Check Point Connectra NGX R60 Patrick Hanel 24 November 201824 November 2018
Agenda SSL VPN - Anywhere access - Everywhere issue - The future of SSL VPN Check Point Connectra: Secure Web-based connectivity - Integrated endpoint security and application security - Universal updateability - Easy deployment and management - Flexible platform options - Uniqueness in SSL VPN 24 November 2018
SSL VPN: Anywhere Access Add more remote users beyond current 20 percent Less technical employees Partners Reduce remote access support costs Browser based; no client maintenance Less end user complexity Additional access options Access from home PC, corporate PC, Internet kiosk Day Extenders Email Basic applications Home computer Teleworkers Email Applications Company computer Mobile workers Email Basic applications Company computer or public computer Intranet Email Applications Files Extranet Portal Extranet access Partner computers 24 November 2018
SSL VPN: Everywhere Access With IPSec you knew who was coming in With SSL VPN you don’t (usually) Firewall, antivirus + Company- owned PC Partner PC Access Agreement Company- owned PC Employee home PC Partner PC Public Internet kiosk Completely unmanaged/unsecured 24 November 2018
SSL VPN: The Everywhere Issue “Spyware is no longer just an annoying pest swarming home PCs; rather, it has evolved into a serious enterprise security threat.” – IDC Worldwide Spyware 2004-2008 Forecast and Analysis (Nov. 2004) Internal applications Generally nonhardened SSL VPN Gateway External endpoints Range from secure to completely unsecured 24 November 2018
The Future of SSL VPN: Unification SSL VPNs will follow IPSec evolution: Connectivity + Security Key SSL VPN Needs ANYWHERE ACCESS Browser-based access Provide access to client/server applications Anywhere Access Network Access EVERYWHERE SECURITY Enforce Policy and Secure Data Manage the everywhere security problem Harden applications from security threats Secure Applications UNIFIED MANAGEMENT Easy to Deploy Minimize deployment and support time 24 November 2018
Check Point Connectra Web Connectivity with Unmatched Security Server Authentication Server (Optional) Email Server File Share Server Non-Web Application Server Check Point Connectra Anywhere Access Network Access Enforce Policy and Secure Data Secure Applications Easy to Deploy Unified Web Security Gateway Secure Web-Based Connectivity Integrated Endpoint Security Integrated Application Security Easy Deployment and Management Flexible Deployment Options 24 November 2018
Secure Web Based Connectivity Connectra Web Portal Access client/server applications through browser plug-in Web-based access to email Access Web sites and applications Access file share servers 24 November 2018
Integrated Endpoint Security Key benefits Minimizes risk from unsecured endpoints Stops ID, password, and data theft Check Point Connectra Guest PC, unmanaged Limit access rights Scans for spyware and malware Enforces endpoint security compliance (antivirus/firewall) Provides secure browser for data encryption and cache cleaning Real-time endpoint security updates Public PC using secure browser Grant higher access rights Spyware and malware Antivirus and firewall compliance Secure browser Spyware detected Deny access 24 November 2018
Integrated Application Security Application Intelligence and Web Intelligence Application-layer protection DNS, FTP, HTTP, Microsoft CIFS, etc. Block malicious data Buffer overflows, DOS attacks, SQL injection, worms, etc. Real-time security updates Key benefits Ensures internal applications and resources are secure Increases security protection for when endpoints are less secure Normal user Hacker/ infected PC Check Point Connectra Normal user 24 November 2018
Universal Updateability Perimeter, Internal, Web Strategy: Universal Updateability Update to All Security Components Application Intelligence and Web Intelligence Endpoint Security Universal SmartDefense Delivers the power to update each Check Point solution in real time against the latest known and unknown security threats 24 November 2018
Easy Deployment and Management Key benefits Simplifies installation and management Leverages existing infrastructure Authentication Integration LDAP, RADIUS, SecureID Application Integration OWA, Citrix, iNotes, etc. Email, File Share SSO Management Web-based Optional SmartCenter integration SmartCenter Server Authentication Server SSL Check Point VPN-1 Check Point Connectra Management Station (SmartCenter) 24 November 2018
Connectra NGX R60 and SmartCenter Unified Security Management NGX SmartCenter SmartView Tracker SmartView Monitor Smart Update SmartDefense Service 24 November 2018
Flexible Platform Options Key benefits Match platform with price/performance requirements Connectra appliance Turnkey solution Hardened Check Point or OPSEC hardware platform Multiple platforms to match deployment size Connectra software Software for open servers Based on SecurePlatform Available as dedicated appliance or software for open servers Connectra software Connectra appliance 24 November 2018
Connectra Uniqueness in SSL VPN Connectra 2.0 warrants consideration, especially when compared with other enterprise remote-access solutions. It has all of the core features, plus solid end-point security. With Connectra 2.0, Check Point Software Technologies Ltd. leverages its vast experience securing networks, applications and client endpoints to provide the most comprehensive security feature set we've seen in an SSL VPN product to date. March 14, 2005 Key SSL VPN Needs CONNECTIVITY Anywhere Access Almost all vendors deliver similar set of connectivity features SSL Network Extender a solid performer Some deliver some features Most rely on third-party startups to fill in gaps Connectra the most integrated security, only solution with real-time security updates Standalone solutions, no integration Unified Security Architecture: Centralized security management Network Access SECURITY Enforce policy and Secure Data Secure Applications MANAGEABILITY Easy to Deploy 24 November 2018
Unified Web Security Gateway Thank You! Web Server Authentication Server (Optional) Email Server File Share Server Non-Web Application Server Check Point Connectra Anywhere Access Network Access Enforce Policy and Secure Data Secure Applications Easy to Deploy Unified Web Security Gateway Secure Web-Based Connectivity Integrated Endpoint Security Integrated Application Security Easy Deployment and Management Flexible Deployment Options 24 November 2018