Janis Gloystein, profile picture
Uploaded byJanis Gloystein
PPTX, PDF336 views

CheckPoint Software

This document discusses consolidating security architectures using Check Point's Infinity platform. It outlines three types of architectures: bad (firewall + IPS), ugly (multi-vendor), and good (single vendor). A case study of a law firm is presented that has multiple locations and uses cloud services. Their challenges include threats, visibility, and compliance. The document recommends moving to an SD-WAN architecture using Check Point to protect cloud services and endpoints from threats in a consolidated manner while meeting compliance and moving to an OPEX model. When architecting security with Infinity, it advises understanding the customer, their risks, and building the right architecture.

Embed presentation

Download to read offline
1©2018 Check Point Software Technologies Ltd.©2018 Check Point Software Technologies Ltd. ARCHITECTING CONSOLIDATED SECURITY WITH INFINITY Noam Green Head of Product Management and Product Marketing, Security Platforms
2©2018 Check Point Software Technologies Ltd. CYBER SECURITY ARCHITECTURE
3©2018 Check Point Software Technologies Ltd. THE GOOD THE BAD AND THE UGLYSECURITY ARCHITECTURES
4©2018 Check Point Software Technologies Ltd. CASE STUDY: 3 COMPANIES, SIMILAR NEEDS MULTIPLE INTERNATIONAL LOCATIONS DATA CENTERS AND CLOUD LAPTOPS AND ENDPOINTS MOBILE BYOD
5©2018 Check Point Software Technologies Ltd. Translating These Needs to Security Lingo KNOWN THREATS UNKNOWN THREATS ROAMING USERS MONITOR & RESPOND
6©2018 Check Point Software Technologies Ltd. Three Types of Architectures The Bad (architecture) – Firewall + IPS (in detect mode) + 3rd party AV endpoint The Ugly (architecture) – Multi vendor, network, endpoint, zero day The Good (architecture) – Single vendor, consolidated, zero-day protection
7©2018 Check Point Software Technologies Ltd. The “Bad” Architecture – Firewall + IPS and AV on Endpoints Wannacry hits. That’s BAD… Malicious Zero Day phishing attack is sent. Bypasses IPS on gateway Endpoint AV cannot identify Zero Day. Endpoints are infected
8©2018 Check Point Software Technologies Ltd. Firewall – Vendor A IPS – Vendor B Application Control – Vendor C Endpoint AV – Vendor D Sandboxing – Vendor E (Detect first, prevent later) Mobile – None (MDM only) SIEM – Vendor F The “Ugly” Architecture - Multi Vendor, Fractioned “Best of Breed” “Divide and Conquer” ?
9©2018 Check Point Software Technologies Ltd. The “Ugly” Architecture - Multi Vendor, Fractioned, Multi Consoles, Tangled Architecture Multi Vector Attack Zero Day email phishing No Signature Sharing Detect first, prevent later (not using SandBlast) Same Zero Day phishing sent to Gmail Endpoint AV misses malware Mobile smishing attack Infected endpoint Signature Update No knowledge of actors Infected mobile Cannot connect the dots
10©2018 Check Point Software Technologies Ltd. The “Good” Architecture – Unified Consolidated Architecture FIRST TIME PREVENT FOR ENTIRE INFRASTRUCTURE WORKING AS ONE PLATFORM, NOT AS SEPARATE PRODUCTS CONSOLIDATED MANAGEMENT – SINGLE PANE OF GLASS
11©2018 Check Point Software Technologies Ltd. THREAT PREVENTION ENDPOINT SECURITY NETWORK SECURITY GATEWAY MOBILE SECURITY VIRTUAL SYSTEMS CLOUD SECURITY MANAGEMENT Indicators of Compromise (IOCs) Combining enforcement points, threat intelligence and management Gen 5 slide
12©2018 Check Point Software Technologies Ltd. Turning Ugly into Good
13©2018 Check Point Software Technologies Ltd. Fast Forward to the Future
14©2018 Check Point Software Technologies Ltd. ARCHITECTING INFINITY UNDERSTAND YOUR CUSTOMER UNDERSTAND THEIR RISKS BUILD THE RIGHT ARCHITECTURE
15©2018 Check Point Software Technologies Ltd. JOINING US LIVE FROM SAN FRNCISCO
16©2018 Check Point Software Technologies Ltd. CASE STUDY – Meet Berry Appelman & Leiden SAN FRANCISCO • A leading global corporate immigration law firm with offices around the world. • HQ in San Francisco • 18 locations worldwide UNDERSTAND YOUR CUSTOMER
17©2018 Check Point Software Technologies Ltd. CASE STUDY – BAL’s IT Infrastructure SAN FRANCISCO • A Check Point Customer for X years • Have been using multiple point solutions • Heavily using cloud: Either SaaS or AWS • Using O365 for corporate email UNDERSTAND YOUR CUSTOMER
18©2018 Check Point Software Technologies Ltd. CASE STUDY – BAL’s Challenges and Risks SAN FRANCISCO UNDERSTAND THEIR RISKS MULTIPLE LOCATIONS MPLS SD-WAN MOVING TO SAAS PHISHING, RANSOMWARE THREAT VISIBILITY OPEX MODEL GDPR
19©2018 Check Point Software Technologies Ltd. CASE STUDY – Building the Right Architecture SAN FRANCISCO • Move towards SD-WAN and location edge protection • Replace all Cisco infrastructure and use clustered 5200 at all sites • Protect against ransomware and zero day phishing in Office365 • Deploy SandBlast with O365 connector • Deploy SandBlast Agent with Anti-Ransomware BUILD THE RIGHT ARCHITECTURE MPLS SD-WAN
20©2018 Check Point Software Technologies Ltd. CASE STUDY – Building the Right Architecture SAN FRANCISCO • GDPR and other privacy regulations BUILD THE RIGHT ARCHITECTURE FULL DISK ENCRYPTION DLP MANAGEMENT AND SMARTEVENT SANDBLAST API CAPSULE DOCS GDPR SSL Inspection
21©2018 Check Point Software Technologies Ltd. CASE STUDY – Building the Right Architecture SAN FRANCISCO • Moving towards an OPEX model BUILD THE RIGHT ARCHITECTURE PRICE PER USER SOFTWARE SUBSCRIPTION 24X7 SUPPORT SECURITY APPLIANCES
22©2018 Check Point Software Technologies Ltd. JOINING US LIVE FROM SAN FRNCISCO
23©2018 Check Point Software Technologies Ltd. • Good architecture rather than bad or ugly • When architecting Infinity, remember: ̶ Understand your customer ̶ Understand their risks ̶ Build the right architecture Summary
24©2018 Check Point Software Technologies Ltd.©2018 Check Point Software Technologies Ltd. THANK YOU Noam Green Head of Product Management and Product Marketing, Security Platforms
25©2018 Check Point Software Technologies Ltd.

