software blades

7/27/2019 Software Blades

1/12

Check Point

Software BladeArchitecture


2/12


3/122

TODAYS SECURITY CHALLENGEProtecting enterprises against todays constantly evolving threat

environment has never been more challenging. Inrastructure,

connectivity and perormance requirements keep growing.

New and varied threats are leading to more security vendors,

point products and complexity, while IT teams are under

increasing pressure to reduce costs and complexity, and do morewith existing hardware and resources. The combination o these

challenges has lead to ineective approaches that are increasingly

ineicient, costly and unsustainable.

As a result, organizations and IT teams are looking or a better

solutionone that is more simple, lexible and secures the entire

enterprise. This includes the reedom to add critical protection at

the network or endpoint as needed, without worrying about

perormance, availability or orklit upgrades. It also means the

ability to invest in security only as you need it, without having to

introduce yet another security vendor, endpoint agent, or

point appliance.

CHECK POINT 3D SECURITYCheck Point 3D Security redeines security as a 3-dimensional

business process that combines policies, people and enorce-

ment or stronger protection across all layers o security

including network, data and endpoints. To achieve the level o

protection needed in the 21st century, security needs to grow rom

a collection o disparate technologies to an eective business

process. With 3D Security, organizations can now implement a

blueprint or security that goes beyond technology to ensure the

integrity o all inormation security.

Check Point 3D Security enables organizations to redeine

security by integrating the three dimensions shown in the

graphic below into a business process.

CHECK POINT SOFTWARE BLADEARCHITECTUREAs a key tool in creating true 3D Security, the Check Point

Sotware Blade Architecture allows companies to enorce

security policies while helping to educate users on those policies.

The Sotware Blade architecture is the irst and only security

architecture that delivers total, lexible and manageable securityto companies o any size.

Whats more, as new threats and needs emerge, Check Point

Sotware Blade Architecture quickly and lexibly extends security

services on-demandwithout the addition o new hardware

or management complexity. Solutions are centrally managed

through a single console that reduces complexity and operational

overhead. Multilayered protection is critical today to combat

dynamic threats such as bots, Trojans and Advanced Persistent

Threats (APTs). Firewalls today are more like multi-unction

gateway but not all companies want the same security

everywhere. Companies are looking or lexibility and controlo their security resources.

WHAT IS A SOFTWARE BLADE?A Sotware Blade is a security application or module such as

a irewall, Virtual Private Network (VPN), Intrusion Prevention

System (IPS), or Application Control to name a ew, that is

independent, modular and centrally managed. They allow

organizations to customize a security coniguration that targets

the right mix o protection and investment. Sotware Blades

can be quickly enabled and conigured on any gateway or

management system with a simple click o a mouseno

hardware, irmware or driver upgrades required. And as needsevolve, additional Sotware Blades can be easily activated to

extend security to an existing coniguration on the same

security hardware.

Policies thatsupport business needsand transorm securityinto a business process

Security that involvespeople in policy

denition, education andincident remediation

Enforce, consolidateand control all layers o

securitynetwork, data,application, content and user

Check Point 3D Security


4/123

KEY BENEFITS

n Better Security

A multi-layered solution and consolidated platorm or enterprise security exercises a unique combination o integrated

network and endpoint security, combined with the industrys most comprehensive anti-malware threat protection.

n Simplicity

Easy administration, total lexibility and simple security activation eliminates complexity and makes security easier to

operate and manage.

n ManageabilityOne-click activation enables ast deployment o security services. Centralized Sotware Blade management increases

productivity and eiciency.

n Total Security

A comprehensive library o over thirty Sotware Blades delivers unrivaled security integration to allow the right level o

security at all layers o the network.

n Lower TCO

Delivers better security, hardware extensibility and consolidation, while lowering TCO by up to 50% compared to traditional

multi-vendor solutions.

n Maximize performance

A complete range o perormance options rom 190 Megabits per second up to 1 Terabit per second ready appliances.Allows or provisioning o resources that maximizes service levels.

n Lower carbon footprint

Deliver green IT savings by allowing the consolidation o multiple point solutions into one integrated gateway that reduces

rack space, cooling, cabling and power.

