R80 security management The Future of Security Management

Managing Security Today is COMPLEX PEOPLE Fewer resources More tickets Greater expertise PROCESS Manual processes Multiple security solutions Lack of integration TECHNOLOGY Mobile Cloud On-Demand Services So why are we here today to talk about security management? Why should you care? Because today managing security is becoming increasingly complex. Your typical CISO has to deal with people, processes and technology. There’s less people to go around & more work. Depending on what research report you read, there’s currently a shortage of between 1 million to 1.5 millionb IT security professionals today worldwide. Also the traditional approach to buying “best of breeds” can be somewhat paradoxical as you end up with multiple interfaces to manage and data silos as well. Managing security is still mostly a manual processes and the lack of integration with other management or workflow systems within the organization adds to the inefficiency of managing security. In the past, security was about protecting networks and servers, nowadays applications, documents, electronic data, public and private cloud, users and mobile devices all must be protected, managed and monitored. Failure to protect any of these assets can create a backdoor for hackers to access the organization. And with the extreme agility of cloud environments where applications are constantly being provisioned in and out and services offered on-demand, security that still mandates human checks simply cannot keep up.  ​

The key to managing complexity is security consolidation We believe the key to managing this complexity is consolidation – bringing all your security protections and functions under one umbrella.

SECURITY MANAGEMENT INTRODUCING… The R80 security management platform, a result of numerous conversations with our customers and many years of R&D, is the culmination of that vision. SECURITY MANAGEMENT  ​

THE PLATFORM TO CONSOLIDATE ALL YOUR SECURITY With unified policy management – you can create policies harmoniously and efficiently. We’ve taken a long hard look at how daily tasks are performed and consolidated and streamlined features to make it as efficient as possible for the security admin to do his work. With R80’s automation capabilities, we are paving the way for automated security provisioning and controls. And when it comes to security visibility - we’ve fully integrated threat management into the main console so security teams can pivot quickly from policy to incidence response and have a holistic view of their security posture in one single place. ckly from policy to incidence response and have a holistic view of their security posture in one single place. Unified Policy Management Efficient, Automated Operations Integrated Threat Management  ​

UNIFIED POLICY MANAGEMENT CHANGE THE WAY YOU MANAGE SECURITY UNIFIED POLICY MANAGEMENT  ​

One Console to Manage Everything Enterprise Now with one console, security teams can now manage all aspects of security from policy to threat prevention – across their entire organization – both their physical and virtual environments. You get operational efficiency, you simplify management and avoid overlapping policies and redundant configurations. Less maintenance costs and labor man hours equals lower TCO. ONE CONSOLE ONE POLICY  ​

One Policy to Manage Everything Users Applications Gateways Data Private Cloud Devices Public Cloud Virtual GW In addition to a unified console, you also now have a unified policy to manage everything from users to data to gateways. All access points are now controlled in one place. The same goes for threat prevention policies. We are unique in offering this level of unification, while still providing tremendous control to the security team.  ​

Unparalleled Policy Granularity & Control Control all traffic from the production network to the Internet Allow developers upload and download JAVA source code to Dropbox and Box Defining a single rule where users, applications and data are defined gives unparalleled control over policy creation. For example, creating this single rule would have taken 30% longer and 80% more mouse clicks using other security vendor management solutions. 1:45 min versus 3:45 min 37 mouse clicks versus 69 mouse clicks. Let’s say each rule takes 1:45 min, and you save 2 mins per rules – that’s 200 minutes – 3 hours. Allow developers to upload and download JAVA source code to Dropbox and Box  ​

Easily Segment Policy for Better Manageability and Control Ann Duties separated based on IT role Walter You can also take this unified policy and segment it into manageable chunks – so you can delegate tasks to the most qualified individuals. For example, Ann can be in charge of application control and Walter web security. You can not only distribute work to a person, you can also automate tasks by segment. Each policy segment can be delegated to distribute workload  ​

EFFICIENT AND AUTOMATED OPERATIONS CHANGE THE WAY YOU WORK AND COLLABORATE EFFICIENT AND AUTOMATED OPERATIONS  ​

Task-Oriented Features Increase Efficiency Reduces Operations from Minutes to Seconds These include best practices features built into the interface that anticipate the daily needs of a security admin. For example, we’ve integrated logs into the policy dashboard….so with a single click, you access the logs associated with the rule. So we did a time-motion study of the how fast it would take to filter logs by a rule and troubleshoot that rule. Find all logs related to a rule which drops traffic Search for an IP address in a drop log Create a host from the dropped source IP to the policy Add the host to a policy rule which allows the host’s traffic For Check Point, it took 1 click versus 2+ clicks for other security vendor management solutions. It took 15 secs for CP and 4:30 min for another NGFW vendor. Again considering a small rule set of 100 rules – you save on average 4 mins per rule to troubleshoot logs. That’s 400 mins or 6 hours! With one click, access all associated logs and rule details  ​

Admin Concurrency Increases Team Productivity Ann Ann logs in, sees rule 3 locked Ann works on rule 2 When you have more than 1 administrator, you can’t have someone locking the entire policy up while he or she is making changes. Not exactly productive. With R80, you can now concurrently work on the same policy without over-riding each other’s changes. Explain the flow… Walter Walter logs in, works on rule 3 Multiple admins can work on same policy without conflict  ​

