Check Point Product Overview

Slides:



Advertisements
Similar presentations
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 思科零售行业 统一通信解决方案.
Advertisements

教育局資訊科技教育組 程序表講者 簡介計劃目的 佘孟先生 ( 教育局資訊科技教育組總課程發展主任 ) 使用津貼安排 傅永洪先生 ( 教育局資訊科技教育組高級行政主任 ) 專業發展課程 卓偉嘉先生 ( 教育局資訊科技教育組高級課程發展主任 ) 技術顧問及項目管理服務 林詠宜女士.
云计算辅助教学风云录 黎加厚 上海师范大学教育技术系 2010年8月9日.
校園資訊安全與防火牆架設 嘉義市育人國小 黃士騰.
第五章 網際網路 5-1 網際網路的歷史沿革 5-2 網際網路基本運作原理 5-3 連線媒介與連線上網 5-4 網際網路上的熱門應用
資訊安全.
Fortinet产品IDC安全解决方案.
NAP – 高可靠性,高安全性兼备的新一代网络安全接入解决方案
Bomgar Remote Support 最安全的遠端資訊服務系統平台
第五章 資訊科技基礎建設與新興科技.
實驗 9: 無線安全網路之建設.
MIE-311 Mobile Network Security
简化 IT,促进创新 — 为现代企业带来新生机
VMWARE 大藍圖 SOFTWARE-DEFINED ENTERPRISE
“Internet+” Business Innovation
思科Oracle RAC解决方案 Starry Wu UCS -GC.
share box user research finding
BOTNET Detection and Prevention
网格 及其应用的一些相关技术 高能所计算中心 于传松
Windows Vista 的防治惡意軟體技術
企業如何建置安全的作業系統 Windows XP 網路安全
第8章 系統架構.
移动创星擂台 2017年3月19日星期日 2017/3/19 此模板可用作起始文件以更新项目里程碑的更新。 节
寻找适合您的工业4.0 Dell/曾峰.
Ericsson Solutions for Intelligent Transport Systems and Solutions
David liang 数据通信安全教程 防火墙技术及应用 David liang
Windows Vista 操作系统最新安全特性
Special English for Industrial Robot
網路技術管理進階班---網路連結 講師 : 陳鴻彬 國立東華大學 電子計算機中心.
从企业即时通讯到统一消息 GoCom Instant Messaging 企业即时通讯
網路安全 B 賴威志 B 項 薇.
第五章 網際網路 5-1 網際網路的歷史沿革 5-2 網際網路基本運作原理 5-3 連線媒介與連線上網 5-4 網際網路上的熱門應用
Windows Vista Internet Explorer 7.0 Overview
从UNIX到Windows的 电信软件移植实践
第10章 广电媒资管理系统构建 刘士军
Logistics 物流 昭安國際物流園區 總經理 曾玉勤.
Draft Amendment to STANDARD FOR Information Technology -Telecommunications and Information Exchange Between Systems - LAN/: R: Fast BSS.
Special English for Industrial Robot
CS 網路安全 Network Security
第七章 客服管理中心之系統規劃與建構 -以AvecCRM為例
SAP 架構及基本操作 SAP前端軟體安裝與登入 Logical View of the SAP System SAP登入 IDES
IT基础设施运营管理服务 – 定义、实现、展示
「寬頻匯流網路管理」教材 模組四: 第一章 網路管理架構
微软新一代云计算 面向企业的 Office 365 客户培训大纲
校園網路架構介紹與資源利用 主講人:趙志宏 圖書資訊館網路通訊組.
建设 21 世纪 具有国际先进水平的 教育与科研计算机网
顧武雄 Jovi Ku Microsoft特約資深講師
服務於中國研究的網絡基礎設施 A Cyberinfrastructure for Historical China Studies
IBM SWG Overall Introduction
专利信息在全球一流企业获得的成功中的关键性作用 格哈德·菲舍尔 知识产权信息研究
Real-Time System Software Group Lab 408 Wireless Networking and Embedded Systems Laboratory Virtualization, Parallelization, Service 實驗室主要是以系統軟體設計為主,
Guide to a successful PowerPoint design – simple is best
橫跨電腦、手機與軟體的全方位端點管控解決方案
虚 拟 仪 器 virtual instrument
Cisco Troubleshooting and Maintaining Cisco IP Networks (TSHOOT)
期未報告:公眾無線網路的架構,比較 通訊所 鍾國麟 主要的內容還是S.Y.
賽門鐵克安全系統進化史-正確選用賽門鐵克防護系統
WIRELESS LAN B 邱培哲 B 張宏安.
NASA雜談+電腦網路簡介 Prof. Michael Tsai 2015/03/02.
SAP 架構及基本操作 SAP前端軟體安裝與登入 Logical View of the SAP System SAP登入 IDES
Enterprise Resource Planning System 企業資源規劃系統
如何兼顧網路安全與效能的規劃 網路安全架構的瓶頸.
Common Security Problems in Business and Standards
國立新港藝術高中申請TANet新世代網路連線計畫書
MGT 213 System Management Server的昨天,今天和明天
Requirements for SPN Information Modeling
Microsoft SharePoint Portal Server 2003 的部署、建置 與系統整合(上)
ppt宝藏提供 中国银行业信息化系统建设研讨会
Presentation transcript:

