Upload
atlnacional02
View
225
Download
0
Embed Size (px)
Citation preview
7/27/2019 Software Blades
1/12
Check Point
Software BladeArchitecture
7/27/2019 Software Blades
2/12
7/27/2019 Software Blades
3/122
TODAYS SECURITY CHALLENGEProtecting enterprises against todays constantly evolving threat
environment has never been more challenging. Inrastructure,
connectivity and perormance requirements keep growing.
New and varied threats are leading to more security vendors,
point products and complexity, while IT teams are under
increasing pressure to reduce costs and complexity, and do morewith existing hardware and resources. The combination o these
challenges has lead to ineective approaches that are increasingly
ineicient, costly and unsustainable.
As a result, organizations and IT teams are looking or a better
solutionone that is more simple, lexible and secures the entire
enterprise. This includes the reedom to add critical protection at
the network or endpoint as needed, without worrying about
perormance, availability or orklit upgrades. It also means the
ability to invest in security only as you need it, without having to
introduce yet another security vendor, endpoint agent, or
point appliance.
CHECK POINT 3D SECURITYCheck Point 3D Security redeines security as a 3-dimensional
business process that combines policies, people and enorce-
ment or stronger protection across all layers o security
including network, data and endpoints. To achieve the level o
protection needed in the 21st century, security needs to grow rom
a collection o disparate technologies to an eective business
process. With 3D Security, organizations can now implement a
blueprint or security that goes beyond technology to ensure the
integrity o all inormation security.
Check Point 3D Security enables organizations to redeine
security by integrating the three dimensions shown in the
graphic below into a business process.
CHECK POINT SOFTWARE BLADEARCHITECTUREAs a key tool in creating true 3D Security, the Check Point
Sotware Blade Architecture allows companies to enorce
security policies while helping to educate users on those policies.
The Sotware Blade architecture is the irst and only security
architecture that delivers total, lexible and manageable securityto companies o any size.
Whats more, as new threats and needs emerge, Check Point
Sotware Blade Architecture quickly and lexibly extends security
services on-demandwithout the addition o new hardware
or management complexity. Solutions are centrally managed
through a single console that reduces complexity and operational
overhead. Multilayered protection is critical today to combat
dynamic threats such as bots, Trojans and Advanced Persistent
Threats (APTs). Firewalls today are more like multi-unction
gateway but not all companies want the same security
everywhere. Companies are looking or lexibility and controlo their security resources.
WHAT IS A SOFTWARE BLADE?A Sotware Blade is a security application or module such as
a irewall, Virtual Private Network (VPN), Intrusion Prevention
System (IPS), or Application Control to name a ew, that is
independent, modular and centrally managed. They allow
organizations to customize a security coniguration that targets
the right mix o protection and investment. Sotware Blades
can be quickly enabled and conigured on any gateway or
management system with a simple click o a mouseno
hardware, irmware or driver upgrades required. And as needsevolve, additional Sotware Blades can be easily activated to
extend security to an existing coniguration on the same
security hardware.
Policies thatsupport business needsand transorm securityinto a business process
Security that involvespeople in policy
denition, education andincident remediation
Enforce, consolidateand control all layers o
securitynetwork, data,application, content and user
Check Point 3D Security
7/27/2019 Software Blades
4/123
KEY BENEFITS
n Better Security
A multi-layered solution and consolidated platorm or enterprise security exercises a unique combination o integrated
network and endpoint security, combined with the industrys most comprehensive anti-malware threat protection.
n Simplicity
Easy administration, total lexibility and simple security activation eliminates complexity and makes security easier to
operate and manage.
n ManageabilityOne-click activation enables ast deployment o security services. Centralized Sotware Blade management increases
productivity and eiciency.
n Total Security
A comprehensive library o over thirty Sotware Blades delivers unrivaled security integration to allow the right level o
security at all layers o the network.
n Lower TCO
Delivers better security, hardware extensibility and consolidation, while lowering TCO by up to 50% compared to traditional
multi-vendor solutions.
n Maximize performance
A complete range o perormance options rom 190 Megabits per second up to 1 Terabit per second ready appliances.Allows or provisioning o resources that maximizes service levels.
n Lower carbon footprint
Deliver green IT savings by allowing the consolidation o multiple point solutions into one integrated gateway that reduces
rack space, cooling, cabling and power.
