DOCSLIB.ORG

Security Gateway Appliances R77 Security Target

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Gateway Appliances R77 Security Target Security Gateway Appliances R77 Security Target Version 1.4 November 18, 2013 Prepared by: Metatron Security Services Metatron Security Services Ltd. Security Gateway Appliances R77 Security Target Version 1.4 2 Prologue 11/18/2013 © 2013 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page (http://www.checkpoint.com/copyright.html) for a list of our trademarks. Refer to the Third Party copyright notices (http://www.checkpoint.com/3rd_party_copyright.html) for a list of relevant copyrights and third-party licenses. Copyright 2013, Check Point Software Technologies Ltd. All Rights Reserved. Security Gateway Appliances R77 Security Target Version 1.4 3 Prologue 11/18/2013 Document Version Control Log Version Date Author Description Version 0.1 July 13, Nir Initial draft. 2009 Naaman Version 0.5 December Nir Post-iVOR updates: removed FAU_SAA.4. Expanded 7, 2009 Naaman description of L2TP support. Added FCS_CKM.1 and FCS_CKM.4 SFRs. Removed AVA_VAN.4 claim. Version 0.9 September Nir Updated software version to R75, supporting IPSO and 7, 2011 Naaman Gaia operating systems. Version 1.0 December Nir Updated software version to R76. Removed support for 31, 2012 Naaman IPSO. Incorporated virtualization functionality. Cryptographic enhancements: Added support for SHA-256 integrity algorithm. Key generation changed from X9.31 PRNG to SP 800- 90 based hash DRBG (SHA-256). SIC now uses 128 bit AES in place of Triple DES. IPsec VPN supports both IKEv1 and IKEv2. IKE now supports HMAC-SHA-256 and HMAC- SHA-384 keyed integrity algorithms. IKE now supports Diffie-Hellman groups 19 and 20 (256 and 384-bit Random ECP). IKE/IPsec now supports AES-GCM confidentiality and integrity algorithm. Added support for ECDSA (P-256, P-384, and P-521). Added support for TLSv1.1 and TLSv1.2 in SSL VPN and HTTPS Inspection. Added description of HTTPS Inspection functionality. Removed support for SecureClient Mobile. Clarified FRU_FLT.2 mappings. Version 1.1 April 15, Nir Updated references to R76 guidance documentation. 2013 Naaman Copyright 2013, Check Point Software Technologies Ltd. All Rights Reserved. Security Gateway Appliances R77 Security Target Version 1.4 4 Prologue 11/18/2013 Version Date Author Description Version 1.2 September SAIC Updated to version R77, correcting product list, and 18, 2013 dropping all claims regarding X9.31 Version 1.3 September SAIC Updated supported platform list. 24, 2013 Version 1.4 November Leidos Added SecureXL reference. 18, 2013 (formerly SAIC) Copyright 2013, Check Point Software Technologies Ltd. All Rights Reserved. Security Gateway Appliances R77 Security Target Version 1.4 5 Prologue 11/18/2013 Table of Contents 1. ST Introduction ......................................................................................................................... 11 1.1. ST Reference ................................................................................................................... 11 1.2. TOE Reference ................................................................................................................ 11 1.3. Document Organization ................................................................................................... 12 1.4. TOE Overview ................................................................................................................. 13 1.4.1. Usage and Major Security Features of the TOE ....................................................... 13 1.4.2. TOE Type.................................................................................................................. 14 1.4.3. Non-TOE Hardware/Software/Firmware Required by the TOE .............................. 15 1.5. TOE Description .............................................................................................................. 17 1.5.1. Physical Scope of the TOE ....................................................................................... 18 1.5.2. TOE Guidance .......................................................................................................... 24 1.5.3. Logical Scope of the TOE ......................................................................................... 25 1.5.4. Check Point Services ................................................................................................ 44 2. Conformance Claims ................................................................................................................ 46 2.1. CC Conformance ............................................................................................................. 46 2.2. Assurance Package Conformance ................................................................................... 46 2.3. PP Conformance .............................................................................................................. 46 2.4. Conformance Rationale ................................................................................................... 47 2.4.1. Introduction ............................................................................................................... 47 2.4.2. Consistency of the Security Problem Definition ...................................................... 47 2.4.3. Security Objectives Conformance ............................................................................ 48 2.4.4. Security Functional Requirements Conformance ..................................................... 51 2.4.5. Security Assurance Requirements Conformance ...................................................... 58 3. Security Problem Definition ..................................................................................................... 59 3.1. Threats ............................................................................................................................. 59 3.1.1. Firewall-related Threats ............................................................................................ 59 3.1.2. IDS-related Threats ................................................................................................... 