Check Point vSEC for Microsoft Azure Webinar

1©2017 Check Point Software Technologies Ltd.©2017 Check Point Software Technologies Ltd.
Advanced Threat Prevention Security for Public
and Hybrid Clouds
CHECK POINT VSEC: SECURE YOUR AZURE
WORKLOADS
May 4, 2017

2©2017 Check Point Software Technologies Ltd.
Corey Roberts
Director of Cloud Services
Daymark Solutions
Rachel Yehezkel
Technical Evangelist
Microsoft Azure
Krish Subramanian
Product Marketing Manager
Check Point Software Technologies
TODAY’S SPEAKERS

MICROSOFT AZURE OVERVIEW

Openness and flexibility
Data and intelligence
Trust
Application innovation

38Azure regions
NEWLY ANNOUNCED:
France: France Central and France South
Korea: Korea Central and Korea South
DoD East and Central
Achieve global scale, in local regions
Trust

Platform Services
Infrastructure Services
Web
Apps
Mobile
Apps
API
Apps
Notification
Hubs
Hybrid
Cloud
Backup
StorSimple
Azure Site
Recovery
Import/Export
SQL
Database DocumentDB
Redis
Cache
Azure
Search
Storage
Tables
SQL Data
Warehouse
Azure AD
Health Monitoring
AD Privileged
Identity
Management
Operational
Analytics
Cloud
Services
Batch
RemoteApp
Service
Fabric
Visual Studio
Application
Insights
VS Team Services
Domain Services
HDInsight Machine
Learning Stream Analytics
Data
Factory
Event
Hubs
Data Lake
Analytics Service
IoT Hub
Data
Catalog
Security &
Management
Azure Active
Directory
Multi-Factor
Authentication
Automation
Portal
Key Vault
Store/
Marketplace
VM Image Gallery
& VM Depot
Azure AD
B2C
Scheduler
Xamarin
HockeyApp
Power BI
Embedded
SQL Server
Stretch Database
Mobile
Engagement
Functions
Cognitive Services Bot Framework Cortana
Security Center
Container
Service
VM
Scale Sets
Data Lake Store
BizTalk
Services
Service Bus
Logic
Apps
API
Management
Content
Delivery
Network
Media
Services
Media
Analytics

Apps and Data
SaaS
MICROSOFT PROTECTING YOU
Malware Protection Center Cyber Hunting Teams Security Response Center
DeviceInfrastructure
CERTs
PaaS IaaS
Identity
INTELLIGENT SECURITY GRAPH
Cyber Defense
Operations Center
Digital Crimes Unit
Antivirus NetworkIndustry Partners

AZURE AND YOU SHARE RESPONSIBILITY FOR CLOUD
SECURITY
Customers protect
their apps and data in
the cloud
Azure takes care of
protecting the cloud
infrastructure

 Create Virtual Networks
with Subnets and Private
IP addresses
 Configure access control
rules, which can be
applied across Virtual
Networks to thousands
of machines in seconds
 Can bring your own DNS
and can domain join
your VMs
VIRTUAL NETWORKS & SECURITY GROUPS
Customer 2
INTERNET
Isolated Virtual
Networks
Customer 1
Subnet 1 Deployment X Deployment Y
VLAN-to-VLAN
Cloud Access
Layer
RDP Endpoint
(password access)
Client
Subnet 2 Subnet 3
DNS Server
VPN
Microsoft Azure
Corp 1

USER DEFINED ROUTING AND VIRTUAL APPLIANCES

AZURE MARKETPLACE

Visibility &
Control
Deploy &
Detect
Set Policy &
Monitor
Understand
Current
State
Deploy
Integrated
Solutions
Respond &
recover faster
Find
threats that
might go
unnoticed
Continue
learning
 Gain visibility and control
 Integrated security, monitoring,
policy management
 Built in threat detections and
alerts
 Works with broad ecosystem of
industry leading 3rd party security
solutions including:
AZURE SECURITY CENTER

HIPAA /
HITECH Act
Moderate
JAB P-ATO
FIPS 140-2
FERPA
DoD DISA
SRG Level 2
ITAR CJIS
GxP
21 CFR Part 11
IRS 1075Section
508 VPAT
ISO 27001 SOC 1
Type 2
ISO 27018 CSA STAR
Self-Assessment
Singapore
MTCS
UK
G-Cloud
Australia
IRAP/CCSL
FISC
Japan
China
DJCP
New
Zealand
GCIO
China
GB 18030
EU
Model Clauses
ENISA
IAF
Argentina
PDPA
Japan CS
Mark Gold
SP 800-171
China
TRUCS
Spain
ENS
PCI DSS
Level 1
CDSA Shared
Assessments
MPAA
Japan
My
Number
Act
FACT
UK
High
JAB P-ATO
GLBA
DoD DISA
SRG Level 4
MARS-E FFIEC
ISO 27017 SOC 2
Type 2
SOC 3
India
MeitY
Canada
Privacy
Laws
Privacy
Shield
ISO 22301
Germany IT
Grundschutz
workbook
Spain
DPA
CSA STAR
Certification
CSA STAR
Attestation
HITRUST IG Toolkit
UK
Trust
THE MOST TRUSTED AND COMPLIANT CLOUD
GLOBALUSGOVINDUSTRYREGIONAL

UNDERSTANDING CLOUD SECURITY
CHALLENGES
WHY DO WE NEED
ADVANCED SECURITY IN
THE CLOUD?

