Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud

•Download as PPSX, PDF•

1 like•877 views

Peter Kovalčík, SE Eastern Europe, Check Point Virtualization Forum 2014, Prague, 22.10.2014 Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).

Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud
Peter Kovalcik| SE Eastern Europe
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. ©2014 Check Point Software Technologies Lt1d

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 2

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 3

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 4

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 5

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 6

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 7

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 8

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 9

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 10

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 11

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 12

©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 13

Growing enterprise complexity
[Protected] Non-confidential content
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 14

METHODOLOGY OF SDP
STEP 1: SEGMENTATION
STEP 2: DEFINE PROTECTIONS
STEP 3: CONSOLIDATION
STEP 4: POLICY DEFINITION
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 15

Segmentation
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 16

METHODOLOGY OF SDP
STEP 1: SEGMENTATION
STEP 2: DEFINE PROTECTIONS
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 17

Access Control vs. Threat Prevention
[Protected] Non-confidential content
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 18

Risk-based Selection
[Protected] Non-confidential content
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 19

Threat Prevention
Segment Target Protections
DMZ Servers IPS
LAN Client machines IPS, AV, TE
DC Servers IPS
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 20

Threat Prevention
Segment Target Protections
DMZ Servers IPS
LAN Client machines IPS, AV, TE
DC Servers IPS
LAN Users AB
C&C
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 21

Data Protection
Segment Target Protections
LAN Users DLP
DC Servers, Data DLP
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 22

METHODOLOGY OF SDP
STEP 1: SEGMENTATION
STEP 2: DEFINE PROTECTIONS
STEP 3: CONSOLIDATION
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 24

Consolidation
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 25

Virtual Edition: zabezp. VMware ESX
Security Challenges
in Virtual Environments
Protection from external
threats
Inspect traffic between
Virtual Machines (VMs)
Secure new Virtual Machines
automatically
[Restricted] ONLY for designated groups and individuals
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 26

Network Mode Hypervisor Mode
Ext
2.1.1.1 2.1.1.2
Pkt
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 27
vSwitch 1
Ext
GW
Pkt
Security API
vSwitch
Agent
Ext
Agent
Pkt
VE
Operation Mode
• Protection from External threats
• Not aware of inter-vSwitch traffic
• Protects VMs with inter-vSwitch inspection
• Supports dynamic virtual environment
vSwitch 2
Pkt
[Restricted] ONLY for designated groups and individuals

Deployments before VMsafe
integration
Gateway is not aware of inter-vSwitch traffic
2.1.1.1 2.1.1.3
2.1.1.2 2.1.1.4 2.1.1.5
vSwitch
Packets not
inspected inside
vSwitch
Ext
GW
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 28
Pkt
[Restricted] ONLY for designated groups and individuals

Layer 2 security packet flow
ESX Server
2.1.1.1 sends
packet to 2.1.1.3
2.1.1.1 22..11..11..33
2.1.1.2 2.1.1.4 2.1.1.5
Pkt
Agent Agent Agent Agent Agent
vSwitch
Pkt
Packet continues the
flow from where it was
intercepted
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 29
Pkt
VE
Security API
Packet is not
inspected again
Packet passed firewall
inspection and is sent
back to the Agent
Packet intercepted in the
Agent and forwarded to the
Gateway for inspection
[Restricted] ONLY for designated groups and individuals

Layer 2 security in dynamic environments
ESX 1 ESX 2
2.1.1.2
Ext Ext
Sync
Agent Agent Agent
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 30
2.1.1.1
Security API
vSwitch
VE
Ext
Security API
vSwitch
Ext Ext VE
2.1.1.2 2.1.1.3
Pkt
Pkt
Connection initiated from
2.1.1.1 to 2.1.1.3
[Restricted] ONLY for designated groups and individuals

Layer 2 security in dynamic environments
ESX 1 ESX 2
2.1.1.2
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 31
2.1.1.1
2.1.1.2
Security API
vSwitch
Agent
Ext
Security API
vSwitch
Ext Ext
2.1.1.3
Agent
Sync
2.1.1.3
Agent Agent
Ext Ext
VM is migrating
to ESX 2
Connections related with
2.1.1.3 will be marked that
they are handled by ESX 1
SG VE SG VE
[Restricted] ONLY for designated groups and individuals

PPkktt
Agent
Layer 2 security in dynamic environments
ESX 1 ESX 2
Ext Ext
Packet
forwarded to
ESX 1
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 32
Existing
connection
2.1.1.1 2.1.1.2
Pkt
Security API
vSwitch
Agent
Security API
vSwitch
Ext Ext
2.1.1.3
Sync
Agent
Pkktt
Pkt
Packet not
forwarded
New
connection
VE VE
Pkt
[Restricted] ONLY for designated groups and individuals

Installation automation
Seamless security for dynamic environments
VM 1 VM 2 VM 3
VM 4 VM 5
Agent Agent Agent Agent Agent
VE attaches the Fast Path
Agents on the vNICs of
the new VMs
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 33
2.1.1.1
Security API
vSwitch
SG VE
Ext
External
Switch
Ext
Service Console
ESX Server
VE installed
VE retrieves
information on
VMs/Port
groups/vSwitches
Event sent to VE
informing of new VMs
VE attaches the Fast Path
Agents on the vNICs of
the new VMs
[Restricted] ONLY for designated groups and individuals

Management
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 35

• Security Management
• Multi-Domain Management
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 36
Summary
Physical Security Gateway Management Server
21400 VSLS
Virtual security Gateway (VSX)
Security Gateway Virtual Edition
• Hypervisor Mode
• Network Mode
Cloud Orchestration

THANK YOU!
©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. ©2014 Check Point Software Technologies L3t7d

What's hot

Top 9 Critical Findings - Dramatically Improve Your Organization's Security

Praetorian

As an information security consulting company, Praetorian has a unique ability to observe security programs across a wide range of companies. Based on the vulnerability patterns seen across organizations, a top ten list of common critical findings was created. The purpose of this presentation is to examine each of those critical findings and provide recommendations for mitigation. Examples from actual engagements are used to emphasize risk through real world scenarios. Some information from the screenshots provided has been redacted to protect confidentiality. Praetorian's goal is to help our clients understand minimize their overall security exposure and liability. Through our services, your organization can obtain an accurate, independent security assessment.

CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG

CODE BLUE

The document discusses Dongcheol Hong's work as CTO of SEWORKS Inc, including his experience with security events like DEFCON CTF and development of products like the HSDrone drone system. It provides details on the technical components, architecture and networking of the AR.Drone 2.0 drone platform, and describes methods for hacking and customizing the drone including exploiting services like Telnet, FTP and wireless access.

Check Point Virtual Systems

Group of company MUK

The document discusses Check Point Virtual Systems which provide consolidation, virtualization, and security capabilities. It highlights that Virtual Systems allow all software blades to run on every virtual system to simplify management. Performance is boosted through features like CoreXL, which leverages multiple CPU cores, and Virtual System Load Sharing which can distribute virtual systems across up to 12 cluster members for linear scalability. Memory and CPU resources can be monitored on a per virtual system basis and optimized through affinity settings.

Secure sigfox ready devices recommendation guide

Sigfox

In the Sigfox ecosystem, the design and manufacturing of Sigfox Ready devices and Sigfox Verified sub-systems is under the responsibility of third parties. These third parties could be OEMs, ODMs, Silicon vendors, module vendors or customers. This responsibility includes design and implementation of sufficient security measures to protect customer applications, network access credentials and data conveyed on the network. Therefore, the question arises of what measures should be mandatory and whether certification or verification of the device security should be required. This document studies the risks related to insufficient security in Sigfox Ready devices in order to raise awareness on this issue within Sigfox and throughout the Sigfox ecosystem. It is also a guide to decide what measures could be required in the design, implementation and manufacturing of Sigfox Ready devices.

Hacking a Professional Drone

Priyanka Aash

Professional drones are now actively used across various industries to perform daily critical operations. In this awareness session, Nils Rodday will perform a live hack which exploits vulnerabilities of the professional drone and effectively compromises the security of the system to take over control. His session will also discuss practical fixes and approaches for remediating these issues. (Source: RSA USA 2016-San Francisco)

Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010

Priyanka Aash

"Existing techniques for bypassing wired port security are limited to attacking 802.1x-2004, which does not provide encryption or the ability to perform authentication on a packet-by-packet basis [1][2][3][4]. The development of 802.1x-2010 mitigates these issues by using MacSEC to provide Layer 2 encryption and packet integrity check to the protocol [5]. Since MacSEC encrypts data on a hop-by-hop basis, it successfully protects against the bridge-based attacks pioneered by the likes of Steve Riley, Abb, and Alva Duckwall [5][6]. In addition to the development of 802.1x-2010, improved 802.1x support by peripheral devices such as printers also poses a challenge to attackers. Gone are the days in which bypassing 802.1x was as simple as finding a printer and spoofing address, as hardware manufacturers have gotten smarter. In this talk, we will introduce a novel technique for bypassing 802.1x-2010 by demonstrating how MacSEC fails when weak forms of EAP are used. Additionally, we will discuss how improved 802.1x support by peripheral devices does not necessarily translate to improved port-security due to the widespread use of weak EAP. Finally, we will consider how improvements to the Linux kernel have made bridge-based techniques easier to implement and demonstrate an alternative to using packet injection for network interaction. We have packaged each of these techniques and improvements into an open source tool called Silent Bridge, which we plan on releasing at the conference."

Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...

Honeywell

CCNP Security-Secure

mohannadalhanahnah

This document discusses network security technologies and Cisco solutions. It covers topics like 802.1X authentication, identity management with Cisco ACS, port security, DHCP snooping, and securing the network infrastructure with Network Foundation Protection. The document appears to be slides from a training course on Cisco's SECURE certification that provides an overview of various network security concepts and Cisco products.

checkpoint

Mayank Dhingra

This document provides an overview and objectives of a training course on VPN-1/FireWall-1 NG Management I. The course aims to teach students how to identify the basic components of VPN-1/FireWall-1 NG, configure and manage it, create and manage management objects, use key features like the security policy and log viewer, apply NAT rules and authenticate users. It outlines the modules to be covered, including the VPN-1/FireWall-1 NG architecture, security policy setup, advanced security policies, log management, and authentication parameters.

CCNP Security-IPS

mohannadalhanahnah

The document discusses Cisco IPSv7.0 and covers several topics: - An overview of the IPSv7.0 exam topics and preparation strategies. - Introduction to intrusion prevention and detection, including deployment options for Cisco IPS sensors. - Applying Cisco IPS security policies through configuration of virtual sensors and event actions. - Managing IPS sensors through the CLI, IDM, and IME and maintaining sensors through software updates.

IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud

Priyanka Aash

Mitigating worm attacks

dkaya

Mitigating Worm Attacks seminar discusses tools and techniques for responding to worm incidents in an enterprise network, including containment, inoculation, quarantine, and treatment methodology. Key tools covered are ACLs, NetFlow, sinkholes, and remote-triggered black hole routing to detect and isolate infected systems. Incident response processes including preparation, triage, analysis, reaction, and post-mortem are also reviewed.

Check Point: Security in virtual environment

ASBIS SK

This document discusses security in virtual and cloud environments. It begins by explaining the benefits of virtualization and private clouds for efficiency and cost reduction. It then addresses the growing problem of "VLAN sprawl" as more virtual machines are added. The document introduces Check Point's Security Gateway Virtual Edition as a solution to securely manage growing private clouds by automatically securing new virtual machines, inspecting traffic between VMs, and protecting from external threats. For public clouds, it discusses the need to securely connect, manage security within diverse cloud platforms, and secure the cloud itself with multi-tenant environments. Check Point provides unified management of physical and virtual systems as well as customized security policies to address these challenges of securing virtual and cloud computing.