More Related Content

PDF
2018 06 Presentation Cloudguard IaaS de Checkpoint
bye-Xpert Solutions SA
 
PDF
The Microsoft Cloud and Server Strategy - Ben Armstrong
byITCamp
 
PPTX
Business Continuity and app Security
byCristian Garcia G.
 
PDF
2018 06 Presentation Cloudguard SaaS de Checkpoint
bye-Xpert Solutions SA
 
PPTX
Day zero of a cloud project Radu Vunvulea ITCamp 2018
byRadu Vunvulea
 
PPTX
HATech DevOps Services general introduction
byHATech LLC
 
PDF
Check Point and Accenture Webinar
byCheck Point Software Technologies
 
PDF
SACON - Devops-container (Richard Bussiere)
byPriyanka Aash
 
2018 06 Presentation Cloudguard IaaS de Checkpoint
bye-Xpert Solutions SA
 
The Microsoft Cloud and Server Strategy - Ben Armstrong
byITCamp
 
Business Continuity and app Security
byCristian Garcia G.
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
bye-Xpert Solutions SA
 
Day zero of a cloud project Radu Vunvulea ITCamp 2018
byRadu Vunvulea
 
HATech DevOps Services general introduction
byHATech LLC
 
Check Point and Accenture Webinar
byCheck Point Software Technologies
 
SACON - Devops-container (Richard Bussiere)
byPriyanka Aash
 

What's hot

PDF
ITCamp 2017 - Florin Coros - Decide between In-Process or Inter-Processes Com...
byITCamp
 