Align security to your IT processes & systems Cloud Orchestration Provisioning SDN Network Management Ticketing SECURITY MANAGEMENT Security solutions today are often not fully integrated within change management processes – and this can lead to outage and unnecessary complexity. In an environment where you have network management systems, ticketing systems, provisioning and cloud orchestration platforms, you want to be able to embed security into your existing IT processes. The more you can automate security and the workflow, the more you achieve operational efficiency. With R80 APIs, you can now seamlessly integrate security into virtualized networking platforms such as VMware NSX so you can automatically secure virtual applications. You have the ability to also automatically quarantine infected virtual machines/apps. And for your integrations with other systems, you can restrict what an automated task can access and change – based on the segmented policy. Other solutions have APIs as well but they lack the granular control that R80 offers and that control is what gives you the confidence to automate and streamline the entire security workflow. Align security to your IT processes & systems  ​

Align security to your IT processes & systems Cloud Orchestration Provisioning SDN Network Management Ticketing SECURITY MANAGEMENT Other real use cases: Another real life use case from another PoC where a customer who outsourced management of IPS/TP to a MSSP, they wanted to provide API with trusted access only to Policy Exception,  protections, updates and install Policy of Threat Prevention, so the MSSP could use the API to integrate to their existing portal to manage only these components for the customer. Align security to your IT processes & systems  ​

Empower Self-Service Security Add user Helpdesk Portal All Categories Add application Add host Block user Block application Block host settings Apps Use R80 API to automate routine Helpdesk security tasks So here’s a mockup of what it might look like – the security team can create a web services portal that allows HelpDesk admins to add users, applications or hosts independently.  ​

Empower Self-Service Security Helpdesk Portal All Categories settings Apps Add application John Smith Social networking Facebook OK Cancel User name App category App name Add user Helpdesk Portal All Categories Add application Add host Block user Block application Block host settings Apps Improve Helpdesk SLA Reduce Security team workload overhead Since the HelpDesk no longer has to wait on Security, it tremendously improves SLA for tickets. Here’s the scenario: They have 5 administrators 3000 tickets per year 20-30 min per ticket As they are moving to cloud and virtual data centers they are always looking to improve processes Also they don’t want the admins to handle simple tickets (for example add printer) They started the project with developing web portal that allows them to offload tickets to the helpdesk The web portal (illustration in our ppt) is a help desk tool that connects with API to R80 In the future the will also cut the middle man (the help desk) and connect the ticketing system directly to R80 (so they will not need the new web portal) Another SaaS customer also plan to use APIs to help them track white-list updates and changes in SP addresses so customers can do work. Tee up a web services portal for their branch office to pull up white-list to troubleshoot issues. Another real life use case from another PoC where a customer who outsourced management of IPS/TP to a MSSP, they wanted to provide API with trusted access only to Policy Exception,  protections, updates and install Policy of Threat Prevention, so the MSSP could use the API to integrate to their existing portal to manage only these components for the customer. By empowering the business owners to serve themselves, security becomes an enabler of business innovation. Also we are ensuring that security doesn’t lose a step (keeps one step ahead as it were) of the cloud business model needs.  [Restricted] ONLY for designated groups and individuals​  ​

INTEGRATED THREAT MANAGEMENT CHANGE THE WAY YOU MANAGE RISK INTEGRATED THREAT MANAGEMENT  ​

Fully Integrated Threat Management Logging Monitoring SECURITY MANAGEMENT Event Correlation Reporting We’ve integrated logging, monitoring, event correlation and reporting into the main console – for full visibility and faster incidence response – because when an incident happens, you need immediate visibility into who, what, when, where and how of the attack. With our integrated threat management, besides a unified threat prevention policy that now unifies IPS, anti-bot, anti-spam, DLP… Logging – isolate and detect real threats in real-time. Using google like search – admin can find all the log information he needs. He can search on any field – by software blade, user, IP, application, threat, security gateway, time span etc. and see all results in a single view. Event correlation – we provide the only native event correlation for all our enforcement points. So you can weed out the critical events and be able to quickly drill down to investigate Monitoring – integrated monitoring means you get detailed information on your gateways via a single view. You can collect real-time or historical data on each security gateway health status, system resources, performance counters and VPN tunnel status. The data can be used to troubleshoot security policy and gw configurations. For Full Visibility Across Your Network  ​

A Single View into Security Risk  ​

Investigate the Threat  ​

Respond to security incidents immediately and prevent the next attack From View to Action Respond to security incidents immediately and prevent the next attack  ​

Easily Customizable, Monitor What’s Important Not only do we make it easy and efficient to drill down to investigate and mitigate events, we also make it very easy to customize the information relevant to each customer’s environment.  ​

Easily Customize Your Reports Accessible from any device It is possible to create custom reports for each stakeholder so if you CISO wants to look at what applications users are accessing most this week, you can easily tee up the report and even make it accessible via a web browser. Management Helpdesk Auditor  ​

Keep Your Security Compliant Compliance Overview Helps you optimize your security settings & compliance 95% of security breaches could have been prevented by the correct configuration of security products Gartner As we mentioned configuration errors are a major cause of security exposure. As part of our TM interface, you can also view policy compliance – see what rules need to be tuned based on best practices or mapped to key industry regs for those customers are interested in compliance reporting.  ​

What Our Customers Are Saying “R80 is great, everything is in one place so it’s easy to get a full picture of your enterprise security.” “I really liked it, don’t know if I could go back to the previous version.” “With R80,you have given us features we didn’t know we needed.”  ​

Consolidate all your security THE FUTURE OF SECURITY MANAGEMENT Consolidate all your security Keep pace with dynamic environments Deploy security without impeding innovation Gain full visibility to prevent the next attack  ​

Ask questions. Share code. Stay up-to-date. COMMUNITY. CHECKPOINT.COM Ask questions. Share code. Stay up-to-date. Customers Partners Experts  ​

Thank you