Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access · management security · performance Wick Hill Ltd Value Added Distribution Check Point End Point.

Published byMorris Bailey Modified over 8 years ago

Similar presentations

Presentation on theme: "Access · management security · performance Wick Hill Ltd Value Added Distribution Check Point End Point."— Presentation transcript:

1 access · management security · performance Wick Hill Ltd Value Added Distribution Check Point End Point

2 access · management security · performance Agenda Introductions Part 1 : History - End Point Story Part 2 : Present – The products right now Part 3 : Future – Roadmap Lunch Go Karting

3 access · management security · performance HISTORY

4 access · management security · performance Brief Product History 199X – VPN Clients SecuRemote SecureClient 2003 – ZoneAlarm Purchase Integrity Integrity Secure Client Integrity Clientless Security 2006 – Pointsec Purchase Pointsec for PC Pointsec Mobile Pointsec Protector

5 access · management security · performance Historic Licensing SecuRemote SecureClient Integrity Integrity Desktop Integrity Server Integrity Secure Client Integrity Clientless Security Pointsec for PC Pointsec Protector Reflex Magnetics DiskNet Pro Pointsec for MAC Pointsec Mobile SecureClient Mobile SSL Network Extender (SNX)

6 access · management security · performance Confusing Licensing Models Bundles of users / Individual Need for Server / No server Concurrent / Per User

7 access · management security · performance Licensing Simplication SecuRemote SecureClient Integrity Integrity Desktop Integrity Server Integrity Secure Client Integrity Clientless Security Pointsec for PC Pointsec Protector Reflex Magnetics DiskNet Pro Pointsec for MAC Pointsec Mobile SecureClient Mobile SSL Network Extender (SNX)

8 access · management security · performance Licensing Simplication SecuRemote – Now included in GW’s / Appliances SecureClient – EPSA Integrity – EPSA Integrity Desktop – EPSA Integrity Server – EPSA Integrity Secure Client – EPSA Integrity Clientless Security - Connectra Pointsec for PC – EP FDE Pointsec Protector – EP MEPP Reflex Magnetics DiskNet Pro – EP MEPP Pointsec for MAC Pointsec Mobile SecureClient Mobile Integrity Clientless Security SSL Network Extender (SNX)

9 access · management security · performance New Product Line Up EndPoint Security Secure Access EndPoint Security Full Disk Encryption EndPoint Security Media Encryption EndPoint Security Total Security SecureClient Mobile SSL Network Extender (SNX) Pointsec for MAC

10 access · management security · performance Pricelist.CheckPoint.Com

11 access · management security · performance Pointsec Mobile

12 access · management security · performance Secure Access / SNX

13 access · management security · performance Wickhill Can Help!!!! End Point Pricing Calculator

14 access · management security · performance End Point Secure Access Product Features Client Firewall Program Control Anti – Virus Anti – Spyware Network Access Control IPSEC VPN Enforcement Client IPS

15 access · management security · performance End Point FDE / MEPP Product Features Full Disk Encryption Client Device Control Media Encryption

16 access · management security · performance Product Installation / Managment End Point Secure Access Server / Client Server Integrated with SmartCentre End Point Media Encryption Server / Client End Point Full Disk Encryption Client / UNC Path for Central Managment

17 access · management security · performance Product Walkthrough DEMO

18 access · management security · performance PRESENT

19 access · management security · performance End Point Secure Access Policy Enforcement Options Userbased Policies LDAP RADIUS NTLM IP Based Policies Ranges Subnets Co-Operative Enforcement with Interspect Cisco VPN3000 Concentrator Nortel Contivity VPN CheckPoint VPN-1 Gateway 802.1x

20 access · management security · performance 802.1x IEEE 802.1X / IETF Standards Track (RFC 2284) Improve PPP authentication process Address security gaps in WiFi/WLAN deployments

21 access · management security · performance Standard EAP Session Enterprise Network SupplicantAccess Point RADIUS Server EAP Start EAP Request/ID Start EAP Authentication Ask Client for Identity EAP Response/ID (UserID) RADIUS Access Request Access Request w/ UserID EAP Request/ Challenge Perform EAP Sequence (MD5, TLS, PEAP) RADIUS Access: Accept EAP Success RADIUS Access Challenge: EAP RADIUS Reply/ Challenge EAP Response/ Password RADIUS Access: Restrict EAP Success ( restricted access) OR,

22 access · management security · performance Check Point EAP Integration Enterprise Network SupplicantAccess Point RADIUS Server Integrity Server RADIUS “Proxy” RADIUS Access: Accept EAP Success Accept Proxy (success) Proxy (failure) RADIUS Access: Restrict EAP Success ( restricted access) OR, RADIUS Request EAP Request/ Challenge: ZLX RADIUS Access Challenge: EAP ZLX RADIUS Reply/ Challenge EAP Response/ ZLX (policy) Policy Query Policy Lookup Reject (Std. EAP Session) = New components or data extensions = EAP existing standard

23 access · management security · performance NAC is Here to Enforce identity-based access policies Control who is accessing what Prevent guests from unauthorized access Allow demonstrable compliance with growing body of regulatory requirements Mitigate the risks of endpoint-borne attacks Check endpoint compliance as a precondition for network access Quarantine and remediate non-compliant endpoints Monitor devices connected on the network Protect against attacks on critical resources

24 access · management security · performance Flat networks are gone. Networks are becoming functionally segmented Access controls are being deployed between segments NAC brings identity and compliance awareness into segmentation and access control Internal Access Network Internal Applications DMZ Employee Partner Wireless Finance Sales Partner Employee Internet Context: NAC and “The disappearing perimeter”