PDF
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
byapidays
 
PDF
SACON - Automating SecOps (Murray Goldschmidt)
byPriyanka Aash
 
PPTX
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
byAccuKnox
 
PPTX
Check Point Corporate Overview 2020 - Detailed
byMoti Sagey מוטי שגיא
 
PPTX
DevSecCon London 2018: How to fit threat modelling into agile development: sl...
byDevSecCon
 
PDF
Sacon Threat Modeling Overview (Abhishek Datta)
byPriyanka Aash
 
PDF
[WSO2Con USA 2018] Integration Is The New App Foundation
byWSO2
 
PDF
SACON - Cloud Security Architecture (Moshe Ferber)
byPriyanka Aash
 
PPTX
DevSecCon London 2018: Is your supply chain your achille's heel
byDevSecCon
 
PDF
Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)
byPriyanka Aash
 
PDF
SACON - Security Architecture (Arnab Chattopadhayay)
byPriyanka Aash
 
PDF
SACON - Enterprise Security Architecture (Bikash Barai)
byPriyanka Aash
 
PPTX
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
byCapgemini
 
PDF
Jose Manrique - OSPO - OSL19
bymarketingsyone
 
DOCX
Narayana
byNarayana Golla
 
PDF
[WSO2Con USA 2018] How to Build an Agile Enterprise
byWSO2
 
PDF
Check Point Infinity powered by R80.10
byMarketingArrowECS_CZ
 
PPTX
DevSecCon London 2018: Whatever happened to attack aware applications?
byDevSecCon
 
PDF
APIdays Paris 2018 - From real-life challenges to industrial IoT solutions, i...
byapidays
 
ITCamp 2017 - Florin Coros - Decide between In-Process or Inter-Processes Com...
byITCamp
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
byapidays
 
SACON - Automating SecOps (Murray Goldschmidt)
byPriyanka Aash
 
Zero Trust Run-time Kubernetes Security made easy with AccuKnox
byAccuKnox
 
Check Point Corporate Overview 2020 - Detailed
byMoti Sagey מוטי שגיא
 
DevSecCon London 2018: How to fit threat modelling into agile development: sl...
byDevSecCon
 
Sacon Threat Modeling Overview (Abhishek Datta)
byPriyanka Aash
 
[WSO2Con USA 2018] Integration Is The New App Foundation
byWSO2
 
SACON - Cloud Security Architecture (Moshe Ferber)
byPriyanka Aash
 
DevSecCon London 2018: Is your supply chain your achille's heel
byDevSecCon
 
Sacon - Fresh Thinking IoT (Arnab Chattopadhayay)
byPriyanka Aash
 
SACON - Security Architecture (Arnab Chattopadhayay)
byPriyanka Aash
 
SACON - Enterprise Security Architecture (Bikash Barai)
byPriyanka Aash
 
CWIN17 Toulouse / Automated security for the real time enterprise-trend micro...
byCapgemini
 
Jose Manrique - OSPO - OSL19
bymarketingsyone
 
Narayana
byNarayana Golla
 
[WSO2Con USA 2018] How to Build an Agile Enterprise
byWSO2
 
Check Point Infinity powered by R80.10
byMarketingArrowECS_CZ
 
DevSecCon London 2018: Whatever happened to attack aware applications?
byDevSecCon
 
APIdays Paris 2018 - From real-life challenges to industrial IoT solutions, i...
byapidays
 

Similar to CheckPoint Software

PPTX
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
byssuser365526
 
PDF
End to End Security - Check Point
byHarry Gunns
 
PDF
SOLUCIONES CHECKPOINT - Redes y Comunicaciones
bypesoan
 
PDF
Ciberseguridad en el mundo de la IA
byCristian Garcia G.
 
PDF
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
byClouditalia Telecomunicazioni
 
PDF
PIONEERING GEN V SECURITY WITH CHECK POINT
byTechnofutur TIC
 
PPTX
INFINITY Presentation
byCristian Garcia G.
 
PPTX
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
byEC-Council
 
PPTX
Check Point Infinity
byAlexander Kravchenko
 
PPTX
CP_CorpOverview_2025-check point 2025.pptx
bygary518500
 
PDF
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
byDigital Transformation EXPO Event Series
 
PDF
CPX 2016 Moti Sagey Security Vendor Landscape
byMoti Sagey מוטי שגיא
 
PDF
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
byMoti Sagey מוטי שגיא
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
PPTX
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
byPrime Infoserv
 
PDF
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
byMarketingArrowECS_CZ
 
PDF
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
byCristian Garcia G.
 