60 3.1.3. Virtualization-related Threats ................................................................................... 61 3.1.4. VPN-related Threats ................................................................................................. 61 Copyright 2013, Check Point Software Technologies Ltd. All Rights Reserved. Security Gateway Appliances R77 Security Target Version 1.4 6 Prologue 11/18/2013 3.1.5. Fault-related Threats ................................................................................................. 61 3.2. Assumptions .................................................................................................................... 61 3.3. Organizational Security Policies ..................................................................................... 62 3.3.1. Firewall PP OSPs ...................................................................................................... 62 3.3.2. IDS System PP OSPs ................................................................................................ 62 3.3.3. Virtualization OSPs .................................................................................................. 63 4. Security Objectives ................................................................................................................... 64 4.1. Security Objectives for the TOE ..................................................................................... 64 4.1.1. Firewall PP Objectives .............................................................................................. 64 4.1.2. IDS PP Objectives..................................................................................................... 65 4.1.3. VPN Objectives ........................................................................................................ 65 4.1.4. Virtualization Objectives .......................................................................................... 66 4.1.5. Fault Tolerance Objectives ....................................................................................... 66 4.2. Security Objectives for the Operational Environment .................................................... 66 4.2.1. Security Objectives for the Environment Upholding Assumptions .......................... 66 4.2.2. Authentication Security Objectives for the IT Environment .................................... 67 4.2.3. VPN Security Objectives for the IT Environment .................................................... 67 4.2.4. VLAN Security Objectives for the IT Environment ................................................. 67 4.3. Security Objectives
Load more

Recommended publications
  • Connectra Web Security Gateway
    puresecurity PRODUCT DESCRIPTION Connectra Connectra™ is a complete Web Security Gateway that unifies SSL VPN access with comprehensive endpoint security Web Security Gateway and integrated intrusion prevention. Web connectivity with unmatched security PRODUCT FEATURES n Secure SSL VPN remote access YOUR CHALLENGE n Comprehensive endpoint security Access to information is critical to modern businesses, and, increasingly, n Integrated intrusion prevention employees and business partners need to access it anytime from virtually n Appliance or software platforms anywhere. Sharing timely information increases your business competitiveness, partnership effectiveness, and employee productivity. And sharing this informa- tion requires a solution that is universally available and easy to use—even for PRODUCT BENEFITS the lay user. n Delivers Web-based secure remote access for an extensive In addition to enabling ubiquitous access, the confidentiality and integrity of range of enterprise applications this information is even more important in today’s information-driven economy. Yet the explosion of spyware, like keystroke loggers and Trojan horses, threat- n Shields information from malicious ens the confidentiality and integrity of information shared with remote users. spyware and malware on remote endpoints Bottom line, you need to provide easy access to information from anywhere n Defends the integrity of internal while ensuring that your enterprise IT resources retain their security everywhere. infrastructure from worms and attacks n Provides standalone or full OUR SOLUTION SmartCenter™ central management ™ Connectra is a complete Web Security Gateway that provides SSL VPN n Protects against new threats access and comprehensive endpoint and integrated intrusion prevention through SmartDefense™ Services security in a single, unified solution.
    [Show full text]
  • Check Point Firewall V1.0
    Check Point Firewall Benchmark v1.0 Editor: John Traenkenschuh December 2007 Copyright 2001-2007, The Center for Internet Security (CIS) http://cisecurity.org [email protected] TERMS OF USE AGREEMENT Background. The Center for Internet Security ("CIS") provides benchmarks, scoring tools, software, data, information, suggestions, ideas, and other services and materials from the CIS website or elsewhere (―Products‖) as a public service to Internet users worldwide. Recommendations contained in the Products (―Recommendations‖) result from a consensus-building process that involves many security experts and are generally generic in nature. The Recommendations are intended to provide helpful information to organizations attempting to evaluate or improve the security of their networks, systems, and devices. Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a ―quick fix‖ for anyone‘s information security needs. No Representations, Warranties, or Covenants. CIS makes no representations, warranties, or covenants whatsoever as to (i) the positive or negative effect of the Products or the Recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness, or completeness of the Products or the Recommendations. CIS is providing the Products and the Recommendations ―as is‖ and ―as available‖ without representations, warranties, or covenants of any kind. User Agreements. By using the Products and/or the Recommendations, I and/or my organization (―We‖) agree and acknowledge that: 1. No network, system, device, hardware, software, or component can be made fully secure; 2.