Check Point Product Overview Jovi Chen Jan 2008

議題 今日的安全挑戰 Check Point 發展策略 統一安全架構的未來 PURE security 新的解決方案 新的市場領域-Data security 統一安全架構的未來

Check Point – 全球資安市場的領導者 全球FW/VPN市場領導者* 客戶含括財星雜誌前百大企業(100%) 、 前五百大企業(98%) 市場領導地位 2006年總收益- 美金5億7千5百萬元 公司市值- 美金54億元 現金儲備- 美金16.5億元 財報資訊 擁有1,500 位員工 (600 R & D) 在全球28個國家中擁有69個辦公據點 在全球88個國家中擁有2,200合作夥伴 總部位於以色列與美國加州 全球佈局 * Frost & Sullivan, World Firewall IPSec VPN Gateway Markets, 2006

Check Point – 全球資安市場的領導者 93 94 95 96 97 98 99 00 01 02 03 04 05 06 07 併購 智慧型應用 創立 VPN-1 VPN-1 Power, VPN-1 UTM 網路安全 併購 Pointsec 小型企業 FireWall-1 1.0, Stateful inspection IDS/IPS SSL VPN 架構 2007: 資安大革新 網路與基礎架構 資料安全 統ㄧ安全架構

企業、小型公司以及消費者對於以下事項都有急迫的需求: 今日的安全挑戰 企業、小型公司以及消費者對於以下事項都有急迫的需求: 保護其電腦與網路 防禦資料遺失 安全與可靠的存取 管理與控制其系統

Security is as strong as the weakest link 今日「資安延伸」的困境 部門間互相獨立,而非中央控制 反應性的、事件導向性的方法 缺乏對未來清楚的準則與路徑 雷同而無效率的花費,永遠無法與問題同步 今日的根本問題: 未詳加計畫、「已經夠好了」 以及殘缺不足的安全方案 結果: 防禦裂縫-安全出現缺口 市場趨勢: 供應商整合 客戶更少尋求安全供應商的協助  (從大於10至小於5) 市場對架構性解決方案的需求 Security is as strong as the weakest link

Unified Security Architecture Check Point 終止安全缺口 安全管理 資料安全 終端安全 / AV 威脅管理 – IDS, IPS, VA 驗證與授權 Network Security 身份認證 和通行管理系統 Check Point 2007– PURE Security Check Point 2004 – Unified Security Architecture Check Point VPN-1 1999 Check Point FireWall-1 1994

Protect the network from attacks Check Point 產品線 Small business Medium business Data center CUSTOMER NEED Consumer Enterprise VPN-1 UTM VPN-1 Power Protect the network from attacks ZoneAlarm Router Safe@ Office VPN-1 UTM Edge VPN-1 Power VSX Remote, mobile connection, protect corporate web assets SecureClient & Connectra SmartDefense UTM InterSpect / IPS SmartDefense PA SmartDefense Power Latest security updates, detailed attack information Integrity Security at the endpoint ZoneAlarm Security Suite SmartCenter SMART Smart Portal / SMP Provider-1 Eventia Centralized configuration, monitoring, logging, reporting OPSEC

市場定位 – 中階市場 效能 UTM-1 價格US$ 家庭使用/ 大型企業/ 分公司或者中型企業 小型公司 資料中心 VPN-1 UTM, 硬體設備 10 Gbps VPN-1 UTM, VPN-1 Power 效能 The right Platform UTM-1 1 Gbps Safe@Office, Edge 100 Mbps $300 $3,000 $15,000 價格US$

Check Point’s Proven Security 你所需要的網路安全產品 Check Point’s Proven Security 提供你所需要的網路安全 內建中央管理功能 超過十個網路安全相關軟體 整合於一個裝置上

Delivering Total Security standard The best Firewall in the market VoIP SQL Instant Msg E-mail P2P HTTP FTP VPN (site-to-site, remote access) standard subscription Antivirus (at the gateway) UTM-1 includes Check Point’s industry leading firewall which protects over 150 applications and services including business critical applications such as Voice over IP, as well as productivity killers such as Instant Messaging and Peer-to-Peer file sharing applications For intrusion prevention, UTM-1 also includes Check Point’s SmartDefense intrusion prevention standard, as well as key malware protection with gateway antivirus and gateway spyware blocking. With version R65, UTM-1 appliances now integrate best of breed SurfControl web filtering. Web filtering settings and policy configuration have been neatly integrated into Check Point’s SmartCenter management to make setting up an acceptable use policy for web surfing easy. For secure connectivity, UTM-1 includes complete IPSec based site to site connectivity and remote access with the ability to easily add SSL VPN remote access capabilities without the need for additional hardware. The ability to add SSL VPN easily is a great example of how UTM-1 appliances can easily be expanded to add customized security features. Beyond SSL VPN, other add-ons are also available such as Web application firewall and other specialized security features. This gives you the ability to tailor the features you need specifically for your environment. Intrusion prevention subscription subscription Web Filtering subscription Anti spyware subscription SSL VPN subscription Messaging security NEW! * End of Q1 2007

UTM-1 450 UTM-1 1050 UTM-1 2050 UTM-1 Models $531, 000 Unlimited 5 3 Sites 15 Days 2 Years UTM-1 1050 $885,000 Unlimited 5 3 Sites 15 Days 2 Years UTM-1 2050 $1,097,400 Unlimited 5 5 Sites 15 Days 2 Years Pricing Users Remote Users Management Subscription HW Warranty

Different Appliances for Different Needs UTM-1 450 4 GE 400 Mbps 190 Mbps 500,000 250 1 UTM-1 1050 4 GE + 4 FE 1Gbps 250 Mbps 1.2 million 500 2 UTM-1 2050 4 GE + 4 FE 2 Gbps 400 Mbps 2 million 1,000 2 More models to be released soon Ethernet ports FW throughput VPN throughput Sessions Users (rec.) USB ports

Management Flexibility Appliance can work stand-alone Appliance can be used to manage other appliances Appliance can be managed by existing SmartCenter / Provider-1 infrastructure Management platform pre-loaded, no separate system required Existing Check Point management platform Fits in the Check Point Unified Security Architecture

