Check Point NGFW

Choosing The Right
Next Generation Firewall

©2013 Check Point Software Technologies Ltd.

1

Agenda

NGFW 101

NGFW ‒ The Check Point Approach

NGFW ‒ Things to Look Out For


2

If you can’t explain it
simply, you don’t understand it
well enough.
Albert Einstein

NGFW 101


3

NGFW First Time Definition by Gartner


4

NGFW Must Haves
According to Gartner

Layer 2
Functionality

Integrated IPS

Stateful
Inspection

Application
Awareness

Identity
Awareness


5

NGFW vs. UTM
 It’s more like Gartner (NGFW)
vs. IDC (UTM)

 Gartner target NGFW as an
Enterprise Network FireWall

 Gartner target UTM as an
SMB Segment FireWall

 IDC which coined UTM refers
to it just the same as NGFW

 Interesting read “Anitian Blog”
“UTM vs. NGFW a single
shade of gray”


6

Which Brings Us to the Question
―Is It All Just Marketing?‖


7

Agenda

NGFW 101

NGFW ‒ The Check Point Approach

NGFW ‒ Things to look out for or Buyer Beware


8

Proven NGFW Leadership:
NSS Labs 2013 NGFW SVM

98.5%

99.0%

100%

NGFW

IPS

Firewall

Management and
Security
Effectiveness

Overall Protection

Management and
Security
Effectiveness

2013 NGFW Group Test

Product Analysis Report

2013 Firewall Group Test

NSS ON Check Point


9

And a Little More…
Best IPS/IDS Product
Reader Trust Award

Leader, Magic Quadrant
Enterprise Network
Firewall

Best Enterprise FW
Reader Trust Award

2010–2013

2004–2013

Firewall Earns
―Recommend‖ Rating
from NSS

2013

NGFW Earns
from NSS

2013

Leader, Magic Quadrant UTM

IPS Earns
from NSS

2013

Network Security
Vendor of the Year

2011


10

This Is the Secret on How to Be #1 NGFW:
3D Security

Policies

 Practical and relevant to daily operations

People

 Different People – Different needs
 Involve & Engage users in the security
process

Enforcement

 Multi-layer controls for strong security


11

Let’s See Some of It in Action


12

Layered Defenses & Software Blades
IPS

Anti-Bot
Antivirus

Network Threat Prevention
Mobile Access
DLP

Sensitive Data
Application
Control
URLF

Identity
Awareness

Internet Applications Usage

Granular Visibility

Mobile
Access

SmartEvent

User Access

13

Video cameras
Armed guards
Vault with 20 ton door
Fortress-like structure
Minefields


14

Check Point Multi-Layer
Product Architecture
Data Leakage Prevention

Antivirus
IPS

Anti-Bot

Anti-Spam

Application Control

URL Filtering

Protocol and Application Decoder
SSL

Stream Reassembly Engine
Identity Awareness
Layer 2–4 Firewall & IPS

IPsec

Multi-Core Packet Queuing and Dispatching

15

Check Point Multi Layered
Threat Prevention


16

Multi Layered Threat Prevention ‒
Firewall

Protect against
unauthorized access

Contain Infections in Network Segments

17

Multi Layered Threat Prevention –
IPS

Stop attacks
exploiting
vulnerabilities
Protect Against Exploit of Vulnerabilities in:
Word, Excel, PDF, Browsers, Operating Systems...

18

Antivirus

Block Malware
Download

Block Malware File Download and
Access to Malware Containing Sites

19

Anti-Bot

Discover and stop
Bot Attacks

Post Infection Solution to
Stop Data Theft and Targeted APT Attacks

20

ThreatCloud™

Global collaboration
to fight new threats

Powering Threat Prevention Software Blades
with Real-time Security Intelligence

21

Introducing Check Point
Threat Emulation

Fight Against
Unknown Threats !

Stop Targeted Zero-day Attacks

22

Summary – Check Point Multi Layered
Threat Prevention


24

Things to Look Out for
When Selecting Your NGFW


25

SECURITY

“for the imagination of man’s heart
is evil from his youth”

26

Questions You Should Ask Yourself
and the Vendor

Security

 Do you scan both Direction of traffic
ALWAYS?

 Do you use caching mechanisms for
detection?

 Do you by default leave all ports open?
 Do you scan only part of the session?
 Do you fail-open by default?

