confidence level
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
18
New Threat Management Requirements
 Manage High Volume
of IPS Events
 Manage in Real Time
 Manage across
multiple Security
functions
 Adapt to Constantly
Evolving Threat
Environment
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
19
IPS Software Blade Timeline View
Quickly go from high-level business view to detailed forensics
Easily isolate important information
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
20
IPS Protection Browser
Easily Browse, Search, Set Protections
• Easy navigation through protection list
• Detailed protection description
• Review attributes: Severity, Attack Confidence, Performance
Impact, Release Data, Industry Reference
• View and adjust protection settings – Prevent, Detect, Inactive
• Keyword search: easily find Attack, Protection, Category, CVE…
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
21
‘Sandbox’ New Protections
Gain confidence in protections:
Automatically
‘sandbox’ new protections
in ‘Detect Only’ mode until
you are ready to put them
in Prevent mode.
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
22
Extensive Graphs and Reports
Meet Compliance and Management Information Needs
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
23
Check Point R70 Summary
Debut of Check Point Software Blade Architecture
NEW Check Point Security Gateway R70
IPS Blade: Next Generation Intrusion Prevention
©2009 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
24
Thank You!
TOTALSECURITY™
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.