Get documents about "Security Management Portal On-Demand
Document Sample
Security Management Check Point security management solutions provide unified policy management, monitoring, and analysis Security Management Portal On-Demand Cost-effective and hosted managed security PRODUCT DESCRIPTION Security Management PortalTM (SMPTM) On-DemandTM is a fully hosted, management and service provisioning solution for service providers targeting the SMB market. Delivered as a “Software-as-a-Service” (SaaS), it can manage thousands of Safe@Office® UTM gateways, giving service providers the opportunity to generate revenue and recruit new customers with minimal setup costs. YOUR CHALLENGE Outsourced security services are one of the fastest growing segments in the security market. As a result of heightened awareness and increasingly sophisticated network security threats, small and medium businesses are turning to outside experts to secure their networks. This creates a unique opportunity for service providers and network integrators to generate new revenue streams by providing managed network security services, while increasing loyalty, promoting brand awareness, and attracting new customers. However, entry into the managed security service market often involves high initial investment costs and a lengthy deployment process. You need a solution that supports quick and cost-effective management of multiple-site and multi-client deployments and provides a variety of value-added subscription services, all with minimal upfront investment and maintenance costs. PRODUCT FEATURES ■ Comprehensive user-friendly, Web-based security management Fully-hosted solution Simplified, group-based security policy provisioning Extensive logging, reporting and monitoring capabilities Integrates with back-office systems Granular, role-based administration ■ ■ OUR SOLUTION Security Managment PortalTM (SMPTM) On-DemandTM introduces a fully-hosted central management and service provisioning platform that answers your needs as a Managed Security Service Provider (MSSP) targeting SMBs and vertical markets. It features an intuitive, Web-based user interface and uses robust and resilient architecture to support the management of thousands of Check Point Safe@Office gateways. It can easily be integrated with back-office systems to support existing business processes, and provides a host of capabilities specifically tailored to increase your revenue, all with minimal upfront investment and low administrative and support costs. ■ ■ ■ PRODUCT BENEFITS ■ Minimal upfront investment and simple licensing and ordering process Quick deployment to jumpstart your MSSP business Creates new revenue opportunities Reduces administrative overhead to lower operational costs Supports existing business processes Grows with your needs ■ RESILIENT HOSTED MANAGEMENT SOLUTION SMP On-Demand is a comprehensive security management solution that is fully hosted by Check Point on a redundant infrastructure, with full load balancing and automatic failover, thereby enabling around-the-clock business availability, fault tolerance, high performance and scalability. If needed, SMP On-Demand can be imported from Check Point servers to your own servers at a future stage to support your evolving business needs. With SMP On-Demand, you can reap the benefits of Check Point’s SMP in a cost-effective Software as a Service (SaaS) solution. ■ ■ ■ ■ Security Management Portal On-Demand ALL-IN-ONE SMP On-Demand integrates a wide array of built-in managed services into a single turnkey solution: • Network and firewall management • Dynamic VPN management • Gateway firmware updates • URL filtering • Gateway antivirus signature updates • Logging, monitoring and reporting • Notifications and custom alerts • Dynamic DNS These services enable service providers to deliver a flexible and comprehensive value-added managed security service offering to small businesses, while maintaining cost effectiveness. SMP On-Demand allows complete remote management of all network security aspects and significantly reduces the need for onsite configuration and troubleshooting. In addition, Safe@Office gateways can be preconfigured before being shipped to the customer, thereby minimizing deployment time and costs. well as additional services such as antivirus protection and content filtering. STREAMLINED PROVISIONING AND MAINTENANCE SMP On-Demand simplifies the deployment and maintenance of Safe@Office gateways by using group-based management tools. Administrators can define multiple service plans, each consisting of a template that defines the plan’s expiration date, gateway properties, VPN settings and security policy, as Once a subscription-based service plan has been defined, it can be associated with an unlimited number of Safe@Office gateways. Each gateway that is assigned a particular service plan inherits all of that plan’s properties, but specific aspects can be overridden if required. When the administrator updates the plan via the SMP On-Demand Web-based user interface, the changes are automatically applied to all the appropriate gateways. By eliminating the need to make repetitive policy changes to thousands of individual devices, SMP On-Demand delivers unparalleled scalability and time savings. GRANULAR ROLE-BASED ADMINISTRATION SMP On-Demand provides a flexible and granular method for distributing management responsibility among a group of administrators, by dividing responsibilities according to type of service plan, customer or specific functional tasks. System Customer with Plan A Customer with Plan B Back-office Systems Self-provisioning Portal (SPP) API Back-end LDAP Directory g rin ilte b F PN We mic V S N na Dy mic D na A/V g Dy ork ortin p tw Ne nd Re ment g a age gin an tes Log ote M Upda m Re ftware So Check Point Hosting Facility Web Filtering Dynamic VPN Dynamic DNS Network A/V Logging and Reporting Remote Management Software Updates SMP On-demand Management Interface Service Provider NOC Cost-effective and hosted managed security administrators can create and customize user roles with a fine level of detail, specifying exactly which objects can be viewed, edited or created. All administrator activity is logged and reported, thus improving security by providing information that can identify unauthorized policy changes. the option to override group settings and push unique firmware and settings to specific gateways. GATEWAY USER AUTHENTICATION MANAGEMENT SMP On-Demand can be used to remotely create and manage gateway administrator permissions, remote access VPN permissions, web filtering override permissions, hotspot authentication and remote desktop