PPTX
Kba talk track 2018
byGreg Wartes, MCP
 
PPTX
stackArmor - Security MicroSummit - McAfee
byGaurav "GP" Pal
 
PDF
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
byAndris Soroka
 
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
byssuser365526
 
End to End Security - Check Point
byHarry Gunns
 
SOLUCIONES CHECKPOINT - Redes y Comunicaciones
bypesoan
 
Ciberseguridad en el mundo de la IA
byCristian Garcia G.
 
Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013
byClouditalia Telecomunicazioni
 
PIONEERING GEN V SECURITY WITH CHECK POINT
byTechnofutur TIC
 
INFINITY Presentation
byCristian Garcia G.
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
byEC-Council
 
Check Point Infinity
byAlexander Kravchenko
 
CP_CorpOverview_2025-check point 2025.pptx
bygary518500
 
Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...
byDigital Transformation EXPO Event Series
 
CPX 2016 Moti Sagey Security Vendor Landscape
byMoti Sagey מוטי שגיא
 
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
byMoti Sagey מוטי שגיא
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
byAndris Soroka
 
Roadmap of Cyber-security from On-Prem to Cloud Journey - Trend Micro
byPrime Infoserv
 
Check Point vSEC - Bezpečnostní řešení pro moderní datová centra
byMarketingArrowECS_CZ
 
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
byCristian Garcia G.
 
Kba talk track 2018
byGreg Wartes, MCP
 
stackArmor - Security MicroSummit - McAfee
byGaurav "GP" Pal
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
byAndris Soroka
 

More from Janis Gloystein

PPTX
Levis
byJanis Gloystein
 
PPTX
Promab
byJanis Gloystein
 
PDF
Altus Equity
byJanis Gloystein
 
PDF
Cisco
byJanis Gloystein
 
PDF
Yahoo
byJanis Gloystein
 
PPT
Portfolia
byJanis Gloystein
 
PDF
Fundtech
byJanis Gloystein
 
PDF
Ascend
byJanis Gloystein
 
Levis
byJanis Gloystein
 
Promab
byJanis Gloystein
 
Altus Equity
byJanis Gloystein
 
Cisco
byJanis Gloystein
 
Yahoo
byJanis Gloystein
 
Portfolia
byJanis Gloystein
 
Fundtech
byJanis Gloystein
 
Ascend
byJanis Gloystein
 

Recently uploaded

PPTX
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
PPTX
Road_Quality_Indicator using deeplearning algorithms and computer vision
byDHARUNPRASHOBMM
 
PDF
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
PDF
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
PPTX
Code Assessment Tools .pptx
byCodexpro
 
PDF
DSD-INT 2025 Hydrological response of the Puget Sound area to a changing clim...
byDeltares
 
PDF
Coding Assessment Tools .pdf
byCodexpro
 
PDF
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
PDF
DSD-INT 2025 Introduction to Hydrology Suite - Slootjes
byDeltares
 
PDF
Kiến trúc hướng dịch vụ UET!!!!!!!!!!!!!!!!!!!!!!!
bydoquangminh962004
 
PPTX
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
PPTX
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
PDF
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
PPTX
1_MIL_Introduction_Influence-of-Media-and-Information-on-Communication (1).pptx
byDeltaDomsMamas1
 
PDF
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
PPTX
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
PDF
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
PDF
Revolutionising-SQL-Data-Modelling-with-SqlDBM.pdf
bySQL DBM
 
PPTX
SNG460-CNG489_Week6_3-7Nov25_Chp6-Part1.pptx
byberayseray382
 
PPTX
Custom chat gpt integration services.pptx
byChetu
 
Computer_Virus_Presentation_With_Slide7.pptx
byHEVISLIVE
 
Road_Quality_Indicator using deeplearning algorithms and computer vision
byDHARUNPRASHOBMM
 
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
Code Assessment Tools .pptx
byCodexpro
 
DSD-INT 2025 Hydrological response of the Puget Sound area to a changing clim...
byDeltares
 
Coding Assessment Tools .pdf
byCodexpro
 
Manual vs Automated Accessibility Testing – What to Choose in 2025.pdf
bykalichargn70th171
 