CSIRS ICS BCS 2.2

David Spinks

This document summarizes a presentation on cyber security in real-time systems. It discusses threats to industrial control systems and SCADA systems, and the differences between traditional IT and industrial control system cultures. It provides examples of attacks on industrial control systems and poor monitoring of SCADA systems. It suggests that security operations centers may provide common ground between IT and ICS. Finally, it discusses recent media reports relating to hacking of rail signaling systems and aircraft systems.

Identify and mitigate high risk port vulnerabilities

GENIANS, INC.

With two thirds of Cyber Attacks occurring on three commonly enabled ports, active open Port Awareness is an essential feature. Without this knowledge it is impossible to assess the potential risk of exposure on a network. With Genian NAC Sensor technology deployed, a separate vulnerability scanner is not required. Less systems to manage means more time and efficiency for IT staff. Additionally, knowing that a network is at risk because these High Risk ports are enabled on various nodes is only half the battle. Being able to rapidly block nodes from the network if required without tracking down the location of a device is crucial. Genian NAC provides real-time open Port Awareness, a means to quickly and easily block a node from network access, the ability to monitor any time a new device with High Risk ports enabled connects to the network and built-in reporting so Admins can mitigate the risk in a timely manner.

Ccna sv2 instructor_ppt_ch2

SalmenHAJJI1

The document discusses securing network devices in CCNA Security v2.0. It covers securing device access through authentication and authorization. It describes monitoring and managing devices securely as well as using automated security features. It discusses securing the control plane through protocols like SNMP, SSH, NTP and routing authentication. The objectives are to configure administrative access, command authorization, secure management, use AutoSecure features, and implement control plane security.

Blackhat USA 2016 - What's the DFIRence for ICS?

Chris Sistrunk

Digital Forensics and Incident Response (DFIR) for IT systems has been around quite a while, but what about Industrial Control Systems (ICS)? This talk will explore the basics of DFIR for embedded devices used in critical infrastructure such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and controllers. If these are compromised or even have a misoperation, we will show what files, firmware, memory dumps, physical conditions, and other data can be analyzed in embedded systems to determine the root cause. This talk will show examples of what and how to collect forensics data from two popular RTUs that are used in Electric Substations: the General Electric D20MX and the Schweitzer Engineering Labs SEL-3530 RTAC. This talk will not cover Windows or *nixbased devices such as Human Machine Interfaces (HMIs) or gateways.

Mastering checkpoint-1-basic-installation

networkershome

The document provides an overview of Check Point's Gaia operating system. Some key points: - Gaia is Check Point's next generation operating system that combines the best of their SecurePlatform and IPSO operating systems. - It supports all Check Point security appliances and products, including Software Blades, Gateways, and Security Management. - Features include support for IPv4/IPv6, high connection capacity, load sharing, high availability, dynamic routing, easy CLI, and role-based administration. - Gaia allows for simple upgrades from IPSO and SecurePlatform and includes automated software updates for Check Point products.

DEF CON 23 - NSM 101 for ICS

Chris Sistrunk

Chris Sistrunk discussed implementing network security monitoring (NSM) on industrial control systems (ICS). NSM involves collecting network data through tools like Security Onion, analyzing the data to detect anomalies, and investigating anomalies to identify potential threats. While ICS networks pose different challenges than typical IT networks, the same NSM methodology of collection, detection, and analysis can be applied. Free and open source tools like Security Onion allow implementing NSM on ICS to hunt for threats without disrupting operations. The most important part of NSM is having knowledgeable people to interpret data and identify what is normal versus potentially malicious activity on the network.

Check Point sizing security

Group of company MUK

This document discusses sizing security gateways and selecting the appropriate appliance. It introduces the concept of SecurityPower as a new way to measure an appliance's performance under real-world traffic and multiple security functions. The document recommends using the Appliance Selection Tool to translate a customer's requirements into SecurityPower and suggest a suitable appliance that allows for future growth. It also describes the Performance Utility which collects real performance data to validate the appliance selection.

What's hot (20)

Top 9 Critical Findings - Dramatically Improve Your Organization's Security

CODE BLUE 2014 : [ドローンへの攻撃] マルウェア感染とネットワーク経由の攻撃 by ドンチョル・ホン DONGCHEOL HONG

Check Point Virtual Systems

Secure sigfox ready devices recommendation guide

Hacking a Professional Drone

Bypassing Port-Security In 2018: Defeating MacSEC and 802.1x-2010

Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...

CCNP Security-Secure

checkpoint

CCNP Security-IPS

IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud

Mitigating worm attacks

Check Point: Security in virtual environment

CSIRS ICS BCS 2.2

Identify and mitigate high risk port vulnerabilities

Ccna sv2 instructor_ppt_ch2

Blackhat USA 2016 - What's the DFIRence for ICS?

Mastering checkpoint-1-basic-installation

DEF CON 23 - NSM 101 for ICS

Check Point sizing security

Similar to Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud

Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...

MarketingArrowECS_CZ

This document discusses how Check Point vSEC and VMware NSX can be used together to secure software-defined datacenters. The key points are: 1. Check Point vSEC can be automatically deployed on each ESXi host via NSX to provide security visibility and control for east-west traffic inside the datacenter. 2. NSX micro-segmentation capabilities and Check Point security policies allow fine-grained security control between virtual machines segmented into different security groups. 3. The integration provides consistent security for both north-south and east-west traffic inside software-defined datacenters through automation of virtual network and security provisioning.

vSEC pro VMware NSX

MarketingArrowECS_CZ

1. Check Point vSEC and VMware NSX provide security for software-defined datacenters through a 100% software-based approach. 2. vSEC can be automatically deployed on each ESXi host via NSX to provide automated security provisioning. It enforces security policies between virtual machines through micro-segmentation. 3. The joint solution provides consistent security for both north-south and east-west traffic in the datacenter through features like advanced threat prevention, application-aware policies, and shared security context between vSEC and NSX Manager.