Check Point : IPS-1家族 高效能的入侵防禦系統(IPS) 對已知與未知攻擊的精準防護 合適與可管理的網路安全 動態環境中安全政策的智慧型應用 對已知與未知攻擊的精準防護 來自Smart Defense先發制人的防護整合,並擁有IPS-1引擎所提供的粒狀攻擊偵測,具有精準、即時的攻擊防護 NFR/InterSpect整合成VPN-1 使用簡便,高效能的立即使用裝置

Check Point: 獨一無二的完整網路安全架構 一個完整整合的安全架構 先行制止網路攻擊 消滅蠕蟲、病毒、間諜軟體與垃圾郵件 保護個人電腦、行動裝置、遠端連線 符合控制與管理的需求 完整網路安全的提供以及點對點的覆蓋 Check Point是唯一提供此種整合性架構的安全供應商 Unified Security Architecture: SMART Management Policy management User provisioning Event management and reporting Auditing and compliance VPN tunnel Endpoint control Security suite – AV, etc. Remote access Application awareness IDS/IPS Firewall VPN gateway Content security VPN client Personal firewall Security suite – AV, etc. Network security End-to-end security Remote client Data center Perimeter Mobile Desktop

Unified security architecture 全部整合… 網路安全 已經全面涵蓋 Network security End-to-end security Unified security architecture

…仍是不夠 我們的資料仍有 更多的威脅 利用電子傳輸來挪動資料比你想像中容易!

資料安全 資料安全層面 Unified security architecture Network security 端對端安全 VPN tunnel Endpoint control Security suite – AV, etc. Remote access Application awareness IDS/IPS Firewall VPN gateway Content security VPN client Personal firewall Security suite – AV, etc. Network security 端對端安全 Remote client Data center Perimeter Mobile Desktop Unified security architecture Policy management User provisioning Event management and reporting Auditing and compliance 資料安全 Port control Media encryption Disk encryption Gateway protection

資料安全之挑戰 資訊外洩 新聞頭條中的資料安全議題 有心或意外 大型檔案:電子郵件傳輸、上傳 資料收集:複製 (USB/DVD) 整體系統:遺失或遭竊 手提式電腦位於第一線 新聞頭條中的資料安全議題 60%的資訊盜竊產生自遺失或被偷的裝置 在美國,超過8千4百萬的個人資訊在2005年2月至2006年5月間曝光 有鑒於合法公開的規定,對於責任與隱私的關切逐步上升

Pointsec: 保護資料安全最重要的第一步 資料安全的領導方案 100%的資料加密(磁碟與通道) 最高階的認證 非點擊操作 企業管理 適用於所有平臺 微軟個人電腦 行動電話 個人數位助理 Pointsec簡介 1987年建立於斯德哥爾摩 2004-2006:重大突破 2006年銷售量高達美金七千四百ㄧ十萬元 2007:由Check Point併購 成為統一安全架構的一部分 粗估美金6億元 Data security layer Port control Media encryption Disk encryption Gateway protection End-to-end security Remote client Data center Perimeter Mobile Desktop

Data security 資料安全:只是第一步 在發展資料安全方面, 我們還有許多產品需要研發 Unified security architecture Policy management User provisioning Event management and reporting Auditing and compliance VPN tunnel Endpoint control Security suite – AV, etc. Remote access Application awareness IDS/IPS Firewall VPN gateway Content security VPN client Personal firewall Security suite – AV, etc. Network security Data security Port control Media encryption Disk encryption Gateway protection 在發展資料安全方面, 我們還有許多產品需要研發 End-to-end security Remote client Data center Perimeter Mobile Desktop

Application awareness Personal firewall Security suite – AV, etc. 統一安全架構的未來藍圖 統一安全架構 Policy management User provisioning Event management and reporting Auditing and compliance 完整的終端安全 VPN tunnel Endpoint control Security suite – AV, etc. Remote access Application awareness IDS/IPS Firewall VPN gateway Content security VPN client Personal firewall Security suite – AV, etc. Network security 資料與網路整合閘道 整合型行動客戶 Data security Port control Media encryption Disk encryption Gateway protection End-to-end security Remote client Data center Perimeter Mobile Desktop

