SlideShare a Scribd company logo

Check Point sizing security

Group of company MUK
Group of company MUK

Sizing Your Security Gateway

Technology
1 of 36
Sizing Your Security Gateway CPX – Barcelona Solution Center [Protected] For public distribution ©2013 Check Point Software Technologies Ltd.
Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 2
Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 3
Joe Needs a New Security Appliance Required Security Available Appliances Firewall IPS Application Control URL Filtering Firewall: 3 Gbps IPS: 2 Gbps Throughput Needs 350 Mbps Firewall: 25 Gbps IPS: 12 Gbps 2000 Users Joe has a problem. Which appliance can best match his requirements? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 4
Appliance Sizing Challenges Sizing the right appliance is often a complex task! Match appliance to real-world security requirements Handle current and future capacity needs Effectively compare among appliances [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 5
Customize with Software Blades FW & VPN Software Blades IPS Software Blade Application Control Software Blade Identity Awareness Software Blade Antivirus Software Blade URL Filtering Software Blade Anti-Bot DLP Software Blade Software Blade The Security You Want The Performance You Need [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 6
Balancing Security & Performance Need to protect against a wide spectrum of attacks, in addition to Firewall and VPN What is the impact with multiple Software Blades enabled? What about future growth? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 7
Different Machines Require Different Power Measurements Different Machines Relevant Power Unit Horsepower Volts Router and Switch Security Gateway [Protected] For public distribution Mbps ? ©2013 Check Point Software Technologies Ltd. 8
Different Machines Require Different Power Measurements Different Machines Relevant Power Unit Horsepower Volts Router and Switch Security Gateway [Protected] For public distribution Mbps SecurityPower ©2013 Check Point Software Technologies Ltd. 9
Appliance SecurityPower Values 21000 3551* SPU 12000 14,600 SPU 3300* SPU 4000 2900* SPU 61000 2000 * With Security Acceleration Module 1861 SPU 114 SPU 114 SPU 2200 4200 374 SPU 4400 623 SPU 4800 738 SPU 1046 SPU 12200 12400 12600 21400 21600 21700 [Protected] For public distribution 61000 ©2013 Check Point Software Technologies Ltd. 10
Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 11
Security Power Utilization  Yesterday’s Performance metrics – sterile – FW throughput – RFC – large packets  2012-2013 – Threats call for a more realistic approach!  Need to measure Security Performance when actually implementing Multi-Layer Security engines  Introducing Check Point Security Power Utilization…  Evolving traffic blend… Real World, Web, Video, Social Media, Mail, SSL [Protected] For public distribution Firewall Firewall + IPS Firewall + AV Firewall + IPS + AV ©2013 Check Point Software Technologies Ltd. 12
Sizing-Up the Right Appliance for You Helping You Select the Right Appliance to Meet Your Security and Performance Requirements Required SecurityPower: 1308 SPU Room for Growth [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 13
Plan for the Future Optimal Zone Recommended! Customer Requirements Extensive Room for Growth Peak Resource Consumption (Not Recommended) Room for Growth Additional Blades and Throughput until 70% Utilization For optimal results, use up to 50% of the appliance’s SecurityPower capacity [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 14
SPU – Real Performance Traffic Live Demo Sizing Appliances usercenter.checkpoint.com [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 15
SPU – Real Performance Traffic Live Demo How did we get to the appliance SPU? Visit CPX Performance Lab [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 16
How to Size Appliances?  Understand customer Security and Performance requirements – Current vs. Future – 3 up to 5 years – Deployment type, interfaces, cluster, etc.  Use “cpsizeme” – accurate method of collecting data  Use Appliance sizing tool – Consider future growth [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 17
SPU – Real Performance Traffic Under the hood…. [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 18