Check Point vSEC - Bezpečnostní řešení pro moderní datová centra

MarketingArrowECS_CZ

Check Point vSEC is a security solution for modern data centers that provides: 1) Automated deployment of security policies to securely scale virtual machines on new host members. 2) Inspection of east-west traffic between virtual machines through NSX chains and Check Point vSEC gateways to prevent lateral threats. 3) Unified management of virtual and perimeter security gateways through Check Point's management system for consistent policy control and threat visibility across environments.

[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...

Ian Choi

The document discusses security in virtualized cloud environments. It describes how traditional security appliances have limitations around cost and bandwidth. The proposed approach uses SDN to control distributed deep packet inspection (DPI) nodes to provide flexible, scalable security as a service. Diagrams show how OpenStack could integrate with SDN and DPI nodes to provide centralized security policy management across virtual machines on multiple compute nodes.

Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions

Honeywell

Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...

MarketingArrowECS_CZ

This document discusses the need for a new security model in software-defined data centers (SDDCs). Traditional security approaches no longer apply in SDDCs due to their dynamic nature. The Check Point vSEC solution is presented as providing security across virtual and physical systems in SDDCs. Key features of vSEC include automatically scaling security across virtual machines, enforcing security for east-west traffic between VMs, providing advanced threat prevention, and unified management of virtual and physical gateways. A demo is provided of vSEC's advanced security protections, granular visibility, identity awareness, and automation capabilities.

Detección y mitigación de amenazas con Check Point

Nextel S.A.

6th SDN Interest Group Seminar - Session6 (131210)

NAIM Networks, Inc.

How to securely manage endpoints using SanerNow

SecPod

The wavering work norms demand a tight hold on the endpoints. To help you stay on top of endpoint management, the upcoming session of our "Product Webinar Series: The Art of Securing and Managing Endpoints" is on "How to manage endpoints securely using SanerNow?". In this session, you can learn about: • What are the major Endpoint management capabilities you can implement using SanerNow? • How you can combat the complex challenges of managing endpoints in the new era • How you can continuously monitor endpoint metrics and manage system health.

CCSA Treinamento_CheckPoint.pptx

EBERTE

Here are the key steps to configure a Security Gateway: 1. Install Gaia OS on the gateway appliance or server. 2. Configure the gateway's network interfaces and default routes. 3. Connect to the Security Management Server using the gateway's management IP. 4. Use the WebUI or CLI to register the gateway with the SMS. 5. Assign the gateway a unique hostname. 6. Configure high availability settings like cluster interface, synchronization, and failover. 7. Install and activate security licenses on the gateway. 8. Install and configure required security software blades. 9. Deploy security policies and rules to the gateway from the SMS. 10.

[CLASS2014] Palestra Técnica - Franzvitor Fiorim

TI Safe

This document discusses security risks to industrial control systems (ICS) and strategies to protect them. It begins by providing examples of security incidents that impacted real-world critical infrastructure facilities. These include production line stoppages due to malware infections and temporary loss of control from unauthorized access. The document then notes that ICS environments are becoming more open and connected, increasing risk. It argues that security approaches for ICS must focus on integrity, availability and confidentiality to account for their mission-critical nature of continuously operating specialized systems. The document advocates implementing network segmentation, carefully managing external devices and updating systems without interrupting operations.

vSEC pro CISCO ACI

MarketingArrowECS_CZ

This document discusses how Check Point software integrates with Cisco Application Centric Infrastructure (ACI) to automate advanced network security in software-defined datacenters. It explains how Check Point virtual security gateways can be inserted into the ACI fabric using End Point Groups and service graphs defined in the Cisco Application Policy Infrastructure Controller. The document also outlines four demonstration scenarios showing how Check Point gateways can be automatically deployed, have dynamic security policies enforced, and be automatically deleted through the ACI device package and controller integration.

Staying One Step Ahead with Zero-Day Protection

MarketingArrowECS_CZ

This document discusses Check Point's SandBlast technology for detecting zero-day threats. SandBlast provides unprecedented prevention against unknown malware, zero-day, and targeted attacks by detecting exploits at the CPU level before evasion techniques can be used. It also quickly delivers safe reconstructed files to maintain business productivity while inspecting files in real-time. SandBlast can be deployed flexibly on-premise or in the cloud for optimal protection.

Gestiona el riesgo de las grandes amenazas

Nextel S.A.

The document provides information about Check Point's Compliance Software Blade, which allows users to monitor security and compliance across their network in real-time. The Compliance Software Blade integrates fully with Check Point's security management platform and provides visibility into security best practices mapped to various regulations. It also offers out-of-the-box audit preparation and compliance reporting to help streamline regulatory compliance efforts.

Towards 0-bug software in the automotive industry

Ashley Zupkus

What are the software safety and security standards that software developers in the automotive industry need to meet? How can safe, secure code be developed in accordance with the industry norms like ISO 26262, ISO 21434, and SOTIF? Experts specialized in the automotive industry will answer all your questions in this webinar dedicated to automotive software safety and security. 1. Latest safety and security standards for automotive software (ISO 26262, ISO 21434, and SOTIF) and how they impact software developers' work - Amin Amini, CertX 2. How to implement coding best practices to ensure the highest levels of safety & security in software in autonomous vehicles - Arnaud Telinge, EasyMile 3. How can code analysis tools be leveraged to help reach ISO 26262 and ISO 21434 demands more efficiently - Fabrice Derepas, TrustInSoft

Mind the gap_cpx2022_moti_sagey_final

Moti Sagey מוטי שגיא

This document discusses Check Point's perspective on the importance of the best security. It begins by outlining some of the major threats in 2021 like ransomware, APT groups, and software vulnerabilities. It then defines what "best security" means to Check Point, including blocking threats in real-time, prevention over detection, being everywhere across networks and clouds, being smart with AI, and being trusted. The document provides examples of how Check Point provides real-time prevention and highlights technology and testing that shows it is more effective than competitors. It emphasizes the importance of security vendors securing their own code and shows data that Check Point has fewer vulnerabilities and faster response times. The conclusion discusses how the best companies choose Check Point.