    [Show full text]
  • Quantum Rugged 1570R Security Gateways
    QUANTUM RUGGED 1570R SECURITY GATEWAYS Secure. Rugged. Simple. Check Point Quantum Rugged appliances ensure industrial sites, manufacturing floors and mobile fleets are connected and secure. The solid-state design of the 1570R operates in temperatures ranging from minus 40° C to 75° C, making it ideal for securing any industrial application — power and manufacturing plants, oil and gas facilities, maritime fleets, building management systems, and more. Connect your field devices to the 1570R via an 8 port LAN switch or Wi-Fi and in turn connect your 1570R to OT management networks via 1 GbE copper or fiber WAN port or a highly available dual SIM LTE modem. The Check Point NGFW in the 1570R ensures the connection is secure. Transportation Oil & Gas Manufacturing Energy Utilities SECURE SCADA AND ICS ENVIRONMENTS RUGGED FORM FACTOR The Check Point Quantum Rugged 1570R Next Generation The rugged solid-state form factor enables the 1570R to Firewall (NGFW) secures Critical Infrastructure and operate in a temperature range of -40C to +75C, making it Industrial Control Systems (ICS) without impacting ideal for deployment in harsh environments. The 1570R is operations. Our NGFWs identify and secure over 70 certified for the industrial specifications IEEE 1613 and IEC standard and proprietary SCADA (Supervisory Control and 61850-3 for heat, vibration, and immunity to Data Acquisition) and ICS protocols. This includes the most electromagnetic interference (EMI). In addition, the 1570R is popular protocols used in Utilities and Energy sectors, certified for maritime operation per IEC-60945 and IACS E10 Manufacturing sectors, Building Management Systems and and complies with DNV-GL-CG-0339.
    [Show full text]
  • Check Point + Vmware SD-WAN by Velocloud | SOLUTION BRIEF
    Check Point + VMware SD-WAN by VeloCloud | SOLUTION BRIEF Check Point + VMware SD-WAN SECURE CLOUD-DELIVERED SD-WAN As more applications move to the cloud, business users increasingly rely on these applications to do their jobs. From virtual meetings to file-sharing to collaboration through tools like Skype, Slack, and Office 365, including voice and video traffic, they require consistent, high-quality bandwidth, all the time. For IT organizations that are managing remote and branch offices, it can be a challenge to accommodate these needs in a way that’s efficient, secure, and cost effective. For branch office users who are consuming more Wide-Area Network (WAN) bandwidth than ever, the user experience is often suboptimal. Traditional WAN architectures weren’t designed to support cloud and SaaS applications. WAN traffic is carried through expensive leased lines that drive up costs or unreliable public Internet lines that frustrate end users. CHECK POINT VMWARE SD-WAN SOLUTION Now there’s a better option. Software-Defined WAN (SD-WAN) enables enterprises to support application growth and simplify branch operations while streamlining access to cloud services and private data centers over both ordinary broadband Internet and private links, regardless of the transport mechanism. SD-WAN is critical for today’s hybrid cloud environments because it brings enterprise-level manageability, performance, and reliability across branch offices. Private links backhauled to the data center can be secured in a hub and spoke model, but the local Internet breakout to the cloud is susceptible to cyber-attacks. Check Point secures these links with the same advanced threat prevention available in Check Point on-premises security gateways.