CLOUD SECURITY REQUIREMENTS
Increasing sophistication of threats & malware
Consistent protections and policy management
Consolidated visibility, logging and reporting
Sacrificing speed and agility for security
Lateral spread of threats

What are your greatest concerns about deploying and managing them?
Loss of control 80%
Data security
Data portability and ownership 73%
Regulatory compliance 62%
Reliability 60%
Source: Morgan Stanley CIO Cloud Survey
SECURITY IS A TOP CONCERN FOR CLOUD
76%

CHALLENGE:
The Cloud is Already Secure, Why Do I Need Additional Security?
Perception:
• Security handled by cloud provider
• Segmentation or isolation = security
Cloud provider secures the cloud infrastructure , not
customer data or apps = SHARED RESPONSIBILITY
Data isolation does not protect against malware or
other threats

AZURE AND YOU SHARE RESPONSIBILITY FOR CLOUD
SECURITY
Customers protect
their apps and data in
the cloud
Azure takes care of
protecting the cloud
infrastructure

SOLUTION:
Advanced Security Protects Customer Assets in the Cloud
Advanced security methods in Public Clouds:
• Prevent threats within Public Clouds
• Comprehensive protections to prevent breaches and data loss
• Security Groups with Advanced Threat Prevention:
• Fine-tuned policies and layered protections (Firewall, IPS,
Anti-Virus, AntiBot, and more)
• Segmentation achieved between VNETS using network
firewall and segments and UDR

CHALLENGE:
Network Security Solutions Don’t Fit in Public Cloud Architectures
Perception:
• Environment is too dynamic
• Rapid adding/removing of VMs, subnets etc.
• Network security solutions single point of failure /
don’t support HA configuration / cannot scale
automatically
• Cloud networks are too opaque with no visibility
or control on network traffic

• Operate in HA mode in cloud
• Within VNET(HA-cluster)
• Across availability-set
• Security policies updated automatically
• Auto-discovery of cloud assets (new VM’s ,
subnets, etc) reflected in automated policy
updates
• Deployed in VMs within VNETs
• Single or multiple NICs
• Private or Public IPs
• UDR’s
• Auto-scales to meet elastic demand
• Integrates with built-in Azure Load Balancer
• Triggered based on threshold from App
insights metrics
SOLUTION:
Network Security FITS in Public Cloud

PROTECTING DATA & APPS IN AZURE
INTRODUCING CHECK POINT VSEC

CHECK POINT VSEC FOR MICROSOFT AZURE
Advanced Threat Prevention Security for Hybrid Clouds
vSEC GATEWAY
• Comprehensive protections
including: Firewall, IPS,
AntiBot, AntiVirus, VPN, DLP
and SandBlast Zero-Day
Protections
• Secure traffic between
applications in the hybrid
cloud
vSEC CONTROLLER
• Automated security with
unified management
• Context-aware policies and logs
leveraging Azure defined
objects
• Consolidated logging and
reporting across private, public
and hybrid clouds

QUICKLY ENABLE VSEC ADVANCED SECURITY IN AZURE
MARKETPLACE
Enable a Check Point vSEC
Gateway in the Azure Cloud1. Selected Desired Protection
Levels2.
Flexible Delivery Models: PAYG or BYOL

SECURITY AS DYNAMIC AS THE CLOUD
• Full Support for Auto-scaling, Load
Balancing , Application Insights, multiple
Regions, and Cloud object discovery
• Rapid and Easy Deployment with Single
Click deployment from Azure
Marketplace
• Automated with ARM Templates and
Azure Security Center, Free Trial and Test
Drive

Reference Architecture
• Auto-discovery of Azure defined
objects
• Leverages Azure objects like VPC’s,
Subnets and Instances in security
policies and logs
• Policies updated in real-time
• Improved visibility and forensics
AZURE CLOUD OBJECT DISCOVERY WITH VSEC

TYPICAL DEPLOYMENT SCENARIOS
Public cloud only – Cloud Native with remote access
• Migration of on-premise data and apps to public cloud
Hybrid Cloud – securely connect on-premise with
cloud with site-to-site VPN
• Distributed Architecture ( Web tier in public cloud and
App and DB tiers on-premise )
• DR architecture with secure backup to public cloud
• Legacy applications isolated in the public cloud
• Branch services delivered from the cloud
• Phased migration , cloud bursting, optimal resource
utilization