Measuring Appliance SecurityPower SecurityPower Integrates Multiple Performance Measurements Based On: Real-World Traffic Multiple Security Functions Typical Security Policy [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 19
SecurityPower ‒ Traffic Blend Measuring Real-World Traffic Blend The Old Way UDP large packets ‒ RFC Real-World Traffic Blend* 10% 9% 13% 68% HTTP SMTP HTTPS Other *Based on customer research conducted by Check Point performance labs [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 20
SecurityPower ‒ Software Blades SecurityPower Measures Performance Under Advanced Security Functions The Old Way FW & VPN Software Blades Application IPS Control Software Blade Software Blade Identity Awareness Software Blade Antivirus & Anti-Malware Software Blade URL Filtering Software Blade DLP Software Blade Firewall only Any-Any-Accept SecurityPower Security Appliance [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 21
SecurityPower ‒ Security Policy Applying a True Security Policy Policy with 100 Rules! The Old Way One rule: Allow all traffic Rule Protocol Action #1 POP3 Accept #2 FTP Accept #3 ICMP Drop # 98 HTTP Accept #99 SMTP Accept #100 ANY Drop [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 22
SecurityPower ‒ Security Policy Applying a True Security Policy The Old Way     No Logging No NAT No IPS No signatures Log All Connections Network Address Translation IPS Recommended Protection Up-to-Date Signature Databases [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 23
Advanced Clusters, Packet Sizes, Amount of Interfaces, Management [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 24
Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 26
Customer Story cpsizeme [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 27
Doctor – I Am Not Feeling Well!!!!  How are you feeling today?  What is the problem?........  Prognosis – Diagnosis?  Tools often used…. [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 28
Introducing Performance Utility Performance Utility Customer Requirements Collect real performance Recommended Appliance data from existing appliance over 24 hours Appliance Selection Tool  Collect customer requirements  Translate Performance Utility output to  Translate requirements to SecurityPower Customer Requirements  Suggest the right appliance for the job [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 29
Introducing Performance Utility XYZ Cloud Based Analysis  Evaluate Security Gateway Performance  View Multi-Security Functions Impact  Capacity Planning  Performance Impact – Minimal [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 30
Case Study #1 Customer Requirements       From Appliance Selection Tool Secure Perimeter FW, VPN, IPS. MAB, URLF, APP 1000 Users / 100 remote users ISP Pipe: 300Mbps Total Throughput: 800 Mbps Required SPU: 433 SPU Customer’s Choice  Customer selected 4800 (~38% utilization estimation)  Customer has room for future growth: ‒ Add Antivirus Software Blade or ‒ 85% traffic growth [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 31
Case Study #1 300Mbps “Effective” Max Throughput (600 Mbps) Exceptional throughput peak – low impact on CPU [Protected] For public distribution (48%) “Effective” Max Kernel CPU ©2013 Check Point Software Technologies Ltd. 32
Two Facts to Know About the Sizing Tool We used the Performance Utility to Measure the Performance on 95 Appliances in Different Customers’ Product Environments The Appliance Selection Tool Predicted the CPU Utilization in 82% of the Cases* *Accepted variation was [Protected] For public distribution 15 points ©2013 Check Point Software Technologies Ltd. 33
Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 34
Field Feedback  Reliable and trusted tool  Partners say… – The report is great.. Very helpful. – “None of the other vendors have anything like this” – Can’t wait till we get the cpsizeme report – Availability? ‒ ”We want direct access!”  Next steps… – IP series – Virtual Systems, HTTP Encryption – QoS – Traffic blend, packet size [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 37
SecurityPower The New Way to Measure the Real Power of Security Appliances Performance on Real-World Traffic and Advanced Security Functions Enables Planning and Maximization of Security [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 38
Thank You! [Protected] For public distribution ©2013 Check Point Software Technologies Ltd.

