Pełne bezpieczeństwo sieci i uŝytkowników końcowych. Rozwiązania Check Point klasy UTM i endpoint security Piotr Stępniak Channel Manager
The customer environment Impossible to manage Complicated Complex Too many vendors Identity, Access * Prepared May 2007, Data based on our subjective assessment, Size of bubble represents relative size, Data not accurate, nor conclusive. Management Endpoint security Authorization, Authentication Data security Can such complexity deliver a deliver Network a security high level of security? Security management Threat management 2
Introducing Network & Gateways MANAGEMENT Data & Endpoint totalsecurity from Check Point 3
Check Point 2008 Unified Gateways Most scalable Total security solutions From $300 to 20Gbps All protections, one package one price for 3 years 20 SMB Mid Market Enterprise Integrated Appliances Virtualized Solutions (VSX) 12 7 M8 Throughput (Gbps) 4 2.4 1.2 UTM-1 2050 M2 M6 0.4 UTM-1 1050 UTM-1 450 0.2 UTM-1 Safe@Offi Edge ce Price 4
Check Point 2008 Coming now! Introducing the industry s only single solution for endpoint security Firewall / NAC / program control Anti-virus / anti-spyware Data security Single endpoint security agent Remote access / VPN Replaces multiple vendors with a single, simple solution Lower deployment cost Better security 5
Check Point 2008 Policy definition Deployment Provisioning Monitoring Reporting Compliance Single security management console Network gateways Remote access Endpoint PCs Data security Auditing 6
Check Point Total Security Gateways
Check Point Q12008 Most scalable From $300 to 20Gbps Unified Gateways SMB Mid Market Enterprise Integrated Appliances Virtualized Solutions (VSX) 20 12 7 M8 Throughput (Gbps) 4 2.4 1.2 UTM-1 2050 M2 M6 0.4 UTM-1 1050 UTM-1 450 0.2 UTM-1 Safe@Offi Edge ce Price 8
The Expanded Appliance Line Small Office / Branch SMB / Medium Branch Enterprise Perimeter / Core / Large Branch Power-1 9070 FW Throughput (Gbps) 12 7 4 UTM-1 3070 Power-1 5070 M6 M8 2.4 UTM-1 2050 M2 1.2 UTM-1 570 UTM-1 1050 0.4 0.2 UTM-1 270 UTM-1 Edge X32 UTM-1 450 puresecurity $2.5K $5K $10K $15K $20K $25K $35K $45K $55K List Price9
3 new UTM-1 Total Security appliances New entry level model and increased performance range UTM-1 270 UTM-1 570 UTM-1 3070 Introduces new entry level model under $5,000 Delivers high performance from 400 Mbps to over 4 Gbps Comprehensive security Firewall, VPN, intrusion prevention, antivirus, anti-spyware, Web filtering, Web security, and anti-spam All-inclusive security updates for up to three years Built-in centralized management for multiple sites 10
UTM-1 Appliance Specifications UTM-1 270 UTM-450 UTM-1 570 UTM-1 1050 UTM-1 2050 UTM-1 3070 Software Edition NGX R65 NGX R65 NGX R65 NGX R65 NGX R65 NGX R65 10/100 Ports - - - 4 4-10/100/1000 Ports 4 4 4 4 4 10 Firewall Throughput 400 Mbps 400 Mbps 1.1 Gbps 1.2 Gbps 2.4 Gbps 4.5 Gbps VPN Throughput 100 Mbps 200 Mbps 250 Mbps 220 Mbps 380 Mbps 1.1 Gbps Concurrent Sessions 400,000 700,000 500,000 800,000 1.1 Million 1.1 Million VLANs 256 256 256 256 256 256 Storage Capacity 160 Gbps 80 Gbps 160 Gbps 80 Gbps 80 Gbps 160 Gbps Managed Sites 2 3 3 3 5 5 List Price $4,800 $7,500 $8,500 $13,000 $17,000 $24,000 11
What does Total Security look like? Leader in Firewall Market VoIP SQL IM E-mail P2P HTTP FTP VPN (site-to-site, remote access) Gateway Anti-Virus Intrusion Prevention Web Filtering Anti-Spyware SSL VPN Messaging Security NEW! 12
VPN Communities site2site, client2site VPNs easy management: add/remove GWs, define encryption settings for community, Apply 13
Intrusion Prevention Dedicated protections against network, applications & web servers targeted atacks SmartDefense Profiles allow flexible configurations per GW 14
AntiVirus Support for SMTP, POP3, FTP & HTTP protocols ability to Scan, Pass or Block required file types UTM Edge & regular VPN-1 gateways managed from same console 15
URL Filtering predefined categories On/Off & Monitor mode ability to allow/block IPs 16
Six Dimension, Best-in-class Messaging Security Check Point is the only UTM vendor offering 6 Dimension Protection covering ALL 3 threat categories Messaging Firewall and IPS POP3 SMTP IMAP Anti-Spam/Phishing Protection Pattern-based IP Reputation Anti-Virus Protection Signature-based Zero-Hour Protection 6 dimension protection for superior messaging security Protects against advanced spam (image-based, multi-language and zero-day) Easy to deploy and manage 17
A Closer Look at Simplified Management 1 Choose gateways 2 Enable protections 3 Set desired sensitivity 4 Additional details on protection 18