DSD-INT 2025 Introduction to Hydrology Suite - Slootjes
byDeltares
 
Kiến trúc hướng dịch vụ UET!!!!!!!!!!!!!!!!!!!!!!!
bydoquangminh962004
 
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
Fast-tracking quality for hundreds applications with automated testing layers
byBogdan Plieshka
 
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
1_MIL_Introduction_Influence-of-Media-and-Information-on-Communication (1).pptx
byDeltaDomsMamas1
 
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
DSD-INT 2025 Managing low flows in the International Meuse Basin with Nature-...
byDeltares
 
Revolutionising-SQL-Data-Modelling-with-SqlDBM.pdf
bySQL DBM
 
SNG460-CNG489_Week6_3-7Nov25_Chp6-Part1.pptx
byberayseray382
 
Custom chat gpt integration services.pptx
byChetu
 

CheckPoint Software

  • 1.
    1©2018 Check PointSoftware Technologies Ltd.©2018 Check Point Software Technologies Ltd. ARCHITECTING CONSOLIDATED SECURITY WITH INFINITY Noam Green Head of Product Management and Product Marketing, Security Platforms
  • 2.
    2©2018 Check PointSoftware Technologies Ltd. CYBER SECURITY ARCHITECTURE
  • 3.
    3©2018 Check PointSoftware Technologies Ltd. THE GOOD THE BAD AND THE UGLYSECURITY ARCHITECTURES
  • 4.
    4©2018 Check PointSoftware Technologies Ltd. CASE STUDY: 3 COMPANIES, SIMILAR NEEDS MULTIPLE INTERNATIONAL LOCATIONS DATA CENTERS AND CLOUD LAPTOPS AND ENDPOINTS MOBILE BYOD
  • 5.
    5©2018 Check PointSoftware Technologies Ltd. Translating These Needs to Security Lingo KNOWN THREATS UNKNOWN THREATS ROAMING USERS MONITOR & RESPOND
  • 6.
    6©2018 Check PointSoftware Technologies Ltd. Three Types of Architectures The Bad (architecture) – Firewall + IPS (in detect mode) + 3rd party AV endpoint The Ugly (architecture) – Multi vendor, network, endpoint, zero day The Good (architecture) – Single vendor, consolidated, zero-day protection
  • 7.
    7©2018 Check PointSoftware Technologies Ltd. The “Bad” Architecture – Firewall + IPS and AV on Endpoints Wannacry hits. That’s BAD… Malicious Zero Day phishing attack is sent. Bypasses IPS on gateway Endpoint AV cannot identify Zero Day. Endpoints are infected
  • 8.
    8©2018 Check PointSoftware Technologies Ltd. Firewall – Vendor A IPS – Vendor B Application Control – Vendor C Endpoint AV – Vendor D Sandboxing – Vendor E (Detect first, prevent later) Mobile – None (MDM only) SIEM – Vendor F The “Ugly” Architecture - Multi Vendor, Fractioned “Best of Breed” “Divide and Conquer” ?
  • 9.
    9©2018 Check PointSoftware Technologies Ltd. The “Ugly” Architecture - Multi Vendor, Fractioned, Multi Consoles, Tangled Architecture Multi Vector Attack Zero Day email phishing No Signature Sharing Detect first, prevent later (not using SandBlast) Same Zero Day phishing sent to Gmail Endpoint AV misses malware Mobile smishing attack Infected endpoint Signature Update No knowledge of actors Infected mobile Cannot connect the dots
  • 10.
    10©2018 Check PointSoftware Technologies Ltd. The “Good” Architecture – Unified Consolidated Architecture FIRST TIME PREVENT FOR ENTIRE INFRASTRUCTURE WORKING AS ONE PLATFORM, NOT AS SEPARATE PRODUCTS CONSOLIDATED MANAGEMENT – SINGLE PANE OF GLASS
