Your SlideShare is downloading. ×
Check Point sizing security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Check Point sizing security

1,828
views

Published on

Sizing Your Security Gateway

Sizing Your Security Gateway

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,828
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • In order to overcome the challenges we need more security functions and this requires much more power from the appliance
  • stock-photo-16468646-balancing-stones.jpg
  • Now, there is a full line of new security appliances delivering integrated security ranging from the small offices all the way up to the large data centers and Telco service provider environments
  • Add interactive discussion slides
  • Transcript

    • 1. Sizing Your Security Gateway CPX – Barcelona Solution Center [Protected] For public distribution ©2013 Check Point Software Technologies Ltd.
    • 2. Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 2
    • 3. Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 3
    • 4. Joe Needs a New Security Appliance Required Security Available Appliances Firewall IPS Application Control URL Filtering Firewall: 3 Gbps IPS: 2 Gbps Throughput Needs 350 Mbps Firewall: 25 Gbps IPS: 12 Gbps 2000 Users Joe has a problem. Which appliance can best match his requirements? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 4
    • 5. Appliance Sizing Challenges Sizing the right appliance is often a complex task! Match appliance to real-world security requirements Handle current and future capacity needs Effectively compare among appliances [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 5
    • 6. Customize with Software Blades FW & VPN Software Blades IPS Software Blade Application Control Software Blade Identity Awareness Software Blade Antivirus Software Blade URL Filtering Software Blade Anti-Bot DLP Software Blade Software Blade The Security You Want The Performance You Need [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 6
    • 7. Balancing Security & Performance Need to protect against a wide spectrum of attacks, in addition to Firewall and VPN What is the impact with multiple Software Blades enabled? What about future growth? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 7
    • 8. Different Machines Require Different Power Measurements Different Machines Relevant Power Unit Horsepower Volts Router and Switch Security Gateway [Protected] For public distribution Mbps ? ©2013 Check Point Software Technologies Ltd. 8
    • 9. Different Machines Require Different Power Measurements Different Machines Relevant Power Unit Horsepower Volts Router and Switch Security Gateway [Protected] For public distribution Mbps SecurityPower ©2013 Check Point Software Technologies Ltd. 9
    • 10. Appliance SecurityPower Values 21000 3551* SPU 12000 14,600 SPU 3300* SPU 4000 2900* SPU 61000 2000 * With Security Acceleration Module 1861 SPU 114 SPU 114 SPU 2200 4200 374 SPU 4400 623 SPU 4800 738 SPU 1046 SPU 12200 12400 12600 21400 21600 21700 [Protected] For public distribution 61000 ©2013 Check Point Software Technologies Ltd. 10
    • 11. Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 11
    • 12. Security Power Utilization  Yesterday’s Performance metrics – sterile – FW throughput – RFC – large packets  2012-2013 – Threats call for a more realistic approach!  Need to measure Security Performance when actually implementing Multi-Layer Security engines  Introducing Check Point Security Power Utilization…  Evolving traffic blend… Real World, Web, Video, Social Media, Mail, SSL [Protected] For public distribution Firewall Firewall + IPS Firewall + AV Firewall + IPS + AV ©2013 Check Point Software Technologies Ltd. 12
    • 13. Sizing-Up the Right Appliance for You Helping You Select the Right Appliance to Meet Your Security and Performance Requirements Required SecurityPower: 1308 SPU Room for Growth [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 13
    • 14. Plan for the Future Optimal Zone Recommended! Customer Requirements Extensive Room for Growth Peak Resource Consumption (Not Recommended) Room for Growth Additional Blades and Throughput until 70% Utilization For optimal results, use up to 50% of the appliance’s SecurityPower capacity [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 14
    • 15. SPU – Real Performance Traffic Live Demo Sizing Appliances usercenter.checkpoint.com [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 15
    • 16. SPU – Real Performance Traffic Live Demo How did we get to the appliance SPU? Visit CPX Performance Lab [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 16
    • 17. How to Size Appliances?  Understand customer Security and Performance requirements – Current vs. Future – 3 up to 5 years – Deployment type, interfaces, cluster, etc.  Use “cpsizeme” – accurate method of collecting data  Use Appliance sizing tool – Consider future growth [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 17