Operational Technology Security Solution for Utilities

Krishna Chennareddy

The document summarizes a security solution called OTPS that is designed to protect utility control systems from vulnerabilities. It notes that control systems have become more vulnerable as they integrate with corporate networks and use commercial operating systems. The OTPS solution uses security event management, intrusion detection, and other tools to monitor systems for breaches, protect critical infrastructure, and detect and prevent security issues across networks, protocols, processes and system health. It is presented as a customizable, scalable solution to implement security best practices for utility control environments.

WannaCry: How to Protect Yourself

Check Point Software Technologies

The recent WannaCry outbreak clearly demonstrates just how damaging ransomware can be, and how quickly such attacks can disrupt vital services. View the slides from our webinar to learn about WannaCry’s inner-workings, understand how to effectively protect from this threat and what you should do to be prepared for future attacks. For more information: http://pages.checkpoint.com/anti-ransomware.html

The Present and Future of IoT Cybersecurity

Onward Security

The document discusses IoT cybersecurity challenges and solutions. It notes that 57% of IoT devices are currently vulnerable to attacks costing over $500,000 per month. Various regulatory standards for IoT security are outlined, along with the security requirements of platforms like Amazon Alexa. The company discussed provides compliance services, security assessments, and automated testing tools to help customers address vulnerabilities and meet requirements throughout the product development lifecycle.

CCNA4 Verson6 Chapter5

Chaing Ravuth

This document discusses network security and monitoring techniques in three sections. Section 5.1 covers LAN security best practices like port security and DHCP snooping to mitigate common attacks. Section 5.2 explains how SNMP allows network monitoring and configuration, including the elements of SNMP and securing SNMPv3. Section 5.3 introduces SPAN as a tool for troubleshooting network issues by duplicating and redirecting traffic to a packet analyzer.

Similar to Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud (20)

Zabezpečení softwarově definovaných datových center prostřednictvím Check Poi...

vSEC pro VMware NSX

Check Point vSEC - Bezpečnostní řešení pro moderní datová centra

[OVNC 2013] Controlling Secure & Software Defined Network for Cloud Infrastru...

Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions

Síla virtuality - virtualizovaná bezpečnost softwarově definovaných datových ...

Detección y mitigación de amenazas con Check Point

6th SDN Interest Group Seminar - Session6 (131210)

How to securely manage endpoints using SanerNow

CCSA Treinamento_CheckPoint.pptx

[CLASS2014] Palestra Técnica - Franzvitor Fiorim

vSEC pro CISCO ACI

Staying One Step Ahead with Zero-Day Protection

Gestiona el riesgo de las grandes amenazas

Towards 0-bug software in the automotive industry

Mind the gap_cpx2022_moti_sagey_final

Operational Technology Security Solution for Utilities

WannaCry: How to Protect Yourself

The Present and Future of IoT Cybersecurity

CCNA4 Verson6 Chapter5

More from MarketingArrowECS_CZ

INFINIDAT InfiniGuard - 20220330.pdf

MarketingArrowECS_CZ

This document discusses InfiniGuard's data protection solution and its advantages over other backup appliances. It highlights InfiniGuard's ability to provide fast restore times even for large datasets through its use of InfiniBox storage technology. The document also covers how InfiniGuard addresses modern threats like ransomware through immutable snapshots, logical air-gapping of backups, and a isolated forensic network to enable fast recovery from cyber attacks.

Využijte svou Oracle databázi na maximum!

MarketingArrowECS_CZ

Využijte svou Oracle databázi na maximum! Ondřej Buršík Senior Presales, Oracle Arrow / Oracle The document discusses maximizing the use of Oracle databases. It covers topics such as resilience, performance and agility, security and risk management, and cost optimization. It promotes Oracle Database editions and features, as well as Oracle Engineered Systems like Exadata, which are designed to provide high performance, availability, security and manageability for databases.

Jak konsolidovat Vaše databáze s využitím Cloud služeb?

MarketingArrowECS_CZ

Chráníte správně svoje data?

MarketingArrowECS_CZ

Oracle databáze – Konsolidovaná Data Management Platforma

MarketingArrowECS_CZ

Nové vlastnosti Oracle Database Appliance

MarketingArrowECS_CZ

The document discusses Oracle Database Appliance (ODA) high availability and disaster recovery solutions. It compares Oracle Real Application Clusters (RAC), RAC One Node, and Standard Edition High Availability (SEHA). RAC provides automatic restart and failover capabilities for load balancing across nodes. RAC One Node and SEHA provide restart and failover, but no load balancing. SEHA is suitable for Standard Edition databases if up to 16 sessions are adequate and a few minutes of reconnection time is acceptable without data loss during failover.

Infinidat InfiniGuard

MarketingArrowECS_CZ

This document discusses InfiniGuard, a data protection solution from Infinidat. It highlights challenges with current backup solutions including slow restore times. InfiniGuard addresses this by leveraging InfiniBox storage technology to achieve restore objectives. It provides fast, scalable backup and restore performance. InfiniGuard also discusses threats from server-side encryption attacks and how its immutable snapshots and isolated backup environment help provide cyber resilience against such threats.

