Contenu connexe Similaire à Check Point75 Makes3 D Security A Reality Q22011 Similaire à Check Point75 Makes3 D Security A Reality Q22011 (20) Check Point75 Makes3 D Security A Reality Q220111. Check Point R75 makes
3D Security a reality
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone
2. Boundaries Are Disappearing
Users Have Different
Use Different Devices
WorkShare Anywhere
Use from Data
Internet Tools
Needs
Boundaries
are disappearing
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 2
2
3. On Complexity and Point-product Sprawl
Your world:
IPS IPS Firewall
And don’t forget
Top network
URLURL VPN
security
endpoint—nearly Filtering
Filtering VPN
technologies and
doubling the
point products
number of point
products…
deployed
NAC
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 3
3
4. New environment, new challenges
To secure this new environment,
IT needs to do more
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 4
4
5. VNISA Survey 2010
Vietnam ranked fifth among 10 countries at higher risk of
having its info security breached in 2010
The 2010 survey shows
Discovered network security attacks 33%
Unaware their network under attacks 29%
Do not understand the motivation behind the attacks 22%
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 5
5
6. Avatar 3D
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 6
6
7. Introducing 4 New Software Blades
R75 Network Security Suite
CHECK POINT R75 MAKES 3D SECURITY A REALITY BY
COMBINING POLICIES, PEOPLE AND ENFORCEMENT
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 7
7
8. Who is in my network?
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 8
8
9. Typical Network Access
Managed Data Center
Assets
HR Server
Corporate
Network
Corporate
Finance Server
Contractor Laptop
Data Center
Firewall
Guest
AD /Directory
PDA / SmartPhones
Perimeter
Firewall
Internet
Web Server Pool
DMZ
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 9
9
10. Typical Network Access
Challenges
Managed Data Center
Assets
IP: 10.122.115.8 HR Server
Corporate User: ???????
Network Machine: ??????
Corporate
Finance Server
Contractor Laptop
Data Center
Firewall
IP: 192.168.0.99
Guest Guest Name:?????
AD /Directory
PDA / SmartPhones
Perimeter
Firewall
IP: 10.222.1.100 Internet
Web Server Pool ???????
User:
DMZ
Application: ???
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 10
10
11. Typical Network Access Challenges
Managed Data Center
IP-Based Firewall Policy
Assets
HR Server
Corporate
Network
Corporate
Finance Server
Contractor Laptop
Data Center
Firewall
Guest
AD /Directory
PDA / SmartPhones
Perimeter
Firewall
►Need to identify users based on their access role
Internet
►Need to differentiate between thousands of applications
Web Server Pool
DMZ
►Need to segment physical and logical layers of networks
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 11
11
12. INTRODUCING ...
CHECK POINT IDENTITY AWARENESS
ACCURATE INTUITIVE FULL
SECURITY MANAGEMENT INTEGRATION
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 12
12
13. Identity Aware Access
Managed Data Center
Assets
IP: 10.122.115.8
HR Server
User: John Morgan /
Corporate Finance_Group
Network
Corporate Machine: John_XP
Finance Server
Contractor Laptop
Data Center
Firewall
IP: 192.168.0.99
Guest
Guest Name: Anna Smith
AD /Directory
PDA / SmartPhones
Identity
Awareness Perimeter
Firewall
+ IP: 10.222.1.100
Web Server Pool Gore /
Application
User: Frank
DMZ Marketing_Group
Internet
Control Application: FaceBook
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 13
13
14. Identity Sources
Captive
Clientless Light Agent
Portal
1 2 3
Flexible options to obtain
Users’ Identity
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 14
14
15. There’s an app for that
File Storage Web mails Monitoring
150
40
300
Social Networks Anonymizers
Including Instant Messaging
Apps & Widgets
40
Virtual Worlds 400
52000 120 Multimedia
VOIP Web Conferencing
100
400 100
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 15
15
16. R75 - The App Control Software Blades
World’s largest
Application Classification Library
Over 4,200 applications
Over 100,000 social-network
widgets
Grouped in over 80 categories
(including Web 2.0, IM, P2P,
Voice & Video, File Share)
appwikicheckpoint.com
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 16
16
17. Increase Security - App Control
- Application Detection and Usage Controls
Application Detection
and Usage Controls
Identify, allow, block or limit usage of
applications at user or group level
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 17
17
18. ©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 18
18
19. Customer Scenario
Customer expectations Results
Allow certain applications 44 apps, 90 users
to certain groups BitTorent, IPTV events
―Very useful to see these events – management wants
Defined policy based
Block P2P
to warn employees, to make them more productive‖
on actual AD group