    [Show full text]
  • Infoblox Partner Solution Brief
    Check Point + Infoblox | Solution Brief CHECK POINT + INFOBLOX: IMPROVE YOUR SECURITY POSTURE OVERVIEW Benefits Malware is constantly evolving, making threat intelligence an essential tool. You need timely, reliable and accurate data to optimize and improve your organization’s security • Respond faster to emerging threats posture. But with so many sources, how do you choose the best security intelligence with advanced threat intelligence feed for you? provided through Infoblox TIDE—a single platform that aggregates threat intelligence from various external and CHECK POINT THREAT INTELLIGENCE PLATFORM internal sources such as the Comprehensive and timely threat intelligence delivered simultaneously to all of your Automated Indicator Sharing (AIS) of enforcement points is essential to prevent attacks before they occur. Check Point the Department of Homeland Security delivers that and more across all your enforcement points. With Check Point (DHS), open source ecosystems and ThreatCloud, all enforcement points in your network, cloud and mobile environments are third-party vendor subscriptions. armed with threat intelligence derived from multiple external feeds, internal research and • Minimize false positives with curated indicators from Check Point customers around the world. threat intelligence feeds provided by Infoblox's Cyber Intelligence Unit. While Check Point ThreatCloud provides the foundation and intelligence, we understand • Receive prioritized threats in that your security infrastructure may include additional products and data sources. context, automatically distributed Therefore, Check Point provides a rich set of APIs to integrate third-party security tools by Check Point’s ThreatCloud as part of the broader security infrastructure. Check Point enables you to build a single, and relevant security products. cohesive security posture while making your security team more efficient and effective.
    [Show full text]
  • 030107 Schulungskatalog 07.Indd
    Horizonte erweitern? Die neuen Trainings for Professionals 2007 07 2 Editorial Liebe Leserin, lieber Leser, ich freue mich, Ihnen eine überaus positive Neuigkeit mitteilen Noch Fragen zu unseren Schulungen? zu können: die Training Group COMPUTERLINKS wurde aufgrund Für mehr Details wenden Sie sich ihrer überragenden Leistung und allerbester Referenzen von in Deutschland bitte an: Microsoft in der Kategorie „Best Learning Solution“ zum Schulungszentrum München „Microsoft Partner 2006“ gekürt. T: +49 (0)89 9 30 99-168, F: +49 (0)89 9 30 99-499 [email protected] http://training.computerlinks.de Eine Auszeichnung, über die wir uns ganz besonders freuen, da Schulungszentrum Frankfurt sie unsere außergewöhnlichen Anstrengungen im Trainingsmarkt T: +49 (0)6103 98 45-50, F: +49 (0)6103 98 45-55 [email protected] belohnt. Sicher hat dabei auch eine Rolle gepielt, dass wir als http://training.computerlinks.de Microsoft Gold Partner mit unseren zertifizierten und fest- Schulungszentrum Berlin angestellten Trainern in den letzten drei Jahren mehr als 2.000 Teilnehmer auf die unter- in Kooperation mit SPC GmbH schiedlichsten Microsoft-Produkte und -Zertifizierungen vorbereitet haben. T: +49 (0)6103 98 45-50, F: +49 (0)6103 98 45-55 [email protected] http://training.computerlinks.de Natürlich haben wir bereits für das neue Betriebssystem Microsoft Vista eine Reihe von Kursen Schulungszentrum Düsseldorf (ab Seite 32) in unserem Schulungsangebot. Dazu bietet Microsoft zwei Ausbildungsgänge an: in Kooperation mit Unilog Integrata Training AG den Technology Specialist (TS) und den Enterprise Desktop Support Technician (EDST). Ebenso T: +49 (0)6103 98 45-50, F: +49 (0)6103 98 45-55 können Sie sich schon für Schulungen zum neuen Microsoft Exchange Server 2007 anmelden.
    [Show full text]
  • Simins V. Zoom Video Communications, Inc
    Case 5:20-cv-02893-VKD Document 1 Filed 04/27/20 Page 1 of 24 1 Eric H. Gibbs (SBN 178658) Andre Mura (SBN 298541) 2 Amanda M. Karl (SBN 301088) Jeffrey Kosbie (SBN 305424) 3 GIBBS LAW GROUP LLP 505 14th Street, Suite 1110 4 Oakland, California 94612 Telephone: (510) 350-9700 5 Fax: (510) 350-9701 6 [email protected] [email protected] 7 [email protected] [email protected] 8 Attorneys for Plaintiff and Proposed Class 9 10 11 UNITED STATES DISTRICT COURT 12 NORTHERN DISTRICT OF CALIFORNIA 13 14 STACEY SIMINS, on behalf of herself and Case No. 5:20-cv-2893 all others similarly situated, 15 CLASS ACTION COMPLAINT AND 16 Plaintiff, DEMAND FOR JURY TRIAL 17 v. 18 ZOOM VIDEO COMMUNICATIONS, 19 INC., 20 Defendant. 21 22 23 24 25 26 27 28 CLASS ACTION COMPLAINT AND DEMAND FOR JURY TRIAL CASE NO. 5:20-cv-2893 Case 5:20-cv-02893-VKD Document 1 Filed 04/27/20 Page 2 of 24 1 Plaintiff, on behalf of herself and all others similarly situated, alleges the following: 2 SUMMARY OF THE CASE 3 1. Zoom provides a video-conferencing service called Zoom Meetings. The video meetings 4 ostensibly allow users to engage in video and audio conversations with only those specified people with 5 whom they have chosen to communicate. Users reasonably expect these conversations to be private and 6 secure, and these expectations are heightened by the very nature of Zoom Meetings, where users can 7 not only be heard, but also seen.
