270 likes | 448 Views
Adaptable Security Architecture: The Check Point's Difference. John Ong Major Accounts, SEA. Agenda. Security Market Trends Adaptable Security Architecture Check Point’s Difference. Dot Com Bubble Burst. Building the Perimeter. Internet Rationalized. Architecting a Secure Future.
E N D
Adaptable Security Architecture: The Check Point's Difference John Ong Major Accounts, SEA
Agenda • Security Market Trends • Adaptable Security Architecture • Check Point’s Difference
Dot Com Bubble Burst Building thePerimeter Internet Rationalized Architecting a Secure Future Internet reliance Security threats Market TrendsConvergence of Networks & Security Threats 1996 2000 2001 2002 2003 2004 2005 1998 1993 1994
The key to managing unpredictability is for your security architecture to be prepared for anything Market TrendsUnpredictability of Potential Future Threats • Wireless Devices Open Network for Rogue Access • New Application Vulnerabilities • Vulnerabilities in upcoming Operating System Releases Internet • Infrastructure Vulnerabilities
New Attacks and Applications New Security Categories New Security Costs Market TrendsDisparate Solutions Ineffectivesecurity Worms Firewall/VPN IPS VoIP Increased management costs SSL VPN Remote access Web application firewall Increased deployment complexity Session border controller Buffer overflows
Enterprise Businesses Need a Unified Security Architecture New Attacks and Applications New Security Architectures New Security Costs A NewSecurity Architecture is Needed Ineffectivesecurity Worms Firewall/VPN IPS VoIP Increased management costs SSL VPN Remote access Web application firewall Increased deployment complexity Session border controller Buffer overflows
Architecting A Secure Future • Develop A Strategy That Fit Your Needs • Multi-Layered Approach • Step-by-Step Implementation • Each Layer Takes Focus &Resources Endpoint Internal Perimeter Branch Offices Web Security
Customers Need a Future-Proof Architecture Intelligent protection across all domains Preemptive security and timely updates Extensible & modular enforcement infrastructure Integration among enforcement and network elements Unified & extensible management infrastructure InvestmentProtection
Check Point’s Architecture for Secure Future Intelligent protection across all domains Preemptive security and timely updates Extensible & modular enforcement infrastructure Integration among enforcement and network elements Unified & extensible management infrastructure InvestmentProtection
In-depth inspection Internal Web SMART management Intelligent Security Solutions Worry-free protection Home, Remote Access Branch, Central Office Data Center, MSSP Perimeter Check Point’s Architecture for Secure Future Intelligent protection across all domains Preemptive security and timely updates Extensible & modular enforcement infrastructure Integration among enforcement and network elements Unified & extensible management infrastructure InvestmentProtection
Intelligent protection across all domains Preemptive security and timely updates Extensible & modular enforcement infrastructure Integration among enforcement and network elements Unified & extensible management infrastructure InvestmentProtection Check Point’s Architecture for Secure Future
Added July 2004 Added July 2004 Added July 2004 Particularly interesting … SmartDefense Services can dynamically add defense techniques for new protocols and applications … without requiring an upgrade Added Jan 2005 Added March 2005 Added April 2005
Intelligent protection across all domains Timely updates and preemptive security Extensible & modular enforcement infrastructure Integration among enforcement and network elements Unified & extensible management infrastructure InvestmentProtection Check Point’s Architecture for Secure Future Stateful Inspection INSPECT Application Intelligence Web Intelligence Malicious Code Protector Dynamic VPN
Intelligent protection across all security domains Preemptive security and timely updates Extensible & modular enforcement infrastructure Integration among enforcement and network elements Unified & extensible management infrastructure InvestmentProtection Check Point’s Architecture for Secure Future Personal Firewall Malicious Code Protection Internal Security Gateway Quarantining Access Control Network Firewall Antivirus IPS SSL VPN IPSec VPN QoS Dynamic Routing
802.1x switch Integrity Server Comprehensive Internal Security with Cooperative Enforcement Integrity Integrity InterSpect Integrity 802.1x switch Integrity works with 802.1x switch to block attack at endpoints! To Enterprise network
Intelligent protection across all domains Preemptive security and timely updates Extensible & modular enforcement infrastructure Integration among enforcement and network elements Unified & extensible management infrastructure InvestmentProtection Check Point’s Architecture for Secure Future
Intelligent protection across all domains Preemptive security and timely updates Extensible & modular enforcement infrastructure Integration among enforcement and network elements Unified & extensible management infrastructure InvestmentProtection Check Point’s Architecture for Secure Future Efficient Tools Short Learning-curve
Software-based Approach is Essential for Future-Proofing • More Agile/Adaptable • Better modularity • Better Price/Performance • Highly scalable via hardware choice • Better Investment Protection • Security Innovation Solutions based hardware-specific components tend to obsolete fast. They lack the flexibility to gracefully add protections or features. They stifle security innovation.