Limit bandwidth Forwarded the results
―We can block BitTorrent – that’s illegal, we could lose
used by branches to management level
our internet connection.‖
Retail
Belgium
36 Branches
1,500 users
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 19
19
20. Flexible Deployment Options
Check Point DLP
Makes data loss prevention work
New R75
On Existing Gateways DLP-1
or Open Servers
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 20
20
21. People Taking Part in Security
EXPLANATION
RESOLUTION
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 21
21
22. Mobile Access Software Blade
Easy Access to Email and Applications
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 22
22
23. Industry-Leading IPS
CHECK POINT SETS A
NEW STANDARD IN LATEST
NSS GROUP IPS TEST
The Check Point
IPS Software Blade
outperformed nearly every
vendor in overall accuracy
and blocking:
97.3% security
effectiveness
Multi-gigabit rated
throughput of 2.4Gbps
100% anti-evasion
coverage
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 23
23
24. Follow the Security LEADERS …
2010: Enterprise LEADER 2010: UTM LEADER
Leadership via Innovations
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 24
24
25. Check Point Endpoint Ranks Highest in Latest VB100 Reactive and
Proactive (RAP) Malware Detection Test
Oct 2010 – Apr 2011
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 25
25
26. Get Increased Flexibility and Simplicity
Segment your Security Management Environment into
Smaller Virtual Domains
Multi Domains
Perimeter Corporate Internal DMZ Data center
firewalls branches firewalls firewalls firewalls
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 26
26
27. Get Increased Flexibility and Simplicity
Segment your Security Management Environment into
Smaller Virtual Domains
Multi Domains
Perimeter Corporate Internal DMZ Data center
firewalls branches firewalls firewalls firewalls
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 27
27
28. Granular Control of All Security Layers
IPS
Mobile
Granular Visibility
Access
DLP
SmartEvent
Application
Control
Identity
Awareness
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 28
28
29. Independent Researchers’ Comments
Gartner 2009 - Next Generation Firewalls
Security Gateway Features
– Gartner started talking about NGFW in 2005
Identity Awareness
– Security Gateways are NGFW and include:
– Integrated Deep Packet Inspection
Integrated IPS
– Application Intelligence
Integrated DLP
– Extra firewall intelligence
Integrated App Control
– Firewall Policy Management
Smart WorkFlow
Multi-Domain Security Management
Plus more than 30+ software blades
Leaping Performance
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 29
29
30. First NSS Labs recommended Award
Check Point has completed the testing of R75 by NSS
Labs, achieving 100% in firewall, identity awareness and
application control enforcement tests—achieving the
industry's first NSS Labs "Recommend" rating for Next
Generation Firewalls
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 30
30
31. TCP Split Handshake Vulnerability
Forbes.com today:
Check Point the Only Firewall to Pass Latest NSS Test ©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 31
31
32. Check Point 3D Next-Gen Firewall
Application Identity Antivirus &
FW & VPN IPS Control Awareness Anti-Malware URL Filtering DLP
Software Blades Software Blade Software Blade Software Blade Software Blade Software Blade Software Blade
Power-1
SmartEvent Software Blade SmartWorkflow Software Blade
Unified Event Analysis Policy Change Management
Smart-1
CHECK POINT UNIFIED SECURITY MANAGEMENT
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 32
32
33. Questions?
©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 33
33
34. ©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone | 34
34
Notes de l'éditeur It’s a free world – We work from anywhere (and with different devices)Doing different things (our roles and responsibilities differ, and are frequently changing)With different people (inside and outside the organization, sharing data – consultants, contractors)Using different tools (Internet tools)Personal is mixed with businessOur work environment is dynamic – the organization’s boundaries are disappearing:Physical and logical boundaries no longer matter, they’re dissolvingDynamicDiverseFree People Link: http://www.istockphoto.com/stock-photo-4562183-business-team-standing.phpLaptop:http://www.istockphoto.com/stock-illustration-12292351-laptop.php Wurth BeLux Flexible options On exising SPLAT based gateways People Link: http://www.istockphoto.com/stock-photo-4562183-business-team-standing.phpLaptop:http://www.istockphoto.com/stock-illustration-12292351-laptop.php Security management in today’s environment is not easy. Administrators need to manage and handle multiple security GWs Security management in today’s environment is not easy. Administrators need to manage and handle multiple security GWs