Recommended

Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
Simplificando la seguridad en entornos de nube híbridos con el Security Fabri...
Simplificando la seguridad en entornos de nube híbridos con el Security Fabri...Simplificando la seguridad en entornos de nube híbridos con el Security Fabri...
Simplificando la seguridad en entornos de nube híbridos con el Security Fabri...Cristian Garcia G.
 
Mobile device management presentation
Mobile device management presentationMobile device management presentation
Mobile device management presentationratneshsinghparihar
 
What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?QOS Networks
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Performing a Security Assessment of the Cloud using the Risk Management Frame...
Performing a Security Assessment of the Cloud using the Risk Management Frame...Performing a Security Assessment of the Cloud using the Risk Management Frame...
Performing a Security Assessment of the Cloud using the Risk Management Frame...Amazon Web Services
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 

Recommended

Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
Simplificando la seguridad en entornos de nube híbridos con el Security Fabri...
Simplificando la seguridad en entornos de nube híbridos con el Security Fabri...Simplificando la seguridad en entornos de nube híbridos con el Security Fabri...
Simplificando la seguridad en entornos de nube híbridos con el Security Fabri...Cristian Garcia G.
 
Mobile device management presentation
Mobile device management presentationMobile device management presentation
Mobile device management presentationratneshsinghparihar
 
What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?QOS Networks
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Performing a Security Assessment of the Cloud using the Risk Management Frame...
Performing a Security Assessment of the Cloud using the Risk Management Frame...Performing a Security Assessment of the Cloud using the Risk Management Frame...
Performing a Security Assessment of the Cloud using the Risk Management Frame...Amazon Web Services
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security BrochureJoseph DeFever
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Citrix group policy troubleshooting for xen app and xendesktop
Citrix group policy troubleshooting for xen app and xendesktopCitrix group policy troubleshooting for xen app and xendesktop
Citrix group policy troubleshooting for xen app and xendesktopsolarisyougood
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
CYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxCYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxWeyai1
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
SD-WAN 2.0: Building a Better SD-WAN
SD-WAN 2.0: Building a Better SD-WANSD-WAN 2.0: Building a Better SD-WAN
SD-WAN 2.0: Building a Better SD-WANADVA
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
The Akamai Security Portfolio
The Akamai Security PortfolioThe Akamai Security Portfolio
The Akamai Security PortfolioElisabeth Bitsch-Christensen
 
Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityJasonTrinhNguyenTruo
 
Awareness of Sim Swap Attack
Awareness of Sim Swap AttackAwareness of Sim Swap Attack
Awareness of Sim Swap Attackijtsrd
 
Mian
MianMian
MianDom Mike
 
IoT
IoTIoT
IoTMphasis
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNamrata Raiyani
 
Security awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostSecurity awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostInfosec
 
Software Defined WAN – SD-WAN
Software Defined WAN – SD-WANSoftware Defined WAN – SD-WAN
Software Defined WAN – SD-WANMarketingArrowECS_CZ
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Check Point Virtual Systems
Check Point Virtual SystemsCheck Point Virtual Systems
Check Point Virtual SystemsGroup of company MUK
 
checkpoint
checkpointcheckpoint
checkpointMayank Dhingra
 

More Related Content

What's hot

Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security BrochureJoseph DeFever
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Citrix group policy troubleshooting for xen app and xendesktop
Citrix group policy troubleshooting for xen app and xendesktopCitrix group policy troubleshooting for xen app and xendesktop
Citrix group policy troubleshooting for xen app and xendesktopsolarisyougood
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
CYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxCYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxWeyai1
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
SD-WAN 2.0: Building a Better SD-WAN
SD-WAN 2.0: Building a Better SD-WANSD-WAN 2.0: Building a Better SD-WAN
SD-WAN 2.0: Building a Better SD-WANADVA
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)Gaurav Dalvi
 
Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityJasonTrinhNguyenTruo
 
Awareness of Sim Swap Attack
Awareness of Sim Swap AttackAwareness of Sim Swap Attack
Awareness of Sim Swap Attackijtsrd
 
Security awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostSecurity awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostInfosec
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 

What's hot (20)

Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security Brochure
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
Citrix group policy troubleshooting for xen app and xendesktop
Citrix group policy troubleshooting for xen app and xendesktopCitrix group policy troubleshooting for xen app and xendesktop
Citrix group policy troubleshooting for xen app and xendesktop
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
CYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptxCYBERSECURITY WEYAI.pptx
CYBERSECURITY WEYAI.pptx
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
SD-WAN 2.0: Building a Better SD-WAN
SD-WAN 2.0: Building a Better SD-WANSD-WAN 2.0: Building a Better SD-WAN
SD-WAN 2.0: Building a Better SD-WAN
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
The Akamai Security Portfolio
The Akamai Security PortfolioThe Akamai Security Portfolio
The Akamai Security Portfolio
 
Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber security
 
Awareness of Sim Swap Attack
Awareness of Sim Swap AttackAwareness of Sim Swap Attack
Awareness of Sim Swap Attack
 