Infinidat InfiniBox

MarketingArrowECS_CZ

This document discusses Infinidat's scale-out storage solutions. It highlights Infinidat's unique software-driven architecture with over 100 patents. Infinidat systems can scale to over 7 exabytes deployed globally across various industries. Analyst reviews show Infinidat receiving higher ratings than Dell EMC, HPE, NetApp, and others. The InfiniBox systems offer multi-petabyte scale in a single rack with high performance, reliability, and efficiency.

Novinky ve světě Oracle DB a koncept konvergované databáze

MarketingArrowECS_CZ

This document discusses Oracle Database 19c and the concept of a converged database. It begins with an overview of new features in Oracle Database 19c, including direct upgrade paths, new in-memory capabilities, and improvements to multitenant architecture. It then discusses the concept of a converged database that can support multiple data types and workloads within a single database compared to using separate single-purpose databases. The document argues that a converged database approach avoids issues with data consistency, security, availability and manageability between separate databases. It notes Oracle Database's support for transactions, analytics, machine learning, IoT and other workloads within a single database. The document concludes with an overview of Oracle Database Performance Health Checks.

Základy licencování Oracle software

MarketingArrowECS_CZ

Garance 100% dostupnosti dat! Kdo z vás to má?

MarketingArrowECS_CZ

The document discusses Infinidat's scale-out storage solutions. It highlights Infinidat's unique software-driven architecture with over 100 patents. Infinidat solutions can scale to multi-petabyte capacity in a single rack and provide high performance, reliability, and cost-effectiveness compared to other storage vendors. The document also covers Infinidat's flexible business models, replication capabilities, and easy management tools.

Využijte svou Oracle databázi naplno

MarketingArrowECS_CZ

The document discusses Oracle's Database Options Initiative and how it can help organizations address challenges in a post-pandemic world. It outlines bundles focused on security & risk resilience, operational resiliency, cost optimization, and performance & agility. Each bundle contains various Oracle database products and capabilities designed to provide benefits like reduced costs, increased availability, faster performance, and enhanced security. The document also provides information on specific products and how they address needs such as disaster recovery, data protection, database management, and query optimization.

Oracle Data Protection - 2. část

MarketingArrowECS_CZ

Oracle's Data Protection Solutions Will Help You Protect Your Business Interests The document discusses Oracle's data protection solutions, specifically the Oracle Recovery Appliance. The Recovery Appliance provides continuous data protection for Oracle databases with recovery points of less than one second. It offers faster restore performance compared to generic data protection appliances. The Recovery Appliance fully integrates with Oracle databases and offers features like real-time data validation and monitoring of data loss exposure.

Oracle Data Protection - 1. část

MarketingArrowECS_CZ

The document discusses strategies for protecting data, including: 1. Implementing a well-defined data protection architecture using Oracle Database security controls and services like Data Safe to assess risks, discover sensitive data, and audit activities. 2. Using high availability technologies like Oracle Real Application Clusters and disaster recovery options like Data Guard and GoldenGate to ensure redundancy and meet recovery objectives. 3. Addressing challenges with traditional backup and restore approaches and the need for a new solution given critical failures and costs of $2.5M per year to correct.

Benefity Oracle Cloudu (4/4): Storage

MarketingArrowECS_CZ

OCI Storage Services provides different types of storage for various use cases: - Local NVMe SSD storage provides high-performance temporary storage that is not persistent. - Block Volume storage provides durable block-level storage for applications requiring SAN-like features through iSCSI. Volumes can be resized, backed up, and cloned. - File Storage Service provides shared file systems accessible over NFSv3 that are durable and suitable for applications like EBS and HPC workloads.

Benefity Oracle Cloudu (3/4): Compute

MarketingArrowECS_CZ

This document discusses Oracle Cloud Infrastructure compute options including bare metal instances, virtual machine instances, and dedicated hosts. It provides details on instance types, images, volumes, instance configurations and pools, autoscaling, metadata, and lifecycle. Key points covered include the differences between bare metal, VM, and dedicated host instances, bringing your own images, customizing boot volumes, using instance configurations and pools for management and autoscaling, and accessing instance metadata.

InfiniBox z pohledu zákazníka

MarketingArrowECS_CZ

Exadata z pohledu zákazníka a novinky generace X8M - 2. část

MarketingArrowECS_CZ

Exadata z pohledu zákazníka a novinky generace X8M - 1. část

MarketingArrowECS_CZ

Oracle's Exadata X8M is a new database platform that provides the best performance for running Oracle Database. It uses a scale-out architecture with optimized compute, storage, and networking resources. New features include shared persistent memory that provides latency of 19 microseconds and speeds up log writes by 8x. Exadata X8M also delivers 3x more throughput, 2x more IOPS, and 5x lower latency than competing all-flash arrays. It offers the highest database performance scaling linearly with additional racks.

Úvod do Oracle Cloud infrastruktury

MarketingArrowECS_CZ

Oracle Cloud Infrastructure (OCI) provides Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) through a global network of 29 regions. OCI offers high-performance computing resources, storage, networking, security, and edge services to support traditional and cloud-native workloads. Pricing for OCI is consistently lower than other major cloud providers for equivalent services, with flexible payment models and usage-based pricing.

More from MarketingArrowECS_CZ (20)

INFINIDAT InfiniGuard - 20220330.pdf

Využijte svou Oracle databázi na maximum!

Jak konsolidovat Vaše databáze s využitím Cloud služeb?

Chráníte správně svoje data?

Oracle databáze – Konsolidovaná Data Management Platforma

Nové vlastnosti Oracle Database Appliance

Infinidat InfiniGuard

Infinidat InfiniBox

Novinky ve světě Oracle DB a koncept konvergované databáze

Základy licencování Oracle software

Garance 100% dostupnosti dat! Kdo z vás to má?