Extend your security solution with a click of a mouse.Easily add new security Software Blades with Check

Points flexible, easy-to-use management console.


5/124

HOW ARE CHECK POINT SOFTWARE BLADES DEPLOYED?

Sotware Blades can be deployed on Check Point appliances and open servers. New Sotware Blades can be easily addedto your existing hardware platorm by simply turning on their unctionality in the Check Point centralized, easy-to-use

management console. No additional hardware, irmware or drivers are necessary. This enables organizations to deploy

security dynamicallyas neededwith lower total cost o deployment.

Check Point Security Gateway SmartDashboard

The Firewall Software Blade is always included

Customize your security to meet your

unique business needs.


6/125

SELECT A GATEWAY SOLUTION THAT CAN GROW WITH YOUR BUSINESSWhether designing a solution or an enterprise headquarters or data center, branch oice, or mid-size business, Check Point Sotware

Blade Architecture provides unmatched coniguration lexibility. The result is a complete gateway or management system conigured

precisely to your speciic business needs.

Check Point AppliancePackages

Containers andPre-Dened Systems

la CarteSotware Blades

Option 1 Option 2 Option 3

Three Options to Build Your Gateway Solution

SIZING YOUR SYSTEMHow do you know what size appliances to run? Check Points SecurityPower is a new benchmark metric that allows customers to

select the right security appliances by their capacity to handle real-world network traic, multiple advanced security Sotware Blades anda typical security policy. SecurityPower helps customers quickly determine which appliances can best meet their network security needs

today, as well as support anticipated uture traic increases and additional security Sotware Blades.

Determine which Sotware Bladesto run on gateway

Input network speed

Select where gateway isplaced (perimeter or LAN)


7/126

FOR ENDPOINT SECURITY

Choose rom six Endpoint Security Sotware Blades to tailor a custom solution:

n Deploy only the endpoint protection you need todayn Add more security easily at any time rom a central management console

FOR SECURITY MANAGEMENT

Security management Sotware Blade containers come predeined and eature:

n Built-in update service that keeps current with the latest sotwaren Integrated backup, restore and upgrade capabilities

SOFTWARE BLADE PRE-DEFINED AND LA CARTE SYSTEMS AND CONTAINERSSotware Blade systems and containers come with all o the necessary services required to run the Check Point Sotware Blade environ-

ment, and eature Check Points easy-to-use administrative interace. There are three varieties o Sotware Blade systems and containers

to order la carte or add-on additional protection to your gateway at any time.

FOR SECURITY GATEWAYS

Security gateway Sotware Blade systems are available as appliance packages, pre-deined security bundles or la carte selection o

security capabilities o your choice, eaturing:

n SecurePlatorma pre-hardened operating system or quick and easy deploymentn CoreXLmulti-core acceleration or deep-packet inspection and maximum perormance

1. Select a container based on thenumber o processor cores inyour appliance

2. Select desired GatewaySotware Blades

3. Create system that is simple,fexible and secure

Steps to Tailor an Integrated Security Gateway

1. Select a container based on thenumber o processor cores inyour appliance or open server

2. Select desired ManagementSotware Blades

3. Start centrally managing yourgateways and endpoints

Steps to Tailor an Integrated Management Solution

1. Select a container based on thenumber o seats

2. Select desired EndpointSotware Blades

3. Deploy Endpoint SotwareBlades centrally

Steps to Tailor an Integrated Endpoint Security Solution

Simplify your security management

with a single view.


8/127

The Check Point Firewall Software Blade builds on the award-winning technology irst oered in Check Points FireWall-1solution to provide the industrys strongest level o gateway security and identity awareness. Check Points irewalls are trusted by100% o the Fortune 100 and deployed by over 170,000 customers, and have demonstrated industry leadership and continuedinnovation since the introduction o FireWall-1 in 1994.

The Check Point IPsec VPN Software Blade provides secure connectivity to corporate networks or remote and mobile users,branch oices and business partners. The Sotware Blade integrates access control, authentication and encryption to guarantee

the security o network connections over the public Internet.

The Check Point Mobile Access Software Blade provides simple and secure remote access to corporate applications over theInternet, via smartphones or PCs. The solution provides enterprise-grade remote access via SSL VPN or simple, sae and securemobile connectivity to email, calendars, contacts and corporate applications.

The Check Point Intrusion Prevention System (IPS) Software Blade combines industry-leading IPS protection withbreakthrough perormance at a lower cost than traditional, stand-alone IPS solutions. The IPS Sotware Blade deliverscomplete and proactive intrusion preventionall with the deployment and management advantages o a uniied and extensiblenext-generation irewall solution.

The Check Point Application Control Software Blade provides the industry's strongest application security and identity controlto organizations o all sizes. It enables IT teams to easily create granular policiesbased on users or groupsto identiy, block orlimit usage o over 240,000 Web 2.0 applications and widgets.

The Check Point Identity Awareness Software Blade provides granular visibility o users, groups and machines, providingunmatched application and access control through the creation o accurate, identity-based policies. Centralized management andmonitoring allows or policies to be managed rom a single, uniied console.

The Check Point DLP Software Blade combines technology and processes to revolutionize Data Loss Prevention (DLP), helpingbusinesses to pre-emptively protect sensitive inormation rom unintentional loss, educating users on proper data handling policiesand empowering them to remediate incidents in real-time.

The Check Point URL Filtering Software Blade integrates with Application Control, allowing uniied enorcement andmanagement o all aspects o Web security. URL Filtering provides optimized Web security through ull integration in the gatewayto prevent bypass through external proxies; integration o policy enorcement with Application Control or ull Web and Web 2.0protection; and UserCheck empowers and educates users on Web usage policy in real time.

The Check Point Anti-Bot Software Blade detects bot-inected machines, prevents bot damages by blocking botC&C communications, and is continually updated rom ThreatCloud, the irst collaborative network to ight cybercrime.

GATEWAY SOFTWARE BLADES

Protect your network from threats with a

multi-layered security approach.


9/128

The enhanced Check Point Antivirus Software Blade stops incoming malicious iles. Using real-time virus signatures andanomaly-based protections rom ThreatCloud, the irst collaborative network to ight cybercrime, the Antivirus Sotware Bladedetects and blocks malware at the gateway beore the user is aected.

The Check Point Anti-Spam and Email Security Software Blade provides comprehensive protection or an organization'smessaging inrastructure. A multidimensional approach protects the email inrastructure, provides highly accurate spam protection,and deends organizations rom a wide variety o virus and malware threats delivered within email. Continual updates assure that allthreats are intercepted beore they spread.

The Check Point Web Security Software Blade provides a set o advanced capabilities that detect and prevent attackslaunched against the Web inrastructure. The Web Security Sotware Blade delivers comprehensive protection when using the Webor business and communication.

The Check Point Advanced Networking and Clustering Software Blade simpliies network security deployment and manage-ment within complex and highly utilized networks, while maximizing network perormance and security in multi-Gbps environments.This blade is a combination o the Check Point Acceleration and Clustering Sotware Blade and the Advanced Networking SotwareBlade, which is ideal or high-end enterprise and datacenter environments where perormance and availability are critical.

The Check Point Acceleration and Clustering Software Blade delivers a set o advanced technologies, SecureXL andClusterXL, that work together to maximize perormance and security in high-perormance environments. These work with CoreXL,which is included with the blade containers, to orm the oundation o the Open Perormance Architecture, which delivers throughputdesigned or data center applications and the high levels o security needed to protect against todays application-level threats.

The Check Point Advanced Networking Software Blade includes a number o advanced networking eatures such as dynamicrouting, multicast support, Quality o Service (QoS) prioritization, ISP redundancy, and application load balancing. These eaturescombine to optimize network and users perormance by, or example, assigning a high priority to business-critical applications andusers. As a result employee productivity remains high and online experiences are positive.

Security Gateway Virtual Edition protects dynamic virtualized environments and external networks, such as private and publicclouds, rom internal and external threats by securing virtual machines and applications. This Sotware Blade is managed by asingle interace or consistent and eicient management.