  • 11.
    11©2018 Check PointSoftware Technologies Ltd. THREAT PREVENTION ENDPOINT SECURITY NETWORK SECURITY GATEWAY MOBILE SECURITY VIRTUAL SYSTEMS CLOUD SECURITY MANAGEMENT Indicators of Compromise (IOCs) Combining enforcement points, threat intelligence and management Gen 5 slide
  • 12.
    12©2018 Check PointSoftware Technologies Ltd. Turning Ugly into Good
  • 13.
    13©2018 Check PointSoftware Technologies Ltd. Fast Forward to the Future
  • 14.
    14©2018 Check PointSoftware Technologies Ltd. ARCHITECTING INFINITY UNDERSTAND YOUR CUSTOMER UNDERSTAND THEIR RISKS BUILD THE RIGHT ARCHITECTURE
  • 15.
    15©2018 Check PointSoftware Technologies Ltd. JOINING US LIVE FROM SAN FRNCISCO
  • 16.
    16©2018 Check PointSoftware Technologies Ltd. CASE STUDY – Meet Berry Appelman & Leiden SAN FRANCISCO • A leading global corporate immigration law firm with offices around the world. • HQ in San Francisco • 18 locations worldwide UNDERSTAND YOUR CUSTOMER
  • 17.
    17©2018 Check PointSoftware Technologies Ltd. CASE STUDY – BAL’s IT Infrastructure SAN FRANCISCO • A Check Point Customer for X years • Have been using multiple point solutions • Heavily using cloud: Either SaaS or AWS • Using O365 for corporate email UNDERSTAND YOUR CUSTOMER
  • 18.
    18©2018 Check PointSoftware Technologies Ltd. CASE STUDY – BAL’s Challenges and Risks SAN FRANCISCO UNDERSTAND THEIR RISKS MULTIPLE LOCATIONS MPLS SD-WAN MOVING TO SAAS PHISHING, RANSOMWARE THREAT VISIBILITY OPEX MODEL GDPR
  • 19.
    19©2018 Check PointSoftware Technologies Ltd. CASE STUDY – Building the Right Architecture SAN FRANCISCO • Move towards SD-WAN and location edge protection • Replace all Cisco infrastructure and use clustered 5200 at all sites • Protect against ransomware and zero day phishing in Office365 • Deploy SandBlast with O365 connector • Deploy SandBlast Agent with Anti-Ransomware BUILD THE RIGHT ARCHITECTURE MPLS SD-WAN
  • 20.
    20©2018 Check PointSoftware Technologies Ltd. CASE STUDY – Building the Right Architecture SAN FRANCISCO • GDPR and other privacy regulations BUILD THE RIGHT ARCHITECTURE FULL DISK ENCRYPTION DLP MANAGEMENT AND SMARTEVENT SANDBLAST API CAPSULE DOCS GDPR SSL Inspection
  • 21.
    21©2018 Check PointSoftware Technologies Ltd. CASE STUDY – Building the Right Architecture SAN FRANCISCO • Moving towards an OPEX model BUILD THE RIGHT ARCHITECTURE PRICE PER USER SOFTWARE SUBSCRIPTION 24X7 SUPPORT SECURITY APPLIANCES
  • 22.
    22©2018 Check PointSoftware Technologies Ltd. JOINING US LIVE FROM SAN FRNCISCO
  • 23.
    23©2018 Check PointSoftware Technologies Ltd. • Good architecture rather than bad or ugly • When architecting Infinity, remember: ̶ Understand your customer ̶ Understand their risks ̶ Build the right architecture Summary
  • 24.
    24©2018 Check PointSoftware Technologies Ltd.©2018 Check Point Software Technologies Ltd. THANK YOU Noam Green Head of Product Management and Product Marketing, Security Platforms
  • 25.
    25©2018 Check PointSoftware Technologies Ltd.