permissions. INTEGRATION WITH BACK-OFFICE OPERATIONS SMP On-Demand includes a comprehensive SOAP/XML standards-compliant API that allows easy integration with thirdparty billing systems, customer service applications and other third-party systems, so that you can leverage your back-office infrastructure and support existing business processes. COMPREHENSIVE WEB ACCESS POLICY SMP On-Demand supports a URL-based Web Filtering service that allows businesses to create Web access policies based on up to 60 categories of objectionable or malicious Web sites. In addition, service providers can also use Web rules to define gateway-specific or global white and black lists that allow or block access to specific URLs. By providing two ways of filtering content, SMP On-Demand provides business owners with the flexibility to customize their Web Access policies to meet their needs. SELF-PROVISIONING PORTAL SMP On-Demand provides the option of enabling a Webbased Self-Provisioning Portal (SPP) that allows customers to control certain aspects of their security services, thus reducing customer support overhead and operating costs. For example, customers can be permitted to change their personal details or to modify their list of Web Filtering categories. GATEWAY ANTIVIRUS SMP On-Demand offers support for Safe@Office automatic gateway antivirus updates. By scanning traffic for security threats before it reaches the customer’s network, SMP OnDemand ensures that the content entering the network is free of malicious code and that no bandwidth is wasted on downloading infected files. LOGGING, REPORTING, MONITORING AND ALERTS SMP On-Demand turns the vast amount of data collected from security devices into understandable information that can be used to demonstrate security services’ effectiveness and valuefor-money to customers. Security reports are automatically generated and emailed to customers at predefined intervals and can also be viewed directly from the SMP On-Demand management interface. Security reports include information about blocked attacks, detected viruses, filtered Web sites, and more. DYNAMIC VPN COMMUNITY MANAGEMENT Many businesses use Virtual Private Networks (VPNs) to secure traffic between headquarters and remote offices and users. However, VPN management can be a time-consuming and complex task. SMP On-Demand simplifies this by providing the Dynamic VPN (DVPN) module. In one step, administrators can define VPN communities and set security parameters for the entire VPN. By grouping a customer’s VPN endpoints in a community, the administrator can automatically create fully meshed, star and nested VPN topologies, establishing site-to-site tunnels between VPN peers. Once the VPN community is created, all changes to gateways and internal networks are distributed to the entire community with the click of a button. New sites that are added automatically inherit the appropriate properties and establish secure IPSec sessions with the rest of the community. To ensure strong security in site-to-site VPN communications, the SMP On-Demand internal Certificate Authority (CA) automatically issues X.509 digital certificates to all Safe@Office gateways that are part of a DVPN community and renews the certificates as needed. In addition, SMP On-Demand offers powerful real-time monitoring tools that enable you to see the status of the SMP On-Demand server and connected devices at a single glance. These tools include real-time load visualization graphs, status displays and customizable alerts. You can use real-time alerts and notifications to proactively support your customers and notify them of connection outages, VPN tunnel drops, or attacks, all before the customers become aware of these problems. INTEGRATED DYNAMIC DNS Tracking and monitoring customer gateways that use dynamic IP addresses can be difficult, since their IP addresses change each time they connect to the Internet. SMP On-Demand alleviates this issue by fully supporting the management and monitoring of dynamically addressed gateways. SMP On-Demand can act as a secure Dynamic Domain Name Service (Dynamic DNS or DDNS) server, which constantly checks and updates the mapping of a domain name to a gateway’s corresponding IP address. Each time the gateway’s IP address changes, Dynamic DNS maps the domain name to the new IP address. With SMP On-Demand, service providers can become Dynamic DNS providers for gateway owners, without any need for third-party providers. AUTOMATIC FIRMWARE UPDATES Ensuring that thousands of gateways all enforce the highest level of security can be a daunting administrative task. To alleviate this problem, Safe@Office gateways use “pull” technology for automatic and scheduled firmware updates: gateways automatically detect and download new firmware whenever it becomes available on the management server, instead of the management server initiating communications with each individual gateway. This reduces the load on the management server. In addition, updates can be scheduled to minimize gateway downtime, and administrators also have puresecurity™ Supported Services • Firewall Management • VPN Management • Gateway Management • VStream Antivirus Updates • Real-time Monitoring • Automated Firmware Updates • Dynamic DNS • Role-based Permissions • Logging and Reporting • Web Filtering • Built-in Customer Database • Customer Emailing • Self-Provisioning Portal Integration • SOAP/XML API • XML Import/Export SKUs SMP On-Demand Base Annual Pack for 50 Gateways, including antivirus and firmware updates SMP On-Demand Annual Extension Pack for Additional 10 Gateways, including antivirus and firmware updates 1 Year of Category-based Web Filtering – 5 Nodes SMP-OD-BASE-50 SMP-OD-EXT-10 SMP-UFP-5USR SCALABILITY • Scalable to thousands of devices • Resilient hosted infrastructure • Profile-based management • Batch updates MANAGED DEVICES • Check Point Safe@Office • ZoneAlarm® Secure Wireless Router Z100G • Check Point UTM-1TM Edge • Nokia IP30/ IP40/ IP60 • NEC SecureBlade CONTACT CHECK POINT Worldwide Headquarters 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-575-9256 | Email: info@checkpoint.com U.S. Headquarters 800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com ©2003–2008 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Endpoint Security, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management, Provider-1, PureAdvantage, PURE Security, the puresecurity logo, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP On-Demand, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1, UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pending applications. February 12, 2008 P/N 502979
