Securing the Next Generation Data Center Petr Kadrmas SE Eastern Europe 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved.
Data Center Landscape Scale and Performance App Demands Big Data Consolidation and Density Virtualization Efficiency Hybrid Cloud Deployments Business Demands Cost 2
Data Center Security Concerns Access Control Compliance External Attacks Insider Attacks Data Protection 3
Data Center Security Requirements Segmentation and control Threat prevention High performance Management and visibility 4
Securing the Physical Environment Finance Database HR Web Web Database HW HW HW Private Cloud Internet Finance HR Sales Web HR Virtual Machine Hardware Public Cloud Demands Scalable, High Performance 5
The Check Point 21400, 21600 iances Firewall Throughput 110 Gbps* Maximum Connections 10 Million Optimized for low-latency High availability and serviceability Connection Setup 300,000 cps* SecurityPower 3300 SPU* Acceleration options Metallic & Optical Network Interfaces from 1 Gbps to 40 Gbps *With Acceleration Card 6
The Check Point 61000 Security System Firewall Throughput 200 Gbps Maximum Connections 70 Million Connection Setup 600,000 cps 61000 Security System Scales to 12 Security Gateway Modules SyncXL for High Availability Network security switch modules SecurityPower 14600 SPU 7
High Data Center Density Check Point Virtual Systems 12200 VS iance Consolidate up to 250 gateways 12400 VS iance 12600 VS iance Combines firewall, VPN, IPS, URLF, ication Control, AV, Antibot, Mobile Access 21400/21600 VS iance Density to secure more networks Powerful Security Consolidation 8
Advanced Threat Prevention Firewall Protection Provides: Granular access control Stateful Inspection User authentication Network Address Translation Firewall + IPS Protects Against: Granular access control Stateful Inspection User authentication Network Address Translation + Attacks on vulnerabilities Malware/worm infections Malicious P2P and IM apps Buffer overflow attacks 9
Securing VMs in the Data Center Finance Web Database Check Point Security Gateway Virtual Edition Database HR Web HW HW HW Private Cloud Internet Finance HR Sales Web HR Virtual Machine Hardware Check Point Security Gateway Virtual Edition Public Cloud 10
Security Gateway Virtual Edition (VE) Plug and Play Security for Virtual Machines Check Point Security Gateway Virtual Edition Best Virtual Security Gateway with the Software Blade Architecture Securing the Virtual Machines Software Blades Unified Management for Physical and Virtual 11
Consistent Security for Public Cloud Virtual iance for Amazon Web Services Public Cloud Data Center On Premise Data Center Full Protection Quick Deployment Unified Management 12
Unified View of the Data Center Web Policy and Management Consolidated Across the Data Center Database Database Check Point Security Gateway Virtual Edition Finance HR Web HW HW HW Private Cloud Finance HR Internet Public Cloud Sales Web HR Virtual Machine Hardware Check Point Security Gateway Virtual Edition 13
Multi-Layered DDoS Protections Network Flood Server Flood ication Low & Slow Attacks Behavioral High volume of network packets analysis Automatic and High rate of pre-defined new sessions signatures Web Behavioral / DNS connectionbased DNS HTTP and attacks Advanced Granular attack custom filters techniques Stateless and behavioral engines Protections against misuse of resources Challenge / response mitigation methods Create filters that block attacks and allow users 14
Check Point DDoS Protector Customized multi-layered DDoS protection Fast response time protect within seconds Flexible deployment options, Up to 12 Gbps throughput Integrated with Check Point security management DDoS Protector 15
Check Point Secures the LTE Network SE-GW. IPSec GW HSS MME Security GW GTP SG Internet S-GW P-GW GTP, SCTP and Diameter Security GW Data Roaming (GRX / IPX) 16
LTE Security from Check Point New attack vectors in LTE New IP based protocols and elements expose the LTE to more risks Check Point LTE Security The first and only vendor to offer Protocol Integrity, Statefull Inspection and Deep Packet Inspection for all new LTE Protocols Check Point & NSN Service NSN Certified Check Point LTE Security Solutions. Strong Collaboration with Check Point and Professional Service 17
Summary 21x00 iance, 61000 System, VSX, Acceleration, High Availability Virtual Edition, Virtual iance for Amazon Web Services Firewall, IPS, Software Blades Check Point DDoS Protector Check Point Secures New LTE Protocols All Managed by Unified Security Management 18
Thank You 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved. 2012 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved.