1 / 50

Что нового появилось после выхода R70

Что нового появилось после выхода R70. Антон Разумов arazumov@checkpoint.com Консультант по безопасности Check Point Software Technologies. R70 introduced with:. R70.1. Introducing R70.1. SmartWorkflow blade Hardware monitoring Various features GUI enhancements.

jett
Download Presentation

Что нового появилось после выхода R70

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Что нового появилось после выхода R70 Антон Разумов arazumov@checkpoint.com Консультант по безопасности CheckPointSoftwareTechnologies

  2. R70 introduced with:

  3. R70.1

  4. Introducing R70.1 • SmartWorkflow blade • Hardware monitoring • Various features • GUI enhancements

  5. Introducing SmartWorkflow • Check Point’s SmartWorkflow software blade automates security policy change management • Enforces a formal process of tracking, approving and auditing security policy changes • Reduces errors by providing granular visibility into policy changes • Enhances compliance through audit trails and built-in role segregation • Aligns to an organization’s existing change management approval process • Streamlines change management increasing operational efficiency • One-stop, total policy lifecycle management integrated into SmartDashboard

  6. SmartWorkflow Operation Mode

  7. R70.1 SmartWorkflowplanned for R70.1 • Smart Workflow • Automatic security database revisions • Highlighting the changes in SmartDashboard • Allowing visual navigation between the changes • Allow discarding the changes and returning back to the previous database revision. • Allow generating change comparison report • Audit trailing change

  8. R70.1 HW monitoring: Hardware Health Monitoring Capabilities • RAID Health: Monitor the health of the disks in the RAID array, and be notified of the states of the volumes and disks. The information is available via SNMP. • Sensors: Monitor fan speed, voltages, and temperatureson the hardware. The information is available via SNMP and, for Check Point appliances, also via the SecurePlatform Web interface.

  9. R70.1 additional features: • Link Aggregation 802.3ad • Both interfaces need to be connected to the same switch when aggregating • Up to 8 NIC’s in a bond • No limit besides the SPLAT limit of 1015 total interfaces • Both HA and LS are supported • Ability to set IP address trough LCD • Changed URLF filter database provider • Remote Deployment Tool(USB based tool to allow initial OS configuration)

  10. R70.1 GUI enhancements • Quick Add Object - Allows you to easily find and insert objects into the Security Rule Base • Where Used > Go To - Allows you to jump from the Where Used window to the locations it references. • Easily View Group Members - When hovering over a Group in the Rule Base, a tooltip displays the Group members. • Extended Clone Functionality - The Clone functionality, which allows creating a new object based on an existing one, is extended to include Services, IP ranges, Group objects, etc. • Read Only State for Object Properties - In numerous key fields of the object properties it is now possible to copy the text of the fields while in ‘Read-only’ state. • Delete Multiple Database Versions – While in the Database Revision Control window, it is possible to select multiple Database Versions and delete them at once.

  11. R70.20

  12. Moving on to R70.20, what’s new: • Event Correlation & IPS Event Analysis Software Blades Update • Reporting Blade Updates • IPS Software Blade Update • Multi-Core Licensing

  13. IPS Event Analysis Client

  14. New Real Time Views & Simplified Events Processing • Timeline View • Charts View • Maps View • Group By – Real Time Pivots and Graphs for Data • User / machine identification

  15. Timeline View

  16. Charts View

  17. Maps View

  18. Group By – Real Time Pivots and Graphs for Data

  19. User / machine identification: The challenge Network and Security events analysis • Ability to identify users and computers passing through the firewall • Distinguish between corporate and unmanaged devices • Traffic monitoring and network maintenance

  20. User / machine identification: The Solution Identity-based Auditing • Introducing new Check Point firewall capability to provide Identity-based auditing • Present user and machine identity in the firewall logs • Leveraging Check Point SmartView Tracker and Eventia logging solutions • The identity information is based on Microsoft Active Directory integration User and machine identity in Check Point SmartView Tracker

  21. User / machine identification: The use case Bring Identity Awareness to your Check Point firewall • Security and compliance audit • Troubleshooting network issues • Ability to distinguish corporate and unmanaged assets • Helpdesk and maintenance • Analyzing network usage

  22. User / machine identification: How it works • User and Computer Identity is obtained from Active Directory (AD) security event logs • The gathered AD log information is used to build an association map that is referenced for enriching Check Point logs with the AD username and computer name based on users’ IP address. • Check Point Log Server uses WMI protocol to communicate with Active Directory • Supported in SmartCenter management from R70.2 • SmartView Tracker • Eventia Reporter and Analyzer • Does not require any installations on Active Directory server • Leverage your existing security gateways, no upgrade is needed

  23. User / machine identification: Flow 3 Data Center HR Database 1 • Logon to Domain • Username • Computer name • IP address Finance Database Corporate Network User’s connection - Source IP address Microsoft Active Directory Security Gateway 2 • Send Logs (WMI) • User name • Computer name • IP address 4 • Log: • Source IP address • Destination SmartCenter Log Server • Log Entry: • Destination Computer name • Source User & Computer name • Source & Destination IP address 5 SmartView Tracker

  24. SmartView Tracker Example – Identity auditing

  25. User / machine identification: Summary • Bring Identity-based auditing capability • to you Check Point logging system • Leverage existing Check Point management • and logging infrastructure: • SmartView Tracker and Eventia • Plug and Play clientless solution • (no installations required on endpoints or AD) • Simple and easy way to audit your users • and machines activity on the network

  26. Real-Time Analysis & Action Real-Time Analysis & Action • Group By - On-Line Pivoting of Data (no need to export data externally) • New Search Feature • Forensics: Drill down from the “big picture” to events, then use advanced filtering / search / group / sort to go deeper, and finally go to raw logs / packet capture to understand exactly what happened.

  27. New Search Feature

  28. Forensics

  29. Forensics

  30. Workflow Workflow • Open tickets, manage life cycle

  31. Tickets

  32. Tickets

  33. Tickets

  34. IPS Specific reports • Overview Page showing everything IPS – Critical Issues, Top Events, Sources & Destinations, Latest Protections • Detailed Hourly, Weekly and Monthly Reports with many categories • IPS Event Analysis reports relating specifically to IPS events. • Share IPS Event & Packet Capture with Check Point Security Research Team

  35. IPS Event Analysis reports relating specifically to IPS events.

  36. Share IPS Event & Packet Capture with Check Point Security Research Team

  37. Reporting Blade Updates

  38. Reporting Blade Updates Reporting Blade Updates • 18 new regulatory compliance reports • Standard web filtering activity report • Additional information available for Endpoint Security reports

  39. Compliance Reports

  40. Standard web filtering activity report

  41. Endpoint Security reports

  42. IPS Software Blade Update

  43. IPS Software Blade Update • New Protection Category - Block by Country (called "Geo Protection" in IPS) • Web Intelligence Log improvements • Logs now show the original IP addresses of proxied connections • Optional Packet Capture on First Instance of any Protection • Several False Positive Fixes

  44. Geo Protection

  45. Multi-Core Licensing

  46. Multi-Core Licensing • The Check Point Security Gateway software license for multi-core, open server platforms allows you to use less than the number of physical cores on the system. R70.20 will automatically use the number of cores allowed by the license.

  47. R70.30 and R70.40

  48. What’s new in 70.30 ? • Maintenance HFA • Non-English regional formats are now supported in the map visualization features of SmartDashboard. • IPS Event Analysis and Eventia Analyzer. • SmartWorkflow reports can now be viewed in Windows 7. • It is now possible to use the SSL Network Extender client to access internal resources behind the Security Gateway, using a client digital certificate that is signed by a subordinate CA. The certificate need not be directly signed by a trusted CA. For example, the certificate can be signed by a CA that belongs to the organization itself, which is in turn signed by a trusted root CA.

  49. What’s new in 70.40 ? • The R70.40 Security Management Server can manage: • New to beintroduced UTM-1 gateway for centrallymanagedbranch offices • UTM-1 Edge N Series and Embedded NGX 8.1 Release gateways • VSX R67 and includesenhancements to the vsx_util command for improved user experience and • IPSO 6.2 IP applianceswith SmartProvisioning, including the ability to modify Interfaces, Routing, Backup, DNS, Domain Name, Hosts, and Host Names • additionalfunctionality

  50. Спасибо! Антон Разумов arazumov@checkpoint.com Консультант по безопасности CheckPointSoftwareTechnologies

More Related