    [Show full text]
  • Complimentary Inaugural Report Courtesy Of
    Complimentary Inaugural Report Courtesy of v3 Complimentary Inaugural Report Courtesy of We are excited to provide you with a complimentary copy of the AVANT Research & Analytics 6-12 Report on SD-WAN. As your Trusted Advisor, we aim to empower you with the information and resources you need to support your company’s digital transformation. There has never been a faster pace of change in IT, and the pace is accelerating every year. This 6-12 Report arms you with the most relevant information and insights necessary to assist you in evaluating a migration to SD-WAN over the next six to twelve months. We look forward to supporting your IT needs and business outcomes to help you differentiate and stay ahead of your competition in this fast-paced and ever-changing world. 1 Copyright © 2019 AVANT Communications, Inc. About the Analyst Ken Presti develops the strategic framework and manages the process of leveraging AVANT’s inter- nal data and external data to drive high-value market research designed to help consultants, agents, channel partners, and other members of the Trusted Advisor community more effectively help their business customers understand and evaluate Information Technologies. Ken Presti comes to the table with a wealth of experience in market research, survey development, focus group moderation, interviewing, and content development for the technology industry. His primary area of expertise is focused on go-to-market and channel strategies spanning the industry sectors of networking, cloud, security, and telecom. A former Research Director of IDC’s Network Channels & Alliances service, he has served as a Trust- ed Advisor to several key networking vendors and service providers.
    [Show full text]
  • Cloudguard Network Security for Microsoft Azure Solution Brief
    CloudGuard Network Security for Microsoft Azure Comprehensive Security Protections for Azure and Hybrid Clouds Hybrid Cloud Security Overview The wide adoption of cloud architectures is being driven by the desire to transform businesses for greater efficiency, speed, agility, and cost controls. While cloud solutions offer many advantages over traditional IT infrastructure, legacy security approaches do not address the dynamic nature of cloud environments, and can expose organizations to a new set of security risks. Security insertion and management is a significant challenge for the cloud. Organizations struggle to manage disparate security solutions for their premises and cloud environments, resulting in a lack of consistent policy enforcement that makes regulatory compliance difficult. At the same time, the frequency and sophistication of threats continues to increase. Security solutions protecting premises- based environments do not extend to the cloud, leaving them exposed and making them attractive targets for cyber criminals. Once a cloud environment is breached, attacks are able to spread laterally from VM to VM within the cloud and even extend externally to corporate networks.. Check Point CloudGuard Network Security for Azure delivers comprehensive security tailored to protect public and hybrid cloud environments, allowing businesses to confidently extend their data center applications and workflows to the cloud and connect to them securely. Microsoft Azure is a secure, Check Point CloudGuard Network Security for Microsoft Azure delivers dedicated public cloud computing advanced, multi-layered security for the Azure cloud environment, protecting service operated by Microsoft. assets in the cloud from attacks while enabling secure connectivity from The service supports existing enterprise networks to the Azure cloud and hybrid networks.