Editor's Notes

  • #3 There are many types of companies, and each is unique. Retail, financial organizations, healthcare, industrial – they all have different business goals, and different risks. There’s one thing they all have in common, though. NONE OF THEM is focused on cyber security. They know they need it, but don’t know what is needed. There are different cyber security architectures and solutions out there, so how do you know what’s the right choice for you?
  • #4 (theme song from the good bad and the ugly) Meet the companies’ architectures. Company A, B and C are all financial organizations. As such, they share the same business and IT goals, and the same risks.
  • #8 Company A has a firewall with IPS from vendor X as well as Endpoint security from vendor Y. With no complete protection across all IT platforms, company A finds itself under attack. A malicious file in the form of CV was uploaded to the company’s recruiting platform which resides in the cloud. The malware quickly spread into the company’s network, stealing thousands of clients’ data.
  • #9 Multi Vector Attack: Zero Day email phishing – 2nd attempt stopped (first endpoint infected) Same Zero Day sent to Gmail – Endpoint misses it (no signature available). Laptop infected Malware attack against Cloud server (FW+IPS) – No zero day protection – Cloud infected Mobile Smishing message – No mobile protection. Mobile infected Monitoring system alerts only on Zero Day. No info on cloud or mobile information
  • #10 But you end up tangled up, and this is what it looks like. This company, too, has recently experienced a breach. Apparently, all the great security they have indeed detected the attack, but it took too long for them to mitigate, that they lost precious data, time and money… That’s what you can expect when having multiple solutions: You need more people to manage an array of different platforms You need each to be an expert, since each platform introduces different complexities You need to financially manage different vendors And you have security gaps, since each platform covers only what it’s supposed to do, leaving areas of vulnerability
  • #11 What does it mean to the customer? Complete and unparalleled protection! – All platforms are interconnected and share threat intelligence. This means threats are blocked before they infiltrate the network, or what’s known as “first time prevention”. – The customer has complete threat prevention for the entire infrastructure, with Check Point’s SandBlast set of technologies. This ensures all assets are completely protected with the same kind of prevention, blocking the most sophisticated attacks before they occur. – There’s a consolidated management. So all platforms are managed centrally with one pane of glass. And it’s not only about ease of management or best visibility. It’s also about reducing overhead, and saving precious time and money securing the business. After all, your focus is on growing your business, and not on securing it.
  • #13 But we’re not in Hollywood, and this it not a movie. So let’s see how a real customer turned their Architecture from Ugly to Good…
  • #14 Shutterstock: Id: 665791
  • #15 Understand your customer Understand their risk Build the right architecture
  • #16 Joining us live from San Francisco Abe Checkoway, Territory Manager Noam: Thanks Abe for joining us from SFO Abe: It’s a pleasure to be here
  • #17 Noam: Can you tell us a bit about one of your latest Infinity sale – Berry Appleman Leiden (let’s call them BAL). Abe: Sure. BAL is a leading global corporate immigration law firm with offices around the world. They are head quartered in San Francisco, and have 18 locations worldwide
  • #18 Noam: What can you tell us about BAL’s IT infrastructure? Abe: Well, BAL has been a Check Point customer for X years, but they were also using multiple point solutions They were moving more and more into the cloud, where all of their corporate applications are either SaaS or run in AWS. They use Office 365 for their corporate mail
  • #19 Noam: What would you say are BAL’s challenges and risks? Abe: BAL has been moving to the cloud and therefore reduced their MPLS needs, but it has in turn created the need for edge protection in each of their locations. The ransomware scare meant they needed better anti-phishing and zero day protection. GDPR and other compliancy regulations meant growing need for DLP. BAL were also missing a centralized threat visibility pane, where they could investigate and manage various incidents and create reports and analysis of their environmentsAnother issue raised was their desire to move to a more OPEX based model – especially for new HW purchases.
  • #20 Noam: So what was the final architecture we recommended BAL to go with? Abe: In order to handle the large number of locations, BAL decided replace all their current Cisco routing infrastructure and use clustered 5200 at all sites. In order to protect their larger cloud environment we suggested to deploy the vSec in AWS and other cloud environments. Protecting Office365 from ransomware and zero-day phishing would be handled by SandBlast O365, and SandBlast agent which includes anti-ransomware protection.
  • #21 Abe: GDPR and other compliancy regulations would require enabling SSL inspection, adding DLP and full Threat Prevention Suite – including Capsule Docs and Full Disk Encryption. SandBlast API will be used to inspect all documents uploaded to their corporate app. Incorporating R80.10 security management and SmartEvent, will enable BAL to get full threat visibility and management of their entire infrastructure using a single pane of glass.
  • #22 Noam: And what about the OPEX model? Abe: This is where it became interesting. We offered BAL a new all-inclusive offering called Infinity Total Protection (or ITP for short). ITP enabled BAL to make use of ALL Check Point has to offer, by paying a simple price per user per year. The great thing about this offering, is that it includes EVERTHING – From software, through renewals, 24x7 support and even the new HW appliances fit in. Having proved that not only can Check Point fulfill their architecture needs but can also provide a simple way to purchase it, made all the difference. BAL is now very happy to share its experience with Check Point Infinity with the world.
  • #23 Noam: Thank you Abe for your help in detailing how your team and you managed to turn an ugly architecture into a good one: Abe: Thank you. Was happy to be here.