Využijte svou Oracle databázi naplno

Oracle Data Protection - 2. část

Oracle Data Protection - 1. část

Benefity Oracle Cloudu (4/4): Storage

Benefity Oracle Cloudu (3/4): Compute

InfiniBox z pohledu zákazníka

Exadata z pohledu zákazníka a novinky generace X8M - 2. část

Exadata z pohledu zákazníka a novinky generace X8M - 1. část

Úvod do Oracle Cloud infrastruktury

Recently uploaded

DealBook of Ukraine: 2024 edition

Yevgen Sysoyev

“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...

Edge AI and Vision Alliance

For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/07/intels-approach-to-operationalizing-ai-in-the-manufacturing-sector-a-presentation-from-intel/ Tara Thimmanaik, AI Systems and Solutions Architect at Intel, presents the “Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” tutorial at the May 2024 Embedded Vision Summit. AI at the edge is powering a revolution in industrial IoT, from real-time processing and analytics that drive greater efficiency and learning to predictive maintenance. Intel is focused on developing tools and assets to help domain experts operationalize AI-based solutions in their fields of expertise. In this talk, Thimmanaik explains how Intel’s software platforms simplify labor-intensive data upload, labeling, training, model optimization and retraining tasks. She shows how domain experts can quickly build vision models for a wide range of processes—detecting defective parts on a production line, reducing downtime on the factory floor, automating inventory management and other digitization and automation projects. And she introduces Intel-provided edge computing assets that empower faster localized insights and decisions, improving labor productivity through easy-to-use AI tools that democratize AI.

The Increasing Use of the National Research Platform by the CSU Campuses

Larry Smarr

Lessons Of Binary Analysis - Christien Rioux

crioux1

INDIAN AIR FORCE FIGHTER PLANES LIST.pdf

jackson110191

Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats

anupriti

In the rapidly evolving landscape of blockchain technology, the advent of quantum computing poses unprecedented challenges to traditional cryptographic methods. As quantum computing capabilities advance, the vulnerabilities of current cryptographic standards become increasingly apparent. This presentation, "Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats," explores the intersection of blockchain technology and quantum computing. It delves into the urgent need for resilient cryptographic solutions that can withstand the computational power of quantum adversaries. Key topics covered include: An overview of quantum computing and its implications for blockchain security. Current cryptographic standards and their vulnerabilities in the face of quantum threats. Emerging post-quantum cryptographic algorithms and their applicability to blockchain systems. Case studies and real-world implications of quantum-resistant blockchain implementations. Strategies for integrating post-quantum cryptography into existing blockchain frameworks. Join us as we navigate the complexities of securing blockchain networks in a quantum-enabled future. Gain insights into the latest advancements and best practices for safeguarding data integrity and privacy in the era of quantum threats.

Why do You Have to Redesign?_Redesign Challenge Day 1

FellyciaHikmahwarani

K2G - Insurtech Innovation EMEA Award 2024

The Digital Insurer

Running a Go App in Kubernetes: CPU Impacts

ScyllaDB

Hire a private investigator to get cell phone records

HackersList

Details of description part II: Describing images in practice - Tech Forum 2024

BookNet Canada

This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator. Link to presentation recording and transcript: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/ Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.

The Rise of Supernetwork Data Intensive Computing

Larry Smarr

this resume for sadika shaikh bca student

SadikaShaikh7

MYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions

Linda Zhang

This brochure gives introduction of MYIR Electronics company and MYIR's products and services. MYIR Electronics Limited (MYIR for short), established in 2011, is a global provider of embedded System-On-Modules (SOMs) and comprehensive solutions based on various architectures such as ARM, FPGA, RISC-V, and AI. We cater to customers' needs for large-scale production, offering customized design, industry-specific application solutions, and one-stop OEM services. MYIR, recognized as a national high-tech enterprise, is also listed among the "Specialized and Special new" Enterprises in Shenzhen, China. Our core belief is that "Our success stems from our customers' success" and embraces the philosophy of "Make Your Idea Real, then My Idea Realizing!"

Transcript: Details of description part II: Describing images in practice - T...

BookNet Canada

This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator. Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/ Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.

AI_dev Europe 2024 - From OpenAI to Opensource AI

Raphaël Semeteys

Navigating Between Commercial Ownership and Collaborative Openness This presentation explores the evolution of generative AI, highlighting the trajectories of various models such as GPT-4, and examining the dynamics between commercial interests and the ethics of open collaboration. We offer an in-depth analysis of the levels of openness of different language models, assessing various components and aspects, and exploring how the (de)centralization of computing power and technology could shape the future of AI research and development. Additionally, we explore concrete examples like LLaMA and its descendants, as well as other open and collaborative projects, which illustrate the diversity and creativity in the field, while navigating the complex waters of intellectual property and licensing.

What's Next Web Development Trends to Watch.pdf

SeasiaInfotech2

How RPA Help in the Transportation and Logistics Industry.pptx

SynapseIndia

How to Avoid Learning the Linux-Kernel Memory Model

ScyllaDB

The Linux-kernel memory model (LKMM) is a powerful tool for developing highly concurrent Linux-kernel code, but it also has a steep learning curve. Wouldn't it be great to get most of LKMM's benefits without the learning curve? This talk will describe how to do exactly that by using the standard Linux-kernel APIs (locking, reference counting, RCU) along with a simple rules of thumb, thus gaining most of LKMM's power with less learning. And the full LKMM is always there when you need it!

Quality Patents: Patents That Stand the Test of Time

Aurora Consulting

Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality. Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality. Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality. Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank? ** Episode Overview ** In this first episode of our quality series, Kristen Hansen and the panel discuss: ⦿ What do we mean when we say patent quality? ⦿ Why is patent quality important? ⦿ How to balance quality and budget ⦿ The importance of searching, continuations, and draftsperson domain expertise ⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications https://www.aurorapatents.com/patently-strategic-podcast.html

Recently uploaded (20)

DealBook of Ukraine: 2024 edition

“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...

