CHECK POINT QUANTUM
Next-Gen Firewall
Next-Gen Firewall
Protect Against Sophisticated Cyber Attacks with Check Point’s Next-Generation Firewall
The cybersecurity landscape is evolving. As internet traffic and corporate networks grow each year, cyber attacks are becoming more sophisticated and harder to detect. Next-Generation Firewalls (NGFW) are an integral part of an organization’s security solution that can combat these devastating attacks.
7 essential functionalities
Management
Check Point security management has always played a fundamental role in our architectures and drives operationally viable policy management, incident response, and compliance. At the highest level, the management architecture supports:
- A single policy construct across all enforcement points in the Infinity architecture
- Combined threat prevention and segmentation policies in a unified policy table across appliances, virtual and cloud
- Compliance control validation, with template support for common compliance regulations
- Consolidated event management and export via SmartEvent
- Group-based delegation of administrative authority, with full workflow support
- Orchestration integration for virtual and cloud environments, including automated services insertion
- Open APIs for ecosystem integrations
Threat prevention
A key Check Point differentiator, when compared to other firewalls, is the integration of best-in-class threat prevention across the architecture. While others concede attackers will get in and are pivoting to detection and response, our focus remains on stopping attacks before they succeed. This includes tackling the latest large-scale, multi-vector GenV attacks, in addition to more conventional attacks that are still widely used.
Application inspection and control
Check Point’s Application Control capability supports security policies to identify, allow, block or limit the usage of thousands of applications, including Web and social networking, regardless of port, protocol, or evasive technique used to traverse the network. It currently understands over 8,100 Web 2.0 applications with more being added continuously. Advanced user interaction features allow security administrators to alert employees in real-time about application access limitations, and query them as to whether application use is for business or personal use. This enables IT administrators to gain a better understanding of Web usage patterns, adapt policies, and regulate personal usage without interrupting the flow of business.
Identity-based inspection and control
Check Point pioneered the development of user and group-based policies. Our firewalls and management integrate with Microsoft AD, LDAP, RADIUS, Cisco pxGrid, Terminal Servers, and with 3rd parties via a Web API. And because the management console supports these policies across our portfolio, you can limit the integration with the identity store to this one interface, and still get broad security coverage based on a single set of identity-policies. This support extends to security monitoring via the SmartEvent console. The combination of identity and application awareness is mandatory for building scalable security policies that protect the business without compromising user experience.
Hybrid cloud support
Check Point firewalls support both virtual and cloud deployments, in addition to a complete portfolio of appliances that span remote office to data center requirements. Virtual systems support allows a single software security gateway to be segmented into multiple zones with independent resources and management. In addition to traditional vSphere, we support both NSX and Cisco ACI software-defined networking environments. For IaaS public cloud, all major vendors are supported including AWS, Azure, GCP, Oracle and Alibaba Clouds. Integration with cloud automation provides instantiation of both virtual gateways and template-based security policies without manual intervention. This enables new workloads to be secured as they are deployed, without implementation delays caused by manual security configuration.
Scalable performance with advanced security functions
Check Point’s portfolio offers powerful scaling options for both hardware and software-based firewalls. The Maestro Hyperscale solution brings the scale, agility and elasticity of the cloud on-premise with efficient N+1 hardware clustering based on Check Point HyperSync technology. Up to 52 gateways/firewalls can be clustered to deliver up to 1,000Gbps of throughput, while still being managed as a single entity. Start with what you need today, knowing that you can easily scale when needed without risky and complex upgrades or network re-designs.
For cloud deployments, Check Point offers CloudGuard, available in both Pay-as-you-go (PAYG) and Bring-your-own-license (BYOL) pricing models. CloudGuard supports the same services as our physical firewalls, with transparent policy management across on-premises, virtual, and cloud gateways.
Encrypted traffic inspection
Check Point enterprise firewall software includes SSL/TLS decryption and inspection, so that security policies can be applied to encrypted traffic. The software leverages crypto hardware acceleration built into Intel processors. Furthermore, our SecureXL technology supports crypto acceleration using Check Point hardware models available on many of the security gateways. This acceleration is critical in situations requiring high-scale inspection and policy enforcement upon HTTPS encrypted traffic. Finally, enterprise firewalls must securely categorize HTTPS traffic using the Server Name Indication (SNI) extension, inspect all of the latest cipher suites and curves such as TLS 1.2 and have plans for securing TLS 1.3 traffic.
Portfolio
Integrating the most advanced threat prevention and a consolidated management, our security gateway appliances are designed to prevent any cyber attack, reduce complexity and lower your costs.