25 access · management security · performance NAC has been over-hyped! Now we’re in the “trough of disillusionment” The rate of pilot-to-production is very low (and these pilots don’t come cheap!) The initial promise of “clientless NAC” is proving to be a mirage Standards are slow to take hold In the meantime Cisco – NAC’s largest promoter - markets the “Self Defending Network” but sells only proprietary, 802.1x-incompatible, SW-based “NAC appliance” Network Access Confusion

26 access · management security · performance Simplifying NAC Get your feet wet with limited NAC deployments Define a reasonable life span for your pending NAC projects Define Attainable security objectives Leverage existing investments Prediction: NAC is young. You won’t see a one-size-fit-all solution in 2008

27 access · management security · performance Check Point NAC Identify aware firewall in VPN-1Identify aware firewall in VPN-1 SecureClient SCV (desktop configuration verification)SecureClient SCV (desktop configuration verification) Integrity Client Network Access Control (Client Self-Enforcement)Integrity Client Network Access Control (Client Self-Enforcement) Integrity & VPN Gateway Access Control Integration (CP Endpoint Security and Cisco VPN Gateways)Integrity & VPN Gateway Access Control Integration (CP Endpoint Security and Cisco VPN Gateways) Integrity/802.1x LAN Access Control IntegrationIntegrity/802.1x LAN Access Control Integration Founding Member of Trusted Network Connect (TNC) InitiativeFounding Member of Trusted Network Connect (TNC) Initiative Clientless Security for Enforcement of Unmanaged PCsClientless Security for Enforcement of Unmanaged PCs Cooperative Enforcement with ConnectraCooperative Enforcement with Connectra Secure Automated RemediationSecure Automated Remediation Cooperative Enforcement with VPN-1 Edge (802.1x)Cooperative Enforcement with VPN-1 Edge (802.1x) Unified Management of NAC, Endpoint, and Network Security InfrastructureUnified Management of NAC, Endpoint, and Network Security Infrastructure Enforcement with Intel AMTEnforcement with Intel AMT CP EPS with VPN-1 UTM/PowerCP EPS with VPN-1 UTM/Power Identify aware firewall in VPN-1Identify aware firewall in VPN-1 SecureClient SCV (desktop configuration verification)SecureClient SCV (desktop configuration verification) Integrity Client Network Access Control (Client Self-Enforcement)Integrity Client Network Access Control (Client Self-Enforcement) Integrity & VPN Gateway Access Control Integration (CP Endpoint Security and Cisco VPN Gateways)Integrity & VPN Gateway Access Control Integration (CP Endpoint Security and Cisco VPN Gateways) Integrity/802.1x LAN Access Control IntegrationIntegrity/802.1x LAN Access Control Integration Founding Member of Trusted Network Connect (TNC) InitiativeFounding Member of Trusted Network Connect (TNC) Initiative Clientless Security for Enforcement of Unmanaged PCsClientless Security for Enforcement of Unmanaged PCs Cooperative Enforcement with ConnectraCooperative Enforcement with Connectra Secure Automated RemediationSecure Automated Remediation Cooperative Enforcement with VPN-1 Edge (802.1x)Cooperative Enforcement with VPN-1 Edge (802.1x) Unified Management of NAC, Endpoint, and Network Security InfrastructureUnified Management of NAC, Endpoint, and Network Security Infrastructure Enforcement with Intel AMTEnforcement with Intel AMT CP EPS with VPN-1 UTM/PowerCP EPS with VPN-1 UTM/Power 2002 2003 2004 2005 2007 Leveraging Existing Investment 2008 1999 199x

28 access · management security · performance Ensuring Endpoint Policy Compliance Auto-Remediation Policy checks for critical updates Internal and external NAC Ensures only safe endpoint devices can access the network Protects networks and systems from endpoint-borne attacks Facilitates remediation for out-of-compliance endpoints Network Access Control

29 access · management security · performance You can do it today with Endpoint Security Secure Employee Access with: Endpoint Security Self-Enforcement 802.1x support for VLAN steering Cooperative Enforcement for VPN-1 and UTM-1 All transparent to users!   Use Connectra portal for Guest/Partner access – –Endpoint Security On-Demand (ICS) provides posture checking – –For partners seeking access to internal applications, Check Point Secure Workspace provides a sanitized virtual platform the organization can trust – –Use SNX to deliver applications to partners, when needed

30 access · management security · performance Gateway (Firewall) Enforcement Corporate Network Internet HR Database Finance Database R65 Firewall Perimeter Firewall LDAP Directory Web Server Pool EPS 7 Server 1. Client Initiates connection to HR Resource 2. Gateway asks EPS server if endpoint is known and in compliance 3. EPS 7.0 Server checks for policy for AD\jsmith 4. Gateway implements compliant user firewall rules 5. User has access to HR database but can not even ping Finance servers (invisible to end user) No need to do printer exceptions No need to do VoIP phone exceptions Unique

31 access · management security · performance NAC Demo

Download ppt "Access · management security · performance Wick Hill Ltd Value Added Distribution Check Point End Point."

Similar presentations

©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey

©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.

1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.

Team MAGIC Michael Gong Jake Kreider Chris Lugo Kwame Osafoh-Kintanka Wireless Network Security.
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.

Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential Check Point Software SSL VPN Solutions Technical Overview Thorsten Schuberth Technical.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
Wireless Network Security

Wireless Network Security
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
© 2003, Cisco Systems, Inc. All rights reserved. 111 8426_07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.

© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
All Rights Reserved © Alcatel-Lucent 2010 1 | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.

Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID 802.1x OVERVIEW Sudhir Nath Product Manager, Trust.

1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID 802.1x OVERVIEW Sudhir Nath Product Manager, Trust.

Similar presentations

Ads by Google