Mian
MianMian
Mian
 
IoT
IoTIoT
IoT
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Security awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter mostSecurity awareness training - 4 topics that matter most
Security awareness training - 4 topics that matter most
 
Software Defined WAN – SD-WAN
Software Defined WAN – SD-WANSoftware Defined WAN – SD-WAN
Software Defined WAN – SD-WAN
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 

Viewers also liked

Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014David Berkelmans
 
Check Point: From Branch to Data Center
Check Point: From Branch to Data CenterCheck Point: From Branch to Data Center
Check Point: From Branch to Data CenterGroup of company MUK
 
Ayulgui baidliin buteegdehunud Checkpoint Worldwide #1 Security products
Ayulgui baidliin buteegdehunud Checkpoint Worldwide #1 Security productsAyulgui baidliin buteegdehunud Checkpoint Worldwide #1 Security products
Ayulgui baidliin buteegdehunud Checkpoint Worldwide #1 Security productsVertexMon VertexMon
 
Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70symple9
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security DeploymentCisco Canada
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Cisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in ShortCisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in ShortPriyank Sharma
 
When vendors post false claims (alternative facts)
When vendors post false claims (alternative facts)When vendors post false claims (alternative facts)
When vendors post false claims (alternative facts)Dan Colwell
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationKaveh Khosravi
 
Cp r75 firewall_admin_guide
Cp r75 firewall_admin_guideCp r75 firewall_admin_guide
Cp r75 firewall_admin_guideAnh Thảo
 
Fundamentos de Banco de Dados Relacionais
Fundamentos de Banco de Dados RelacionaisFundamentos de Banco de Dados Relacionais
Fundamentos de Banco de Dados RelacionaisÁlvaro Farias Pinheiro
 
Overview of Linux
Overview of LinuxOverview of Linux
Overview of LinuxThang Man
 
Firewall fundamentals
Firewall fundamentalsFirewall fundamentals
Firewall fundamentalsThang Man
 

Viewers also liked (20)

Check Point Virtual Systems
Check Point Virtual SystemsCheck Point Virtual Systems
Check Point Virtual Systems
 
checkpoint
checkpointcheckpoint
checkpoint
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014
 
Check Point designing a security
Check Point designing a securityCheck Point designing a security
Check Point designing a security
 
Checkpoint r77
Checkpoint r77Checkpoint r77
Checkpoint r77
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
 
Check Point: From Branch to Data Center
Check Point: From Branch to Data CenterCheck Point: From Branch to Data Center
Check Point: From Branch to Data Center
 
Ayulgui baidliin buteegdehunud Checkpoint Worldwide #1 Security products
Ayulgui baidliin buteegdehunud Checkpoint Worldwide #1 Security productsAyulgui baidliin buteegdehunud Checkpoint Worldwide #1 Security products
Ayulgui baidliin buteegdehunud Checkpoint Worldwide #1 Security products
 
Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security Deployment
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Cisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in ShortCisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in Short
 
When vendors post false claims (alternative facts)
When vendors post false claims (alternative facts)When vendors post false claims (alternative facts)
When vendors post false claims (alternative facts)
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetation
 
Cp r75 firewall_admin_guide
Cp r75 firewall_admin_guideCp r75 firewall_admin_guide
Cp r75 firewall_admin_guide
 
Postgre sql +python
Postgre sql +pythonPostgre sql +python
Postgre sql +python
 
Fundamentos de Banco de Dados Relacionais
Fundamentos de Banco de Dados RelacionaisFundamentos de Banco de Dados Relacionais
Fundamentos de Banco de Dados Relacionais
 
Overview of Linux
Overview of LinuxOverview of Linux
Overview of Linux
 
Firewall fundamentals
Firewall fundamentalsFirewall fundamentals
Firewall fundamentals
 

Similar to Check Point sizing security

ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2Nguyen Binh
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution TaarakMohit8780
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Unlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsUnlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsconfluent
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonDigital Catapult
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin RodillasTI Safe
 
Enabling the-Connected-Car-Java
Enabling the-Connected-Car-JavaEnabling the-Connected-Car-Java
Enabling the-Connected-Car-Javaterrencebarr
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceIBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceSimon Baker
 
Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Md Yousup Faruqu
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall PresentationManoj Kumar Mishra
 
Ccnsp trainer presentation
Ccnsp trainer presentationCcnsp trainer presentation
Ccnsp trainer presentationSoap MacTavish
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 

Similar to Check Point sizing security (20)

ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint Overview
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution Taarak
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
Presentacion Palo Alto Networks
Presentacion Palo Alto NetworksPresentacion Palo Alto Networks
Presentacion Palo Alto Networks
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 
Unlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insightsUnlocking the Power of IoT: A comprehensive approach to real-time insights
Unlocking the Power of IoT: A comprehensive approach to real-time insights
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
 
[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas[CLASS 2014] Palestra Técnica - Delfin Rodillas
[CLASS 2014] Palestra Técnica - Delfin Rodillas
 
Enabling the-Connected-Car-Java
Enabling the-Connected-Car-JavaEnabling the-Connected-Car-Java
Enabling the-Connected-Car-Java
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceIBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix Marketplace
 
2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a2019 10-app gate sdp 101 09a
2019 10-app gate sdp 101 09a
 
Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD]
 
Cyberoam Firewall Presentation
Cyberoam Firewall PresentationCyberoam Firewall Presentation
Cyberoam Firewall Presentation
 
Ccnsp trainer presentation
Ccnsp trainer presentationCcnsp trainer presentation
Ccnsp trainer presentation
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 

More from Group of company MUK

Взаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical SupportВзаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical SupportGroup of company MUK
 
CheckPoint: Anatomy of an evolving bot
CheckPoint: Anatomy of an evolving botCheckPoint: Anatomy of an evolving bot
CheckPoint: Anatomy of an evolving botGroup of company MUK
 
Perfect Foundation for 2013 Security Blueprint
Perfect Foundation for 2013 Security BlueprintPerfect Foundation for 2013 Security Blueprint
Perfect Foundation for 2013 Security BlueprintGroup of company MUK
 
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint Group of company MUK
 
Check Point appliances brochure 2012
Check Point appliances brochure 2012Check Point appliances brochure 2012
Check Point appliances brochure 2012Group of company MUK
 

More from Group of company MUK (16)

Взаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical SupportВзаимодействие с Check Point Technical Support
Взаимодействие с Check Point Technical Support
 
Check Point Products RU
Check Point Products RUCheck Point Products RU
Check Point Products RU
 
Check Point: Securing Web 2.0
Check Point: Securing Web 2.0 Check Point: Securing Web 2.0
Check Point: Securing Web 2.0
 
Check Point SMB Proposition
Check Point SMB PropositionCheck Point SMB Proposition
Check Point SMB Proposition
 
Check Point Mobile Security
Check Point Mobile SecurityCheck Point Mobile Security
Check Point Mobile Security
 
Check Point Ddos protector
Check Point Ddos protectorCheck Point Ddos protector
Check Point Ddos protector
 
Check Point: Compliance Blade
Check Point: Compliance BladeCheck Point: Compliance Blade
Check Point: Compliance Blade
 
CheckPoint: Anatomy of an evolving bot
CheckPoint: Anatomy of an evolving botCheckPoint: Anatomy of an evolving bot
CheckPoint: Anatomy of an evolving bot
 
Check Point Threat emulation 2013
Check Point Threat emulation 2013Check Point Threat emulation 2013
Check Point Threat emulation 2013
 
Perfect Foundation for 2013 Security Blueprint
Perfect Foundation for 2013 Security BlueprintPerfect Foundation for 2013 Security Blueprint
Perfect Foundation for 2013 Security Blueprint
 
Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint Check Point: Defining Your Security blueprint
Check Point: Defining Your Security blueprint
 
Check Point Consolidation
Check Point ConsolidationCheck Point Consolidation
Check Point Consolidation
 
Check Point 2013
Check Point 2013Check Point 2013
Check Point 2013
 
Check Point appliances brochure 2012
Check Point appliances brochure 2012Check Point appliances brochure 2012
Check Point appliances brochure 2012
 
Check Point Report 2013 RU
Check Point Report 2013 RUCheck Point Report 2013 RU
Check Point Report 2013 RU
 