Extend your security solution with a click of a mouse.Easily add new security Software Blades with Check
Points flexible, easy-to-use management console.
7/27/2019 Software Blades
5/124
HOW ARE CHECK POINT SOFTWARE BLADES DEPLOYED?
Sotware Blades can be deployed on Check Point appliances and open servers. New Sotware Blades can be easily addedto your existing hardware platorm by simply turning on their unctionality in the Check Point centralized, easy-to-use
management console. No additional hardware, irmware or drivers are necessary. This enables organizations to deploy
security dynamicallyas neededwith lower total cost o deployment.
Check Point Security Gateway SmartDashboard
The Firewall Software Blade is always included
Customize your security to meet your
unique business needs.
7/27/2019 Software Blades
6/125
SELECT A GATEWAY SOLUTION THAT CAN GROW WITH YOUR BUSINESSWhether designing a solution or an enterprise headquarters or data center, branch oice, or mid-size business, Check Point Sotware
Blade Architecture provides unmatched coniguration lexibility. The result is a complete gateway or management system conigured
precisely to your speciic business needs.
Check Point AppliancePackages
Containers andPre-Dened Systems
la CarteSotware Blades
Option 1 Option 2 Option 3
Three Options to Build Your Gateway Solution
SIZING YOUR SYSTEMHow do you know what size appliances to run? Check Points SecurityPower is a new benchmark metric that allows customers to
select the right security appliances by their capacity to handle real-world network traic, multiple advanced security Sotware Blades anda typical security policy. SecurityPower helps customers quickly determine which appliances can best meet their network security needs
today, as well as support anticipated uture traic increases and additional security Sotware Blades.
Determine which Sotware Bladesto run on gateway
Input network speed
Select where gateway isplaced (perimeter or LAN)
7/27/2019 Software Blades
7/126
FOR ENDPOINT SECURITY
Choose rom six Endpoint Security Sotware Blades to tailor a custom solution:
n Deploy only the endpoint protection you need todayn Add more security easily at any time rom a central management console
FOR SECURITY MANAGEMENT
Security management Sotware Blade containers come predeined and eature:
n Built-in update service that keeps current with the latest sotwaren Integrated backup, restore and upgrade capabilities
SOFTWARE BLADE PRE-DEFINED AND LA CARTE SYSTEMS AND CONTAINERSSotware Blade systems and containers come with all o the necessary services required to run the Check Point Sotware Blade environ-
ment, and eature Check Points easy-to-use administrative interace. There are three varieties o Sotware Blade systems and containers
to order la carte or add-on additional protection to your gateway at any time.
FOR SECURITY GATEWAYS
Security gateway Sotware Blade systems are available as appliance packages, pre-deined security bundles or la carte selection o
security capabilities o your choice, eaturing:
n SecurePlatorma pre-hardened operating system or quick and easy deploymentn CoreXLmulti-core acceleration or deep-packet inspection and maximum perormance
1. Select a container based on thenumber o processor cores inyour appliance
2. Select desired GatewaySotware Blades
3. Create system that is simple,fexible and secure
Steps to Tailor an Integrated Security Gateway
1. Select a container based on thenumber o processor cores inyour appliance or open server
2. Select desired ManagementSotware Blades
3. Start centrally managing yourgateways and endpoints
Steps to Tailor an Integrated Management Solution
1. Select a container based on thenumber o seats
2. Select desired EndpointSotware Blades
3. Deploy Endpoint SotwareBlades centrally
Steps to Tailor an Integrated Endpoint Security Solution
Simplify your security management
with a single view.
7/27/2019 Software Blades
8/127
The Check Point Firewall Software Blade builds on the award-winning technology irst oered in Check Points FireWall-1solution to provide the industrys strongest level o gateway security and identity awareness. Check Points irewalls are trusted by100% o the Fortune 100 and deployed by over 170,000 customers, and have demonstrated industry leadership and continuedinnovation since the introduction o FireWall-1 in 1994.