 Can I run both IPS and APP-Ctrl at the
same time?

©2013 Check Point Software Technologies Ltd. 27 27

More is Better: Visibility and Security
Check Point has the largest application database in the industry
and the highest rate of adding new apps
Check Point

Nearest Competitor

Applications

~5000

~2500

Social Network Widgets

244,081

None

Less applications = less visibility and control

28

Shortcuts Can Cost You
Scanning part of IPS session and fail-open enable
gives better Performance, but what about Security?


29

SIP traffic pollutes FW APP Cache allowing all HTTP traffic
Generates multiple
SIP connections to
www.facebook.com

Access to
www.facebook.com

allowed!

SIP connection
is blocked

[Protected] For public distribution

After multiple
SIP connections
system stops inspecting


30

Results of port scan:


31

Security Summary:
Your Security Solution Should be Secure!

Security

 We scan both Direction of traffic ALWAYS
 We use no shortcuts for detection
 it’s a Firewall all ports are closed by default
 We scan all parts of the session
 We fail-close by default
 We can run both IPS and APP-Ctrl
at the same time


32

“God is in the Details”
— Ludwig Mies Van Der Rohe

Management


33

and the Vendor

Management

 Do you have an Event Analysis Solution?
 Are you able to add IPS-exception
from the LOG

 Do you have an efficient way to
troubleshoot a session?

 Do you have Hit Count , expiry…
in the security rules?

 When you make a change does it
commit right away?


34

Check Point SmartLog ‒ Simple Log
Searches
Simple Log Analysis with 360o Visibility

John Smith yesterday

Check Point
SmartLog provides
simple, intuitive
search

Check Point split-second search results provide
instant visibility into billions of log records


35

Check Point Simplified 1-Step
Policy Creation

Check Point Provides 1-Step Policy Creation

36

Complemented by SmartEvent for Overall Security
Analysis and Forensics

SmartEvent
SmartEvent

Translates Security
Information into Action!

Unified view of all security events
Geo-location views and analysis of security events
Historical views with timeline analysis
Correlations and forensics activities
Reports

…and more!

37

“Less is More”
— Ludwig Mies Van Der Rohe

Performance


38

and the Vendor

Performance

 How do you test Performance?
 NAT?
 How many rules?
 What's the traffic blend?
 Logging on or off?
 What's the Packets sizes?
 Any shortcuts?


39

How We Measure Real World
Performance
THE OLD WAY:
Firewall Throughput

 Based on large UDP packets
 Only firewall security
 “Allow all” policy (one rule)

THE NEW WAY:
SecurityPower™

 Based on real-world traffic mix
 Advanced security functions
 Real security policy (many rules)

SecurityPower The New Way To Measure the
Real Power of Security Appliances

40

SecurityPower—Traffic Blend
Measuring Real-World Traffic Blend

The Old Way

UDP large
packets

Real-World Traffic Blend*
10%

9%

13%
68%

HTTP
SMTP
HTTPS
Other

*Based on customer research conducted by Check Point performance labs


41

SecurityPower—Security Policy
Applying a True Security Policy

Policy with 100 Rules!
The Old Way

Protocol

Action

#1
One rule:
Allow all traffic

Rule

POP3

Accept

#2

FTP

Accept

#3

ICMP

Drop

# 98

HTTP

Accept

#99

SMTP

Accept

#100

ANY

Drop

42

Summary Performance
Applying a True Security Policy

The Old Way

 Logging disabled
 Address
translation
disabled
 No IPS protection
 No signatures

Log All Connections

Network Address Translation

IPS Recommended Protection

Up-to-Date Signature Databases

43

Summary
Today the NGFW Technologies Are Widely Tested and
Reviewed by Independent 3rd Parties

and they have spoken: we are the best!!

Security

Your NGFW should be
secure without shortcuts

Management

Your NGFW should have
super easy, intuitive and
scalable management

Performance

Your NGFW should perform well
in a real world traffic without
shortcuts


|

[Restricted] ©2013 for designated groups Technologies Ltd.|
ONLY Check Point Software and individuals

44
44

Check Point NGFW

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (20)

Similar a Check Point NGFW

Similar a Check Point NGFW (20)

Más de Group of company MUK

Más de Group of company MUK (15)

Último

Último (20)

Check Point NGFW

Notas del editor