3D Security Report
3D Security Report3D Security Report
3D Security Report
 

Recently uploaded

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Check Point sizing security

  • 1. Sizing Your Security Gateway CPX – Barcelona Solution Center [Protected] For public distribution ©2013 Check Point Software Technologies Ltd.
  • 2. Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 2
  • 3. Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 3
  • 4. Joe Needs a New Security Appliance Required Security Available Appliances Firewall IPS Application Control URL Filtering Firewall: 3 Gbps IPS: 2 Gbps Throughput Needs 350 Mbps Firewall: 25 Gbps IPS: 12 Gbps 2000 Users Joe has a problem. Which appliance can best match his requirements? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 4
  • 5. Appliance Sizing Challenges Sizing the right appliance is often a complex task! Match appliance to real-world security requirements Handle current and future capacity needs Effectively compare among appliances [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 5
  • 6. Customize with Software Blades FW & VPN Software Blades IPS Software Blade Application Control Software Blade Identity Awareness Software Blade Antivirus Software Blade URL Filtering Software Blade Anti-Bot DLP Software Blade Software Blade The Security You Want The Performance You Need [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 6
  • 7. Balancing Security & Performance Need to protect against a wide spectrum of attacks, in addition to Firewall and VPN What is the impact with multiple Software Blades enabled? What about future growth? [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 7
  • 8. Different Machines Require Different Power Measurements Different Machines Relevant Power Unit Horsepower Volts Router and Switch Security Gateway [Protected] For public distribution Mbps ? ©2013 Check Point Software Technologies Ltd. 8
  • 9. Different Machines Require Different Power Measurements Different Machines Relevant Power Unit Horsepower Volts Router and Switch Security Gateway [Protected] For public distribution Mbps SecurityPower ©2013 Check Point Software Technologies Ltd. 9
  • 10. Appliance SecurityPower Values 21000 3551* SPU 12000 14,600 SPU 3300* SPU 4000 2900* SPU 61000 2000 * With Security Acceleration Module 1861 SPU 114 SPU 114 SPU 2200 4200 374 SPU 4400 623 SPU 4800 738 SPU 1046 SPU 12200 12400 12600 21400 21600 21700 [Protected] For public distribution 61000 ©2013 Check Point Software Technologies Ltd. 10
  • 11. Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 11
  • 12. Security Power Utilization  Yesterday’s Performance metrics – sterile – FW throughput – RFC – large packets  2012-2013 – Threats call for a more realistic approach!  Need to measure Security Performance when actually implementing Multi-Layer Security engines  Introducing Check Point Security Power Utilization…  Evolving traffic blend… Real World, Web, Video, Social Media, Mail, SSL [Protected] For public distribution Firewall Firewall + IPS Firewall + AV Firewall + IPS + AV ©2013 Check Point Software Technologies Ltd. 12
  • 13. Sizing-Up the Right Appliance for You Helping You Select the Right Appliance to Meet Your Security and Performance Requirements Required SecurityPower: 1308 SPU Room for Growth [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 13
  • 14. Plan for the Future Optimal Zone Recommended! Customer Requirements Extensive Room for Growth Peak Resource Consumption (Not Recommended) Room for Growth Additional Blades and Throughput until 70% Utilization For optimal results, use up to 50% of the appliance’s SecurityPower capacity [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 14
  • 15. SPU – Real Performance Traffic Live Demo Sizing Appliances usercenter.checkpoint.com [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 15
  • 16. SPU – Real Performance Traffic Live Demo How did we get to the appliance SPU? Visit CPX Performance Lab [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 16
  • 17. How to Size Appliances?  Understand customer Security and Performance requirements – Current vs. Future – 3 up to 5 years – Deployment type, interfaces, cluster, etc.  Use “cpsizeme” – accurate method of collecting data  Use Appliance sizing tool – Consider future growth [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 17
  • 18. SPU – Real Performance Traffic Under the hood…. [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 18
  • 19. Measuring Appliance SecurityPower SecurityPower Integrates Multiple Performance Measurements Based On: Real-World Traffic Multiple Security Functions Typical Security Policy [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 19