Voice Over IPThe Check Point security amily enables you to deploy VoIP applications such as telephony or video conerencingwithout introducing new security threats or needing to redesign your network. Because worms and VoIP-speciic Denial o Serviceattacks can take IP phone services down, Check Point delivers an evolving solution that understands and protects against existingand new threats that may disrupt business continuity.

GATEWAY SOFTWARE BLADES (CONTINUED)


10/12

The Check Point Network Policy Management Software Blade provides comprehensive, centralized network security policymanagement or Check Point gateways and Sotware Blades, via SmartDashboarda single, uniied console that provides controlover the most complex security deployments.

The Check Point Endpoint Policy Management Software Blade simpliies endpoint security management by uniying allendpoint security capabilities in a single console. Monitor, manage and enorce policy, rom an at-a-glance dashboard downto user and machine details, all with a ew clicks.

The Check Point SmartEvent Software Blade is a uniied security event management and analysis solution that deliversreal-time, actionable threat management inormation. Administrators can quickly identiy critical security events, stop threatsdirectly rom the event screen, add protections on-the-ly to remediate attacks, all via a single console.

The Check Point Logging & Status Software Blade provides real-time visibility regarding security status and activities

through log tracking and provides a complete visual picture o changes to gateways, tunnels and remote users.

The Check Point SmartWorkflow Software Blade provides a seamless and automated process or policy change managementthat helps administrators reduce errors and enhance compliance. Enorce a ormal process or editing, reviewing, approving andauditing policy changes rom a single console, or one-stop, total policy liecycle management.

The Check Point SmartProvisioning Software Blade provides centralized administration and security provisioning o CheckPoint devices. Using proiles, administrators can automate device coniguration and easily roll out changes to settings to multiple,geographically distributed devices, via a single security management console.

The Check Point Monitoring Software Blade presents a complete picture o network and security perormance, enabling astresponses to changes in traic patterns or security events. The Sotware Blade centrally monitors Check Point devices and alertsto changes to gateways, endpoints, tunnels, remote users and security activities.

The Check Point Management Portal Software Blade allows browser-based security management access to outside groupssuch as support sta or auditors, while maintaining centralized control o policy enorcement. View security policies, the status oall Check Point products and administrator activity as well as edit, create and modiy internal users.

Security Management and Multi-Domain Security Management (Provider-1) delivers more security and control bysegmenting your security management into multiple virtual domains. Businesses o all sizes can easily create virtual domainsbased on geography, business unit or security unction, to strengthen security and simpliy management.

The Check Point User Directory Software Blade leverages LDAP servers to obtain identiication and security inormation aboutnetwork users, eliminating the risks associated with manually maintaining and synchronizing redundant data stores, and enablingcentralized user management throughout the enterprise.

The Check Point SmartReporter Software Blade increases the visibility o security threats by centralizing network securityreporting o network, security and user activity into concise predeined or custom-built reports. Easy report generation andautomatic distribution save time and money and allow organizations to maximize security investments.

MANAGEMENT SOFTWARE BLADES

9


11/12

The Check Point Firewall & Compliance Check Software Blade protects endpoints by controlling inbound and outbound traicand ensuring policy compliance, with centralized management rom a single console. Deinable zones and security levels protectendpoint systems rom unauthorized access. Integrated stealth technology makes endpoints invisible to attackers. This sotwareblade is easily managed by uniied Endpoint Security Management.

The Check Point Full Disk Encryption Software Blade provides automatic security or all inormation on endpoint hard drives,including user data, operating system iles and temporary and erased iles. For maximum data protection, multi-actor pre-bootauthentication ensures user identity, while encryption prevents data loss rom thet.

The Check Point Media Encryption Software Blade provides centrally-enorceable encryption o removable storage media suchas USB lash drives, backup hard drives, CDs and DVDs, or maximum data protection. Port control enables management o allendpoint ports, plus centralized logging o port activity or auditing and compliance.

The Check Point Remote Access VPN Software Blade provides users with secure, seamless access to corporate networks

and resources when traveling or working remotely. Privacy and integrity o sensitive inormation is ensured through multi-actorauthentication, endpoint system compliance scanning and encryption o all transmitted data.

