Hosting workloads on AWS provides organizations with agility, speed, efficiency, and reduced costs. Check Point vSEC further enhances this experience by delivering advanced, multi-layered threat prevention security for your AWS workloads, protecting assets and enabling secure connectivity from enterprise networks to your AWS resources. Register for our upcoming webinar to learn how Check Point vSEC on AWS provided customers with an advanced threat prevention solution to enable secure application delivery. Learn how to migrate your applications and workloads to AWS with vSEC’s comprehensive security solution tailored to help protect your cloud environment.
Join us to learn:
• How Check Point vSEC enabled customers to confidently migrate from an on-premises infrastructure to AWS
• How to prevent network attacks and data breaches when hosting workloads in a cloud-based environment
• How Courtagen Life Sciences secured their cloud environment to maintain compliance, reduce IT expenses and leverage the full capabilities of the AWS Cloud
Who should attend:
IT Admins, Security Admins, Cloud Admins, Business Decision Makers, Compliance & governance officers, Line of Business leaders, DevOps engineers & architects
Check Point Software Technologies: Secure Your AWS Workloads
1. Check Point vSEC: Secure Your
AWS Workloads
Nick Matthews • Partner Solutions Architect, AWS
Don Meyer • Head of Product Marketing, Check Point Software Technologies
Brendan McKernan • President and Co-Founder, Courtagen Life Sciences
J. Bendonis • Technology Manager, Rutter Networking Technologies
2. $6.53M 56% 70%
Increase in theft of hard
intellectual property
Of consumers indicated
they’d avoid businesses
following a security breach
Average cost of a
data breach
Your Data and IP are Your Most Valuable Assets
https://www.csid.com/resources/stats/data-breaches/ http://www.pwc.com/gx/en/issues/cyber-
security/information-security-survey.html
https://www.csid.com/resources/stats/data-breaches/
3. In June 2015, IDC released a report which found that most customers
can be more secure in AWS than their on-premises environment. How?
Automating logging
and monitoring
Simplifying
resource access
Making it easy to
encrypt properly
Enforcing strong
authentication
AWS Can Be More Secure Than Your
Existing Environment
4. AWS and You Share Responsibility for Security
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure
Regions
Availability Zones
Edge Locations
Identity &
Access Control
Network
Security
Customer applications & content
You get to
define your
controls ON
the Cloud
AWS takes
care of the
security OF
the Cloud
You
Inventory
& Config
Data
Encryption
5. Constantly Monitored
The AWS infrastructure is protected by extensive network and security
monitoring systems:
Network access is monitored by AWS
security managers daily
AWS CloudTrail lets you monitor
and record all API calls
Amazon Inspector automatically assesses
applications for vulnerabilities
6. Highly Available
The AWS infrastructure footprint protects your data from costly downtime
35 Availability Zones in 13 regions for
multi-synchronous geographic redundancy
Retain control of where your data resides
for compliance with regulatory requirements
Mitigate the risk of DDoS attacks using
services like AutoScaling, Route 53
7. Integrated With Your Existing Resources
AWS enables you to improve your security using many of your existing
tools and practices
Integrate your existing Active Directory
Use dedicated connections as a secure,
low-latency extension of your data center
Provide and manage your own encryption
keys if you choose
9. vSEC for Amazon Web
Services
Advanced Threat Prevention to Secure Workloads in the AWS Cloud
Don Meyer, Head of Product Marketing, Data Center
10. Cloud Security Requirements
Increasing sophistication of
threats and malware
Lateral spread of threats Consistent protections and
policy management
Consolidated visibility, logging,
and reporting
Sacrificing speed and agility
for security
11. Challenge: The Cloud is Already Secure, Why Additional
Security?
Perception:
Security handled by cloud provider
Segmentation or isolation = security
Cloud Provider only secures
infrastructure, not customer data and
apps = Shared Responsibility Model
Data Isolation does NOT protect against
malware or other threats
12. Solution: Advanced Security Protects Customer
Assets in Public Clouds
Advanced security methods in Public Clouds:
Prevent threats within Public Clouds
Comprehensive protections to prevent breaches and data loss
Security Groups with Advanced Threat Prevention:
Fine-tuned policies with layered protections
(Firewall, IPS, Anti-Virus, AntiBot, and more)
Achieved between VPCs using network firewall
and network segments
13. Challenge: Network Security Solutions Don’t Fit in
Public Cloud Architecture
Perception:
Environment is too dynamic
Rapid adding/removing of VMs, subnets, etc.