  • 20. SecurityPower ‒ Traffic Blend Measuring Real-World Traffic Blend The Old Way UDP large packets ‒ RFC Real-World Traffic Blend* 10% 9% 13% 68% HTTP SMTP HTTPS Other *Based on customer research conducted by Check Point performance labs [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 20
  • 21. SecurityPower ‒ Software Blades SecurityPower Measures Performance Under Advanced Security Functions The Old Way FW & VPN Software Blades Application IPS Control Software Blade Software Blade Identity Awareness Software Blade Antivirus & Anti-Malware Software Blade URL Filtering Software Blade DLP Software Blade Firewall only Any-Any-Accept SecurityPower Security Appliance [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 21
  • 22. SecurityPower ‒ Security Policy Applying a True Security Policy Policy with 100 Rules! The Old Way One rule: Allow all traffic Rule Protocol Action #1 POP3 Accept #2 FTP Accept #3 ICMP Drop # 98 HTTP Accept #99 SMTP Accept #100 ANY Drop [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 22
  • 23. SecurityPower ‒ Security Policy Applying a True Security Policy The Old Way     No Logging No NAT No IPS No signatures Log All Connections Network Address Translation IPS Recommended Protection Up-to-Date Signature Databases [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 23
  • 24. Advanced Clusters, Packet Sizes, Amount of Interfaces, Management [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 24
  • 25. Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 26
  • 26. Customer Story cpsizeme [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 27
  • 27. Doctor – I Am Not Feeling Well!!!!  How are you feeling today?  What is the problem?........  Prognosis – Diagnosis?  Tools often used…. [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 28
  • 28. Introducing Performance Utility Performance Utility Customer Requirements Collect real performance Recommended Appliance data from existing appliance over 24 hours Appliance Selection Tool  Collect customer requirements  Translate Performance Utility output to  Translate requirements to SecurityPower Customer Requirements  Suggest the right appliance for the job [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 29
  • 29. Introducing Performance Utility XYZ Cloud Based Analysis  Evaluate Security Gateway Performance  View Multi-Security Functions Impact  Capacity Planning  Performance Impact – Minimal [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 30
  • 30. Case Study #1 Customer Requirements       From Appliance Selection Tool Secure Perimeter FW, VPN, IPS. MAB, URLF, APP 1000 Users / 100 remote users ISP Pipe: 300Mbps Total Throughput: 800 Mbps Required SPU: 433 SPU Customer’s Choice  Customer selected 4800 (~38% utilization estimation)  Customer has room for future growth: ‒ Add Antivirus Software Blade or ‒ 85% traffic growth [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 31
  • 31. Case Study #1 300Mbps “Effective” Max Throughput (600 Mbps) Exceptional throughput peak – low impact on CPU [Protected] For public distribution (48%) “Effective” Max Kernel CPU ©2013 Check Point Software Technologies Ltd. 32
  • 32. Two Facts to Know About the Sizing Tool We used the Performance Utility to Measure the Performance on 95 Appliances in Different Customers’ Product Environments The Appliance Selection Tool Predicted the CPU Utilization in 82% of the Cases* *Accepted variation was [Protected] For public distribution 15 points ©2013 Check Point Software Technologies Ltd. 33
  • 33. Agenda 1 Security Gateway Sizing Challenges 2 Appliance Selection Tool ‒ SPU 3 Performance Utility 4 Summary [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 34
  • 34. Field Feedback  Reliable and trusted tool  Partners say… – The report is great.. Very helpful. – “None of the other vendors have anything like this” – Can’t wait till we get the cpsizeme report – Availability? ‒ ”We want direct access!”  Next steps… – IP series – Virtual Systems, HTTP Encryption – QoS – Traffic blend, packet size [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 37
  • 35. SecurityPower The New Way to Measure the Real Power of Security Appliances Performance on Real-World Traffic and Advanced Security Functions Enables Planning and Maximization of Security [Protected] For public distribution ©2013 Check Point Software Technologies Ltd. 38
  • 36. Thank You! [Protected] For public distribution ©2013 Check Point Software Technologies Ltd.

Editor's Notes

  1. In order to overcome the challenges we need more security functions and this requires much more power from the appliance
  2. stock-photo-16468646-balancing-stones.jpg
  3. Now, there is a full line of new security appliances delivering integrated security ranging from the small offices all the way up to the large data centers and Telco service provider environments
  4. Add interactive discussion slides