The Check Point Anti-Malware & Program Control Software Blade eiciently detects and removes malware rom endpointswith a single scan. Viruses, spyware, keystroke loggers, Trojans and rootkits are identiied using signatures, behavior blockers andheuristic analysis. Program control allows only approved programs to run on the endpoint. This sotware blade is easily managedby uniied Endpoint Security Management.

The Check Point WebCheck Endpoint Software Blade protects the enterprise against the rising number o web-based threats.Known and unknown web threats, such as drive-by downloads, phishing sites and zero-day attacks, are isolated with browservirtualization technology, while advanced heuristics stop users rom going to dangerous sites. This sotware blade is easilymanaged by uniied Endpoint Security Management.

ENDPOINT SOFTWARE BLADES

10

Centrally managed, comprehensive endpointsecurity with transparent end-user experience.


12/12

20032012 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point 2200, Check Point 4000 Appliances, Check Point 4200, CheckPoint 4600, Check Point 4800, Check Point 12000 Appliances, Check Point 12200, Check Point 12400, Check Point 12600, Check Point 21400, Check Point 6100 Security System, Check Point Anti-Bot Software Blade, Check Point Application Control Software Blade, Check Point Data Loss Prevention, Check Point DLP, Check Point DLP-1, Check Point Endpoint Security, Check Point EndpointSecurity On Demand, the Check Point logo, Check Point Full Disk Encryption, Check Point GO, Check Point Horizon Manager, Check Point Identity Awareness, Check Point IPS, Check Point IPSecVPN, Check Point Media Encryption, Check Point Mobile, Check Point Mobile Access, Check Point NAC, Check Point Network Voyager, Check Point OneCheck, Check Point R75, Check Point SecurityGateway, Check Point Update Service, Check Point WebCheck, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, CooperativeSecurity Alliance, CoreXL, DefenseNet, DynamicID, Endpoint Connect VPN Client, Endpoint Security, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IP Appliances, IPS-1, IPSSoftware Blade, IPSO, R75, Software Blade, IQ Engine, MailSafe, the More, better, Simpler Security logo, Multi-Domain Security Management, MultiSpect, NG, NGX, Open Security Extension, OPSEC,OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management,Power-1, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, Secure Virtual Workspace, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXLTurbocard, Security Management Portal, SecurityPower, Series 80 Appliance, SiteManager-1, Smart-1, SmartCenter, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole,SmartDashboard, SmartDefense, SmartDefense Advisor, SmartEvent, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartProvisioning, SmartReporter, SmartUpdate, SmartView, SmartViewMonitor, SmartView Reporter, SmartView Status, SmartViewTracker, SmartWorkflow, SMP, SMP On-Demand, SocialGuard, SofaWare, Software Blade Architecture, the softwareblades logo, SSLNetwork Extender, Stateful Clustering, Total Security, the totalsecurity logo, TrueVector, UserCheck, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Edge, VPN-1MASS, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VE, VPN-1 VSX,VSX, VSX-1, Web Intelligence, ZoneAlarm, ZoneAlarm Antivirus + Firewall, ZoneAlarm DataLock, ZoneAlarm Extreme Security, ZoneAlarm ForceField, ZoneAlarm Free Firewall, ZoneAlarm Pro Firewall,ZoneAlarm Internet Security Suite, ZoneAlarm Security Toolbar, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point SoftwareTechnologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other p roduct names mentioned herein are trademarks or registered trademarks of their respectiveowners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, 7,165,076, 7,540,013, 7,725,737 and 7,788,726

d b t t d b th U S P t t f i t t di li ti

Contact Check Point now to discuss

Check Point Software Blade Architecture:

www.checkpoint.com/contactus

By phone in the US: 1-800-429-4391 option 5 or

1-650-628-2000

CONTACT CHECK POINT

Worldwide Headquarters5 HaSolelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: [email protected]

U.S. Headquarters800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com

CONTACT CHECK POINT

Worldwide Headquarters5 HaSolelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: [email protected]

U.S. Headquarters800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com

software blades

Documents