    • 18. SPU – Real Performance Traffic Under the hood…. [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 18
    • 19. Measuring Appliance SecurityPower SecurityPower Integrates Multiple Performance Measurements Based On: Real-World Traffic Multiple Security Functions Typical Security Policy [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 19
    • 20. SecurityPower ‒ Traffic Blend Measuring Real-World Traffic Blend The Old Way UDP large packets ‒ RFC Real-World Traffic Blend* 10% 9% 13% 68% HTTP SMTP HTTPS Other *Based on customer research conducted by Check Point performance labs [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 20
    • 21. SecurityPower ‒ Software Blades SecurityPower Measures Performance Under Advanced Security Functions The Old Way FW & VPN Software Blades Application IPS Control Software Blade Software Blade Identity Awareness Software Blade Antivirus & Anti-Malware Software Blade URL Filtering Software Blade DLP Software Blade Firewall only Any-Any-Accept SecurityPower Security Appliance [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 21
    • 22. SecurityPower ‒ Security Policy Applying a True Security Policy Policy with 100 Rules! The Old Way One rule: Allow all traffic Rule Protocol Action #1 POP3 Accept #2 FTP Accept #3 ICMP Drop # 98 HTTP Accept #99 SMTP Accept #100 ANY Drop [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 22
    • 23. SecurityPower ‒ Security Policy Applying a True Security Policy The Old Way     No Logging No NAT No IPS No signatures Log All Connections Network Address Translation IPS Recommended Protection Up-to-Date Signature Databases [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 23
    • 24. Advanced Clusters, Packet Sizes, Amount of Interfaces, Management [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 24
    • 25. Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 26
    • 26. Customer Story cpsizeme [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 27
    • 27. Doctor – I Am Not Feeling Well!!!!  How are you feeling today?  What is the problem?........  Prognosis – Diagnosis?  Tools often used…. [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 28
    • 28. Introducing Performance Utility Performance Utility Customer Requirements Collect real performance Recommended Appliance data from existing appliance over 24 hours Appliance Selection Tool  Collect customer requirements  Translate Performance Utility output to  Translate requirements to SecurityPower Customer Requirements  Suggest the right appliance for the job [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 29
    • 29. Introducing Performance Utility XYZ Cloud Based Analysis  Evaluate Security Gateway Performance  View Multi-Security Functions Impact  Capacity Planning  Performance Impact – Minimal [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 30
    • 30. Case Study #1 Customer Requirements       From Appliance Selection Tool Secure Perimeter FW, VPN, IPS. MAB, URLF, APP 1000 Users / 100 remote users ISP Pipe: 300Mbps Total Throughput: 800 Mbps Required SPU: 433 SPU Customer’s Choice  Customer selected 4800 (~38% utilization estimation)  Customer has room for future growth: ‒ Add Antivirus Software Blade or ‒ 85% traffic growth [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 31
    • 31. Case Study #1 300Mbps “Effective” Max Throughput (600 Mbps) Exceptional throughput peak – low impact on CPU [Protected] For public distribution (48%) “Effective” Max Kernel CPU ©2013 Check Point Software Technologies Ltd. 32
    • 32. Two Facts to Know About the Sizing Tool We used the Performance Utility to Measure the Performance on 95 Appliances in Different Customers’ Product Environments The Appliance Selection Tool Predicted the CPU Utilization in 82% of the Cases* *Accepted variation was [Protected] For public distribution 15 points ©2013 Check Point Software Technologies Ltd. 33
    • 33. Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 34
    • 34. Field Feedback  Reliable and trusted tool  Partners say… – The report is great.. Very helpful. – “None of the other vendors have anything like this” – Can’t wait till we get the cpsizeme report – Availability? ‒ ”We want direct access!”  Next steps… – IP series – Virtual Systems, HTTP Encryption – QoS – Traffic blend, packet size [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 37
    • 35. SecurityPower The New Way to Measure the Real Power of Security Appliances Performance on Real-World Traffic and Advanced Security Functions Enables Planning and Maximization of Security [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 38
    • 36. Thank You! [Protected] For public distribution ©2013 Check Point Software Technologies Ltd.

    ×