Open Choice Options Check Point Appliances Single vendor for hardware, software and support Includes Integrated Appliance Solutions custom integration of software and IBM hardware Secured by Check Point Appliances Leverage existing hardware vendor relationship Certified by Check Point for interoperability Check Point Software on Open Servers Standardize on a server vendor Leverage existing infrastructure investment 19
Check Point Endpoint Security Single agent for endpoint security
Introducing: Check Point Endpoint Security Unified Management Single Agent for Endpoint Security Firewall/NAC Program Control Antivirus Anti-spyware Data Security Remote Access 15 years leadership in firewalls Based on awardwinning ZoneAlarm Market-leading Pointsec technology 12 years leadership in remote access VPN Mitigates the broadest range of endpoint risks Unifies all essential components Only solution that includes both data security and remote access 21
Single Agent for Endpoint Security Unified Management Single Agent for Endpoint Security Firewall/NAC Program Control Antivirus Anti-spyware Data Security Remote Access Easy to Deploy and Manage Only comprehensive endpoint security solution: Firewall, NAC & Program Control Antivirus and anti-spyware Data security Remote Access Single installation Single, intuitive interface Small agent footprint Only solution that includes both data security and VPN 22
Industry-leading Firewall Unified Management Single Agent for Endpoint Security Firewall/NAC Program Control Antivirus Anti-spyware Data Security Remote Access 15 years of Firewall Leadership Proactive inbound and outbound protection Blocks unwanted traffic Stealth mode - makes endpoints invisible to hackers Segmentation contains outbreaks and enables high granularity network access control 23
Enhanced Program Control Unified Management Single Agent for Endpoint Security Firewall/NAC Program Control Antivirus Anti-spyware Data Security Remote Access Program Advisor Service Automatically enforces program permissions Immediately terminates known malicious programs Ensures only legitimate and approved programs run on PCs How do we do it? Known good application authenticity service Known bad malware identification Hundreds of thousands or applications in Program Advisor database Based on real-time data from millions of endpoints 24
Network Access Control Ensure Endpoint Policy Compliance Firewall/NAC Program Control Unified Management Single Agent for Endpoint Security Antivirus Anti-spyware Data Security Remote Access Internal and VPN NAC Ensures only safe PCs are allowed to access network Cooperative Enforcement with Check Point and 3 rd party gateways 802.1x support enables NAC in multi-vendor networking environments 25
Antivirus / Anti-spyware Unified Management Single Agent for Endpoint Security Firewall/NAC Program Control Antivirus Anti-spyware Data Security Remote Access Eliminate Viruses and other Malware Award-winning engine delivers the best malware protection Highest detection rates Fast antivirus response 12 hours (compared to 24-48 hours industry average) Hourly signature updates 26
Data Security Unified Management Single Agent for Endpoint Security Firewall/NAC Program Control Antivirus Anti-spyware Data Security Remote Access Protect Data from Loss or Theft Check Point is the most widely deployed solution for protecting valuable data Over 14 million seats deployed Based on Pointsec marketleading technology Full Disk Encryption provides the most complete & comprehensive protection for all data Port Protection Keeps data safe by controlling activity on ports and devices Media Encryption encrypts sensitive data transferred via portable media devices such as USB flash drives 27
Check Point Data Security Solutions Check PointMobile Check PointMobile Palm OS Symbian OS Check PointMobile Smartphone Endpoint Security Media Encryption Check PointMobile Pocket PC Media Encryption Endpoint Security Media Encryption Port Management Endpoint Security Full Disk Encryption Windows Endpoint Security Full Disk Encryption Linux 28
Remote Access Unified Management Single Agent for Endpoint Security Firewall/NAC Program Control Antivirus Anti-spyware Data Security Remote Access Ensure Confidential Remote Communications Secure remote VPN access through VPN-1 gateways Only endpoint security solution that includes unified remote access Applies full security policies to the VPN traffic Multiple VPN entry points provides high availability and flexible access 29
Summary Single Agent Single Console for Simplified Execution Powerful Security for Confident Protection Available in 4 options: SecureAccess, Full Disk Encryption, Media Encryption & Total Security 30
Questions? 31