The Increasing Use of the National Research Platform by the CSU Campuses

Lessons Of Binary Analysis - Christien Rioux

INDIAN AIR FORCE FIGHTER PLANES LIST.pdf

Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats

Why do You Have to Redesign?_Redesign Challenge Day 1

K2G - Insurtech Innovation EMEA Award 2024

Running a Go App in Kubernetes: CPU Impacts

Hire a private investigator to get cell phone records

Details of description part II: Describing images in practice - Tech Forum 2024

The Rise of Supernetwork Data Intensive Computing

this resume for sadika shaikh bca student

MYIR Product Brochure - A Global Provider of Embedded SOMs & Solutions

Transcript: Details of description part II: Describing images in practice - T...

AI_dev Europe 2024 - From OpenAI to Opensource AI

What's Next Web Development Trends to Watch.pdf

How RPA Help in the Transportation and Logistics Industry.pptx

How to Avoid Learning the Linux-Kernel Memory Model

Quality Patents: Patents That Stand the Test of Time

Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud

1. Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud Peter Kovalcik| SE Eastern Europe ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. ©2014 Check Point Software Technologies Lt1d

15. METHODOLOGY OF SDP STEP 1: SEGMENTATION STEP 2: DEFINE PROTECTIONS STEP 3: CONSOLIDATION STEP 4: POLICY DEFINITION ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 15

21. Threat Prevention Segment Target Protections DMZ Servers IPS LAN Client machines IPS, AV, TE DC Servers IPS LAN Users AB C&C ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 21

25. Virtual Edition: zabezp. VMware ESX Security Challenges in Virtual Environments Protection from external threats Inspect traffic between Virtual Machines (VMs) Secure new Virtual Machines automatically [Restricted] ONLY for designated groups and individuals ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 26

26. Network Mode Hypervisor Mode Ext 2.1.1.1 2.1.1.2 Pkt ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 27 vSwitch 1 Ext GW Pkt Security API vSwitch Agent Ext Agent Pkt VE Operation Mode • Protection from External threats • Not aware of inter-vSwitch traffic • Protects VMs with inter-vSwitch inspection • Supports dynamic virtual environment vSwitch 2 Pkt [Restricted] ONLY for designated groups and individuals

27. Deployments before VMsafe integration Gateway is not aware of inter-vSwitch traffic 2.1.1.1 2.1.1.3 2.1.1.2 2.1.1.4 2.1.1.5 vSwitch Packets not inspected inside vSwitch Ext GW ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 28 Pkt [Restricted] ONLY for designated groups and individuals

28. Layer 2 security packet flow ESX Server 2.1.1.1 sends packet to 2.1.1.3 2.1.1.1 22..11..11..33 2.1.1.2 2.1.1.4 2.1.1.5 Pkt Agent Agent Agent Agent Agent vSwitch Pkt Packet continues the flow from where it was intercepted ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 29 Pkt VE Security API Packet is not inspected again Packet passed firewall inspection and is sent back to the Agent Packet intercepted in the Agent and forwarded to the Gateway for inspection [Restricted] ONLY for designated groups and individuals

29. Layer 2 security in dynamic environments ESX 1 ESX 2 2.1.1.2 Ext Ext Sync Agent Agent Agent ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 30 2.1.1.1 Security API vSwitch VE Ext Security API vSwitch Ext Ext VE 2.1.1.2 2.1.1.3 Pkt Pkt Connection initiated from 2.1.1.1 to 2.1.1.3 [Restricted] ONLY for designated groups and individuals

30. Layer 2 security in dynamic environments ESX 1 ESX 2 2.1.1.2 ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 31 2.1.1.1 2.1.1.2 Security API vSwitch Agent Ext Security API vSwitch Ext Ext 2.1.1.3 Agent Sync 2.1.1.3 Agent Agent Ext Ext VM is migrating to ESX 2 Connections related with 2.1.1.3 will be marked that they are handled by ESX 1 SG VE SG VE [Restricted] ONLY for designated groups and individuals

31. PPkktt Agent Layer 2 security in dynamic environments ESX 1 ESX 2 Ext Ext Packet forwarded to ESX 1 ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 32 Existing connection 2.1.1.1 2.1.1.2 Pkt Security API vSwitch Agent Security API vSwitch Ext Ext 2.1.1.3 Sync Agent Pkktt Pkt Packet not forwarded New connection VE VE Pkt [Restricted] ONLY for designated groups and individuals

32. Installation automation Seamless security for dynamic environments VM 1 VM 2 VM 3 VM 4 VM 5 Agent Agent Agent Agent Agent VE attaches the Fast Path Agents on the vNICs of the new VMs ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 33 2.1.1.1 Security API vSwitch SG VE Ext External Switch Ext Service Console ESX Server VE installed VE retrieves information on VMs/Port groups/vSwitches Event sent to VE informing of new VMs VE attaches the Fast Path Agents on the vNICs of the new VMs [Restricted] ONLY for designated groups and individuals

33. METHODOLOGY OF SDP STEP 1: SEGMENTATION STEP 2: DEFINE PROTECTIONS STEP 3: CONSOLIDATION STEP 4: POLICY DEFINITION ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 34

35. • Security Management • Multi-Domain Management ©2014 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. 36 Summary Physical Security Gateway Management Server 21400 VSLS Virtual security Gateway (VSX) Security Gateway Virtual Edition • Hypervisor Mode • Network Mode Cloud Orchestration

Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud

More Related Content

What's hot

What's hot (20)

Similar to Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud

Similar to Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud (20)

More from MarketingArrowECS_CZ

More from MarketingArrowECS_CZ (20)

Recently uploaded

Recently uploaded (20)

Bezpečnostní architektura Check Point (nejen) pro váš privátní cloud