The Check Point IPsec VPN Software Blade provides secure connectivity to corporate networks or remote and mobile users,branch oices and business partners. The Sotware Blade integrates access control, authentication and encryption to guarantee
the security o network connections over the public Internet.
The Check Point Mobile Access Software Blade provides simple and secure remote access to corporate applications over theInternet, via smartphones or PCs. The solution provides enterprise-grade remote access via SSL VPN or simple, sae and securemobile connectivity to email, calendars, contacts and corporate applications.
The Check Point Intrusion Prevention System (IPS) Software Blade combines industry-leading IPS protection withbreakthrough perormance at a lower cost than traditional, stand-alone IPS solutions. The IPS Sotware Blade deliverscomplete and proactive intrusion preventionall with the deployment and management advantages o a uniied and extensiblenext-generation irewall solution.
The Check Point Application Control Software Blade provides the industry's strongest application security and identity controlto organizations o all sizes. It enables IT teams to easily create granular policiesbased on users or groupsto identiy, block orlimit usage o over 240,000 Web 2.0 applications and widgets.
The Check Point Identity Awareness Software Blade provides granular visibility o users, groups and machines, providingunmatched application and access control through the creation o accurate, identity-based policies. Centralized management andmonitoring allows or policies to be managed rom a single, uniied console.
The Check Point DLP Software Blade combines technology and processes to revolutionize Data Loss Prevention (DLP), helpingbusinesses to pre-emptively protect sensitive inormation rom unintentional loss, educating users on proper data handling policiesand empowering them to remediate incidents in real-time.
The Check Point URL Filtering Software Blade integrates with Application Control, allowing uniied enorcement andmanagement o all aspects o Web security. URL Filtering provides optimized Web security through ull integration in the gatewayto prevent bypass through external proxies; integration o policy enorcement with Application Control or ull Web and Web 2.0protection; and UserCheck empowers and educates users on Web usage policy in real time.
The Check Point Anti-Bot Software Blade detects bot-inected machines, prevents bot damages by blocking botC&C communications, and is continually updated rom ThreatCloud, the irst collaborative network to ight cybercrime.
GATEWAY SOFTWARE BLADES
Protect your network from threats with a
multi-layered security approach.
7/27/2019 Software Blades
9/128
The enhanced Check Point Antivirus Software Blade stops incoming malicious iles. Using real-time virus signatures andanomaly-based protections rom ThreatCloud, the irst collaborative network to ight cybercrime, the Antivirus Sotware Bladedetects and blocks malware at the gateway beore the user is aected.
The Check Point Anti-Spam and Email Security Software Blade provides comprehensive protection or an organization'smessaging inrastructure. A multidimensional approach protects the email inrastructure, provides highly accurate spam protection,and deends organizations rom a wide variety o virus and malware threats delivered within email. Continual updates assure that allthreats are intercepted beore they spread.
The Check Point Web Security Software Blade provides a set o advanced capabilities that detect and prevent attackslaunched against the Web inrastructure. The Web Security Sotware Blade delivers comprehensive protection when using the Webor business and communication.
The Check Point Advanced Networking and Clustering Software Blade simpliies network security deployment and manage-ment within complex and highly utilized networks, while maximizing network perormance and security in multi-Gbps environments.This blade is a combination o the Check Point Acceleration and Clustering Sotware Blade and the Advanced Networking SotwareBlade, which is ideal or high-end enterprise and datacenter environments where perormance and availability are critical.
The Check Point Acceleration and Clustering Software Blade delivers a set o advanced technologies, SecureXL andClusterXL, that work together to maximize perormance and security in high-perormance environments. These work with CoreXL,which is included with the blade containers, to orm the oundation o the Open Perormance Architecture, which delivers throughputdesigned or data center applications and the high levels o security needed to protect against todays application-level threats.
The Check Point Advanced Networking Software Blade includes a number o advanced networking eatures such as dynamicrouting, multicast support, Quality o Service (QoS) prioritization, ISP redundancy, and application load balancing. These eaturescombine to optimize network and users perormance by, or example, assigning a high priority to business-critical applications andusers. As a result employee productivity remains high and online experiences are positive.
Security Gateway Virtual Edition protects dynamic virtualized environments and external networks, such as private and publicclouds, rom internal and external threats by securing virtual machines and applications. This Sotware Blade is managed by asingle interace or consistent and eicient management.