Reference Architecture
• Check Point vSEC protects assets in
Azure vNET
• Complete Reference Architecture
• Deployment Scenarios and Demo –
YouTube video
• Clustering for HA
• ExpressRoute for Hybrid Cloud
• Autoscaling and vNET peering
CHECK POINT VSEC FOR AZURE HYBRID CLOUDS

Customer Case Study

• Founded in 2001, Daymark is a 50 employee datacenter technology consulting firm
• Certified Microsoft Gold and Check Point Star partner as well as a long time Check
Point and Azure customer
• Daymark Solutions helps customers by architecting and implementing complex
data center infrastructure, cloud and hybrid solutions, and managed services
• Enable customers to securely utilize cloud platforms with confidence
• Assisted customers impacted by security breaches and malware attacks
WHO ARE WE

BUSINESS AND TECHNICAL CHALLENGES
Business Challenges
• Securely migrate critical services to Azure Cloud to speed up
service delivery and reduce data center footprint
• Enable a mobile workforce without compromising security
• Simplify disaster recovery/ business continuity
• Help customers securely migrate workloads to Azure cloud
Technical Challenges
• Lack of visibility into threats and traffic using Azure networking
• Protect cloud data and workloads against cyber threats,
malware and ransomware
• Single pane of Glass, common security policies, centralized logs

WHY CHECK POINT?
Seamless
integration and
management of Azure
Scalability &
Flexibility
to support additional
users
Industry Leader
in Security

THE SOLUTION – CHECK POINT AND AZURE
Capabilities and Technical Benefits
• Robust and Advanced Security
• Secure Remote Access for branch offices
• High availability with redundancy
• Automation and orchestration
• In depth Forensics and reporting

“ Leveraging Check Point vSEC both on premise and
in Microsoft Azure gave us a 100 percent increase in
visibility into the threats that were impacting our
environment. Check Point was able not only to
prevent threats, but also detect and alert us every
time they occurred.”
THE SOLUTION – CHECK POINT VSEC AND AZURE
Corey Roberts,
Director of Technology, Daymark Solutions

DEPLOYMENT ARCHITECTURE AND IMPLEMENTATION
• Check Point vSEC for Azure for advanced security,
perimeter protection, remote access and hybrid
connectivity
• Check Point 5200 Appliances deployed on-premises
• Check Point Smart-1 Security Management
Appliance for security management across the
hybrid cloud and deployed on-premises
• Azure ExpressRoute, Azure LB, High Availability
Regions, Azure vNET, Azure Compute, Built-in
security controls

NETWORK SECURITY DEPLOYED IN AZURE VNET–
HYBRID CLOUD
Customer Data
CenterAvailability Region 1
Availability Region 2
Load
Balancing
Internet and
SaaS apps
Branches /
Mobile Users
Smart
management
Check Point
46xx
Check Point
42xx
Private
Subnet
Public
Subnet
Private
Subnet
Public
Subnet
Enterprise
servers
Azure

SOLUTION RESULTS
• Rapid and easy deployment, provisioning, automation
and orchestration
• Unified management across multiple cloud
environments
• Consolidated view of on-premise and cloud security from
a single pane of glass
• Advanced and scalable security for cloud apps to support
speed and agility

MORE INFORMATION - RESOURCES
• Check Point vSEC for Azure product page and collateral – Joint Solution Brief
• Check Point vSEC for Azure landing page with webinar recording and White Paper
• Cloud Security Shared Responsibility Whitepaper
• vSEC on Azure MarketPlace
• Check Point Reference Architectures /ARM templates for vSEC
• Customer References – case study and video
• Free Trial promotion – Azure credits
• vSEC for Azure Test Drive and User Guide

SUMMARY: WHY CHECK POINT VSEC FOR AZURE CLOUD?
Unified management for public cloud and hybrid cloud environments
Adaptive security with auto-scaling and auto-provisioning
Flexible deployment and extend security to Azure
Advanced threat prevention for Azure applications

• Krish Subramanian – Product Marketing Manager, Check Point - ksubrama@checkpoint.com
• Rachel Yehezkel - Technical Evangelist, Microsoft Azure -rachelye@microsoft.com
• Corey Roberts - Director of Cloud Services - croberts@daymarksi.com
Q
A

THANK YOU

Check Point vSEC for Microsoft Azure Webinar

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Check Point vSEC for Microsoft Azure Webinar

Similaire à Check Point vSEC for Microsoft Azure Webinar (20)

Dernier

Dernier (20)

Check Point vSEC for Microsoft Azure Webinar