Coherent Development Leads to Better Integration • Unified management & security architecture • Cooperation among elements, modules • Minimized redundancies • Consistent user experience • Lower cost of ownership Other networking vendors are buying and re-branding disparate technologies with little or no integration, forcing customers to deal with point solutions, shifting roadmaps, and Inconsistent Management
Unified Security Architecture at the Core • Robust management infrastructure • Intelligent, modular enforcement • Centralized SmartDefense updates across products • Other vendors have multiple central management platforms, designed as peripheral add-ons for point products • Different point products have different security architectures and disparate update mechanisms
The Check Point Difference Software based approach Coherent development vector Unmatched ability to deliver protections Unified security architecture
Unmatched Ability to Deliver: VPN-1 Pro NGX VoIP Protections • Cisco firewalls don’t offer same level of protection. • Juniper firewalls don’t support MGCP or SCCP. • Neither offer the granular level of control for H.323 or SIP, typically punchingpermanent holes in the FW. • Call hijacking, theft, and tampering protection • Powerful tools to create, implement and monitor enterprise VoIP policy • Support for H.323, SIP, MGCP and SCCP • Secure a variety of versions and network / NAT topologies • Interoperable with all leading VoIP equipment
Other SonicWall Nortel Juniper Cisco Check Point the Global Leader SOURCE: Frost and Sullivan, April 2004 Combined Worldwide Revenue Share for Firewall/VPN, Hardware and Software 19% Check Point 36% 4% 5% 10% 26% 420,000 Installations Worldwide *Check Point Family includes all hardware revenue from OPSEC appliance partners and open server hardware
Check Point’s Market LeadershipIndustry Recognition • Leader – Gartner Magic Quadrant for IPSec VPN Equipment • September 2004 • Leader – Gartner Magic Quadrant for Network Firewalls • February 2005 • Leader – METAspectrum Intrusion Control • March 2005 • Leader – Gartner Magic Quadrant for Personal Firewalls • May 2005 • Challenger – METAspectrum for SSL VPNs • September 2004 • Frost and Sullivan’s – Global Market Leadership Award for End Point Security • March 2005
2005 Awards • Best FirewallVPN-1/FireWall-1Next Generation with Application Intelligence • Secure Computing February 2005 • Best Enterprise Security SolutionVPN-1 Pro Next Generation with Application Intelligence • Secure Computing February 2005 • Best SOHO Security SolutionZoneAlarm Security Suite • Secure Computing February 2005 • Midmarket 'Products of the Year‘Check Point Express CI • VARBusiness Magazine April 2005 • Most Innovative Product 2005Connectra 2.0 • IT Business News March 2005
Furthering Our Vision • Broader Deployments • Gateways, Switches • Clients, Servers • Desktop, Handheld • Deeper Understanding of Content • Multi-Layer Analysis • Application Specific • Smarter Analysis and Decisions • Integrated Management Tools • Event Analysis and Correlation Flexible SoftwareArchitecture,Multi-Platform Broader “Application Intelligence” Software that Adapts Deeper Management Architecture –Software that Scales Smarter