    [Show full text]
  • Quantum Appliances Brochure
    NETWORK SECURITY 2021 TABLE OF CONTENTS CHECK POINT NETWORK SECURITY 03 CHECK POINT INFINITY ARCHITECTURE 04 NEXT GENERATION THREAT PREVENTION 05 SECURITY GATEWAYS 16 VIRTUAL APPLIANCES 17 MANAGEMENT APPLIANCES 18 DDoS PROTECTOR 19 SANDBLAST APPLIANCES 20 PROVEN SECURITY BACKGROUND As the world becomes more connected and networks continue to evolve, securing IT environments is becoming more complex than it once was. We are now facing Gen V (5th Generation) of cyberattacks, large scale attacks that quickly spread and move across attack vectors and industries. Gen V attacks are more sophisticated than ever, crossing mobile, cloud and networks, and bypassing conventional defenses that are based on detection. Separate IT environments often drive businesses to apply different point solutions, many of which are focused on detection and mitigation rather than prevention. This reactive approach to cyberattacks is costly and ineffective, complicates security operations and creates inherent gaps in security posture, leaving you unprotected from sophisticated Gen V attacks. It’s time to step up to Gen V of cyber security, with the architecture that truly protects your entire IT infrastructure. SOLUTION Check Point Infinity is the only fully consolidated cyber security architecture that protects your business and IT infrastructure against Gen V mega cyberattacks across all networks, endpoint, cloud and mobile. The architecture is designed to resolve the complexities of growing connectivity and inefficient security. It provides complete threat prevention which seals security gaps, enables automatic, immediate threat intelligence sharing across all security environments, and a unified security management for an utmost efficient security operation. Check Point Infinity delivers unprecedented protection against current and potential attacks—today and in the future.
    [Show full text]
  • KATALOG SZKOLEN 2008 Siêgnij Po Profesjonaln¹ Wiedzê
    KATALOG SZKOLEN 2008 siêgnij po profesjonaln¹ wiedzê BEZPIECZENSTWO SYSTEMY MICROSOFT SYSTEMY LINUX SIECI I TELEKOMUNIKACJA BAZY DANYCH PRZECHOWYWANIE DANYCH ZARZADZANIE PROJEKTAMI I PROCESAMI www.compendium.pl SZKOLENIA AUTORYZOWANE 3Com .................. 4 Assuria .................. 4 Check Point Software Technologies .................. 4 Computer Associates .................. 4 Extreme Networks .................. 5 F5 Networks .................. 5 Fortinet .................. 5 F-Secure .................. 5 IBM Internet Security Systems .................. 6 Microsens .................. 6 Microsoft .................. 6 Molex Premise Networks .................. 10 MySQL .................. 10 Nokia Enterprise Solutions .................. 10 Novell .................. 11 Proxim Corporation .................. 11 Red Hat .................. 12 RSA Security .................. 12 Sony .................. 12 Utimaco Software .................. 12 SZKOLENIA AUTORSKIE Bezpieczeństwo .................. 13 Bazy danych .................. 13 Przechowywanie danych .................. 13 Systemy Linux .................. 14 Systemy Microsoft .................. 14 Sieci i telekomunikacja .................. 15 Zarządzanie projektami i procesami .................. 15 Centrum Egzaminacyjne Pearson VUE .................. 16 Centrum Egzaminacyjne Prometric .................. 16 Centrum Kompetencyjne HP .................. 16 Linux Center For Excellence .................. 16 Novell Practicum Testing Center .................. 16 SZKOLENIA AUTORYZOWANE 3Com Authorized
    [Show full text]
  • Solution Brief: Cloudguard Network Security for Cisco
    Check Point CloudGuard for Cisco ACI | Solution Brief CHECK POINT + CISCO Comprehensive Security Protections for Software-Defined Datacenters Cisco Application Centric MODERN DATACENTER SECURITY OVERVIEW Infrastructure (ACI) is a Organizations today demand an agile data center environment to reduce IT comprehensive software defined networking (SDN) architecture that costs, increase business agility and remain competitive. At the same time, supports a business-relevant the shift from a hardware-centric to an application-focused infrastructure has application policy language to led to a dramatic increase in network traffic going east-west, or laterally, accelerate application delivery, between applications in the data center. reduce operating costs and greatly increase business agility. Cisco ACI Security has traditionally been focused on protecting perimeter, or north- helps customers dramatically reduce south, traffic going into and out of the data center while east-west traffic application deployment times from between applications inside the data center is not inspected. This presents a weeks to minutes while improving IT host of new challenges where threats introduced into the data center can alignment with business objectives traverse unimpeded since they no longer pass through the security gateway. and policy requirements. What’s more, traditional security approaches are manual, operationally complex, slow and unable to keep pace with dynamic changes and rapid CloudGuard Network Security application provisioning. Check Point CloudGuard
    [Show full text]