Network security solutions single point of
failure / don’t support HA configuration /
cannot scale automatically
Cloud networks are too opaque with no
visibility or control on network traffic
14. Solution: Network Security FITS in Public Cloud
Deployed in VMs
within VPCs
Single or multiple NICs
Private or Public IPs
Auto-scales to Meet
Elastic Demand
Integrates with built-in ELB
Triggered based on
CloudWatch threshold
Operate in HA Mode
in Cloud
Within VPC (HA-cluster)
Across availability-set
Security Policies Update
Automatically
Auto-discovery of cloud assets
(new VMs,subnets, etc)
15. Check Point vSEC for AWS
vSEC CONTROLLER
Automated security with
unified management
Context-aware policies and logs
leveraging AWS defined objects
Consolidated logging and reporting
across private, public and hybrid clouds
Comprehensive protections including:
Firewall, IPS, AntiBot, AntiVirus, VPN,
DLP and SandBlast Zero-Day Protections
Secure all traffic between applications
inside the public cloud and across the
hybrid cloud
vSEC GATEWAY
17. Security as Dynamic as the Cloud
Technical Proficiency and proven customer success,
Reduced deployment complexity, seamless integration
Recognizes Check Point’s expertise in IaaS security and
ability to deliver advanced threat preventions to protect
customer data and workloads in AWS cloud making
easy migration
18. Security as Dynamic as the Cloud
Full Support for Auto-scaling, Amazon ELB, Amazon
CloudWatch and multiple Availability Zones
Rapid and Easy Deployment with Single Click deployment
from AWS Marketplace automated with AWS
CloudFormation templates
19. AWS Cloud – Awareness with vSEC
R80 Smart Management with
vSEC controller discovers AWS
cloud objects
Leverages AWS objects like VPC’s,
Subnets and Instances in security
policy and logs
Dynamic and automated policies
updated in real-time
Improved visibility and forensics
20. Typical Deployment Scenarios
Public Cloud only with Remote Access
Migration of on-premises data and apps to public cloud
Hybrid Cloud – securely connect on-premises
with cloud with site-to-site VPN
Distributed Architecture
(Web tier in public cloud and App and DB tiers on-premises)
DR architecture with secure backup to public cloud
Legacy applications isolated in the public cloud
Branch services delivered from the cloud
Phased migration, cloud bursting, optimal resource utilization
21. Auto-Scaling (with HA) Check Point vSEC in AWS
Reference Architecture
Auto-scaling across Availability Zones
ELB distributes traffic across zones
Uses Amazon CloudWatch and IAM
AWS CloudFormation template support
for automated deployment
Complete SK article
23. Who We Are
Molecular information company that deliver better patient care and develop
better targeted therapies
Leader in innovative genetic testing
Employs proprietary bioinformatics
Securely embracing the cloud in Life Sciences Industry
24. 120–320 GB >150 TB <1hr
Total Data stored in the cloud Workload completion timeData uploaded per run
Cloud-scale Computing For Compute Intensive
Workloads in Bioinformatics
25. Business and Technical Challenges
Business Challenges
Maintain internal security requirements and compliance
Maximize business agility and flexibility
Platform that is easy to access and manage
Technical Challenges
Perform compute intensive analysis for dynamic elastic
workloads with high availability
Protects patient data
Supports a Hybrid cloud architecture
26. Why Check Point?
Scalability
to support additional users
Industry Leader
in Security and meets
regulation requirements
Seamless
integration with Amazon
Web Services
27. The Solution – Check Point and AWS
Capabilities and Technical Benefits
Robust and Advanced Security / Secure Remote Access
High availability with redundancy
Full Capabilities of AWS Cloud computing services
28. “Check Point is an ideal partner because their
platform allows us to leverage the cloud to its
fullest capabilities. In addition, it gives us the
security, speed and agility, and savings to
efficiently grow our business
Brendan McKernan,
President and Co-Founder, CourtagenLife Sciences
The Solution – Check Point and AWS
29. Business Benefits and ROI
Business Benefits and ROI
Advanced and scalable security to support speed and
agility of cloud
Supports dynamic workforce and hybrid cloud
Robust security for regulatory compliance and
security regulations
Reduced Costs on IT to 2% of budget from 8-15%
Outsourcing IT allows focus on core competencies and
integrates best-of-breed technologies
31. Who are we
Leading provider of technology solutions
Certified services provider for Check Point and Amazon Web Services
Check Point partner since 2003
Managed Service Provider for Courtagen since 2013
More info at www.rutter-net.com/aws
32. Check Point Case Study: Rutter Networking Technologies
Rutter Networking – Managed Services Providers
Courtagen partnered with Rutter Networking to deploy
and manage the networking, communication and security
capabilities of their AWS Cloud computing deployment
and infrastructure
Rutter Networking and Check Point worked to deliver a
complex and challenging architecture
33. Deployment Architecture and Implementation
Check Point vSEC for AWS for advanced security, perimeter
protection, remote access and hybrid connectivity
Check Point 4000 Appliances deployed on-premises
Check Point Smart-1 Security Management Appliance for
security management across the hybrid cloud and deployed
on-premises
AWS DirectConnect, Amazon ELB, High Availability Zones,
Amazon VPC, Amazon EC2, Built-in security controls
34. Network Security Deployed in AWS VPC – Hybrid Cloud
Customer Data
CenterAvailability Zone 1
Availability Zone 2
Elastic Load
Balancing
Internet and
SaaS apps
Branches /
Mobile Users
Smart
management
Check Point
46xx
Check Point
42xx
Private
Subnet
Public
Subnet
Private
Subnet
Public
Subnet Direct
Connect
Enterprise
servers
Internet and
SaaS apps
Service
Provider
(WAN)
35. Solution Results
Rapid and easy deployment
Unified management across hybrid environment
Comprehensive advanced security capabilities with audit trails
Advanced and scalable security to support speed and agility of cloud
36. Summary
Summary
Solution is Cost-Effective – Secure – Compliant
Solution Delivers value now and in the future
Future Directions
Check Point can help provide guidance for future
technology needs
Cloud-based solution can scale and evolve
37. More Information
Check Point vSEC for AWS product page and collateral – Solution
Brief and Free Trial
Check Point vSEC for AWS landing page – Tech Brief
AWS Advanced Cloud Security Partner – Check Point
AWS Security Competency Partner – Check Point
vSEC in AWS Marketplace
Check Point Reference Architectures for vSEC
AWS Deployment Guide – Rutter
Networking Technologies
38. Questions & Answers
Nick Matthews - Partner Solutions Architect, AWS
Don Meyer - Head of Product Marketing, Check Point Software Technologies
Brendan McKernan - President and Co-Founder, Courtagen Life Sciences
J. Bendonis – Technology Manager, Rutter Networking Technologies