Voice Over IPThe Check Point security amily enables you to deploy VoIP applications such as telephony or video conerencingwithout introducing new security threats or needing to redesign your network. Because worms and VoIP-speciic Denial o Serviceattacks can take IP phone services down, Check Point delivers an evolving solution that understands and protects against existingand new threats that may disrupt business continuity.
GATEWAY SOFTWARE BLADES (CONTINUED)
7/27/2019 Software Blades
10/12
The Check Point Network Policy Management Software Blade provides comprehensive, centralized network security policymanagement or Check Point gateways and Sotware Blades, via SmartDashboarda single, uniied console that provides controlover the most complex security deployments.
The Check Point Endpoint Policy Management Software Blade simpliies endpoint security management by uniying allendpoint security capabilities in a single console. Monitor, manage and enorce policy, rom an at-a-glance dashboard downto user and machine details, all with a ew clicks.
The Check Point SmartEvent Software Blade is a uniied security event management and analysis solution that deliversreal-time, actionable threat management inormation. Administrators can quickly identiy critical security events, stop threatsdirectly rom the event screen, add protections on-the-ly to remediate attacks, all via a single console.
The Check Point Logging & Status Software Blade provides real-time visibility regarding security status and activities
through log tracking and provides a complete visual picture o changes to gateways, tunnels and remote users.
The Check Point SmartWorkflow Software Blade provides a seamless and automated process or policy change managementthat helps administrators reduce errors and enhance compliance. Enorce a ormal process or editing, reviewing, approving andauditing policy changes rom a single console, or one-stop, total policy liecycle management.
The Check Point SmartProvisioning Software Blade provides centralized administration and security provisioning o CheckPoint devices. Using proiles, administrators can automate device coniguration and easily roll out changes to settings to multiple,geographically distributed devices, via a single security management console.
The Check Point Monitoring Software Blade presents a complete picture o network and security perormance, enabling astresponses to changes in traic patterns or security events. The Sotware Blade centrally monitors Check Point devices and alertsto changes to gateways, endpoints, tunnels, remote users and security activities.
The Check Point Management Portal Software Blade allows browser-based security management access to outside groupssuch as support sta or auditors, while maintaining centralized control o policy enorcement. View security policies, the status oall Check Point products and administrator activity as well as edit, create and modiy internal users.
Security Management and Multi-Domain Security Management (Provider-1) delivers more security and control bysegmenting your security management into multiple virtual domains. Businesses o all sizes can easily create virtual domainsbased on geography, business unit or security unction, to strengthen security and simpliy management.
The Check Point User Directory Software Blade leverages LDAP servers to obtain identiication and security inormation aboutnetwork users, eliminating the risks associated with manually maintaining and synchronizing redundant data stores, and enablingcentralized user management throughout the enterprise.
The Check Point SmartReporter Software Blade increases the visibility o security threats by centralizing network securityreporting o network, security and user activity into concise predeined or custom-built reports. Easy report generation andautomatic distribution save time and money and allow organizations to maximize security investments.
MANAGEMENT SOFTWARE BLADES
9
7/27/2019 Software Blades
11/12
The Check Point Firewall & Compliance Check Software Blade protects endpoints by controlling inbound and outbound traicand ensuring policy compliance, with centralized management rom a single console. Deinable zones and security levels protectendpoint systems rom unauthorized access. Integrated stealth technology makes endpoints invisible to attackers. This sotwareblade is easily managed by uniied Endpoint Security Management.
The Check Point Full Disk Encryption Software Blade provides automatic security or all inormation on endpoint hard drives,including user data, operating system iles and temporary and erased iles. For maximum data protection, multi-actor pre-bootauthentication ensures user identity, while encryption prevents data loss rom thet.
The Check Point Media Encryption Software Blade provides centrally-enorceable encryption o removable storage media suchas USB lash drives, backup hard drives, CDs and DVDs, or maximum data protection. Port control enables management o allendpoint ports, plus centralized logging o port activity or auditing and compliance.
The Check Point Remote Access VPN Software Blade provides users with secure, seamless access to corporate networks
and resources when traveling or working remotely. Privacy and integrity o sensitive inormation is ensured through multi-actorauthentication, endpoint system compliance scanning and encryption o all transmitted data.
The Check Point Anti-Malware & Program Control Software Blade eiciently detects and removes malware rom endpointswith a single scan. Viruses, spyware, keystroke loggers, Trojans and rootkits are identiied using signatures, behavior blockers andheuristic analysis. Program control allows only approved programs to run on the endpoint. This sotware blade is easily managedby uniied Endpoint Security Management.
The Check Point WebCheck Endpoint Software Blade protects the enterprise against the rising number o web-based threats.Known and unknown web threats, such as drive-by downloads, phishing sites and zero-day attacks, are isolated with browservirtualization technology, while advanced heuristics stop users rom going to dangerous sites. This sotware blade is easilymanaged by uniied Endpoint Security Management.
ENDPOINT SOFTWARE BLADES
10
Centrally managed, comprehensive endpointsecurity with transparent end-user experience.
7/27/2019 Software Blades
12/12
20032012 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point 2200, Check Point 4000 Appliances, Check Point 4200, CheckPoint 4600, Check Point 4800, Check Point 12000 Appliances, Check Point 12200, Check Point 12400, Check Point 12600, Check Point 21400, Check Point 6100 Security System, Check Point Anti-Bot Software Blade, Check Point Application Control Software Blade, Check Point Data Loss Prevention, Check Point DLP, Check Point DLP-1, Check Point Endpoint Security, Check Point EndpointSecurity On Demand, the Check Point logo, Check Point Full Disk Encryption, Check Point GO, Check Point Horizon Manager, Check Point Identity Awareness, Check Point IPS, Check Point IPSecVPN, Check Point Media Encryption, Check Point Mobile, Check Point Mobile Access, Check Point NAC, Check Point Network Voyager, Check Point OneCheck, Check Point R75, Check Point SecurityGateway, Check Point Update Service, Check Point WebCheck, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, CooperativeSecurity Alliance, CoreXL, DefenseNet, DynamicID, Endpoint Connect VPN Client, Endpoint Security, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IP Appliances, IPS-1, IPSSoftware Blade, IPSO, R75, Software Blade, IQ Engine, MailSafe, the More, better, Simpler Security logo, Multi-Domain Security Management, MultiSpect, NG, NGX, Open Security Extension, OPSEC,OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management,Power-1, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, Secure Virtual Workspace, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXLTurbocard, Security Management Portal, SecurityPower, Series 80 Appliance, SiteManager-1, Smart-1, SmartCenter, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole,SmartDashboard, SmartDefense, SmartDefense Advisor, SmartEvent, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartProvisioning, SmartReporter, SmartUpdate, SmartView, SmartViewMonitor, SmartView Reporter, SmartView Status, SmartViewTracker, SmartWorkflow, SMP, SMP On-Demand, SocialGuard, SofaWare, Software Blade Architecture, the softwareblades logo, SSLNetwork Extender, Stateful Clustering, Total Security, the totalsecurity logo, TrueVector, UserCheck, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Edge, VPN-1MASS, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VE, VPN-1 VSX,VSX, VSX-1, Web Intelligence, ZoneAlarm, ZoneAlarm Antivirus + Firewall, ZoneAlarm DataLock, ZoneAlarm Extreme Security, ZoneAlarm ForceField, ZoneAlarm Free Firewall, ZoneAlarm Pro Firewall,ZoneAlarm Internet Security Suite, ZoneAlarm Security Toolbar, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point SoftwareTechnologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other p roduct names mentioned herein are trademarks or registered trademarks of their respectiveowners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, 7,165,076, 7,540,013, 7,725,737 and 7,788,726
d b t t d b th U S P t t f i t t di li ti
Contact Check Point now to discuss
Check Point Software Blade Architecture:
www.checkpoint.com/contactus
By phone in the US: 1-800-429-4391 option 5 or
1-650-628-2000
CONTACT CHECK POINT
Worldwide Headquarters5 HaSolelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: [email protected]
U.S. Headquarters800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
CONTACT CHECK POINT
Worldwide Headquarters5 HaSolelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: [email protected]
U.S. Headquarters800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com