Endpoint Security  Integrity

Integrity Functions Endpoint Protection Access Control Management Stop … Keystroke Loggers … Trojan Horses … Network Infections … Hacker Intrusions … Unsafe Connections … IM Threats Enforce … AV, Patches, FW … Application Policy … Remote & LAN … Employee & Guest … Wired & Wireless … Silent Remediation 能力 … 部屬與整合 … 集中政策管理與執行 … 彈性及高可用性 中止 … Port Scans … 駭客入侵 … 新的惡意程式 … 應用程式攻擊 … 間諜程式 … 即時通訊的威脅 實行 … 防毒, 補丁, 防火牆 … 應用程式政策 … 遠端及內部存取 … 員工及訪客 … 無線及有線 Management Enable … Rapid Deployment & Integration … Central Administration & Enforcement … Automated Client and Security Updates 25

Integrity Components Endpoint Protection Access Control Stateful PC Firewall Check Point Integration Application Controls VPN Integration Intrusion Prevention 802.1x Integration Anti-Spyware Total Client Lockdown Surprisingly, not all enterprise personal firewalls are stateful. And not all make it easy to define rules for Trusted and Untrusted network zones like Integrity does. “Stealthing” the PC is a supplemental function of the stateful FW. App controls include auto-discovery of all apps seeking network connections and creation of a “black list”; stopping many varieties of spyware; and stopping worms from emailing themselves to users’ address books. Most products stop only some of these things. Host IPS can be done in different ways: via complex rule scripting, or using sophisticated packet inspection technology that doesn’t require administrator to write rules. We use CP technologies like MCP to do this. Anti-spyware: beyond stopping spyware from sending info out to an attacker, AS should include removal of installed spies (in next Integrity release) and preventing installation of spies in the first place (as ZASS technology will do for Integrity). Doesn’t make sense for a customer to have to install separate client software and use a separate management console and server. Standalone enforcement: for when integration with a network device isn’t possible, and when user isn’t connected to the enterprise Secure remediation: either easy end user process, or automated process that uses checksums to ensure that update files haven’t been spoofed before they’re installed (in Integrity NGX release) Central management includes both manual and automated app rule definition. SDPA service is huge benefit to admins because it greatly reduces need to research discovered apps. Deployment includes mgt server set-up and silent, remote installs of client SW. Integration includes DBs, user directories, and SW mgt tools in addition to gateways Scalability includes ability to manage unlimited numbers of users at the same time with minimum server cost; load balancing; customizable admin roles and domains, and hot failover to multiple servers if desired. Not all endpoint security products have all these capabilities – in fact, this comprehensive set is unique to Integrity. IM Security Secure Remediation Management Central Policy Management & Enforcement Deployment & Integration Automated Updates 26

Unified Security Management Single Management System Universal Updates Objective of Unified Security Management is to greatly simplify enterprise security administration, improve incident response, and reduce the huge training and maintenance expense associated with having separate management systems for each security point product. In this implementation of TAP, Integrity cooperates with Check Point gateways at each PC access point to control network access and enforce policy. Because its been integrated into the NGX platform for unified management, Integrity endpoint security and TAP can now be managed in sync with enterprise-wide security functions, all from a common server, management console, and reporting and analysis system. Only Check Point offers such comprehensive and unified enterprise security management of endpoint security, NAC, and other critical security layers. The NGX platform delivers unified security architecture across the most critical layers of network security: the network perimeter, network core, Web applications and the endpoints. Specifically: Unified security management reduces overhead by allowing administrators to define, manage and update policies on the PIWE from a single SmartCenter console From that same console, network administrators can upload the latest security signatures to defenses on the PIWE without service interruptions Intelligent inspection technologies are shared across all layers of the network ensuring consistent protection Total Visibility 27

Thank you!