1
i
Trình bày: Lê Hồng Châu
Chức vụ: Technical Manager
SMB Security Market Trends
SMBs adopt managed security services for better protection
How important were the following in your firm’s decision to adopt managed
security services?
Improve quality of protection
66%
Gain 24x7 coverage
58%
Greater competency or skillset
54%
Reduce costs
48%
Quality of protection
drives SMB adoption
of managed security
services.
Forrester
2010: The State of SMB IT Security
2
SMB Security Market Trends
Forrester
2010: The State of SMB IT Security
Greatest Managed Security Services Interest
How interested is your organization in procuring the following managed
services
Vulnerability assessment
62%

Email filtering
59%
Firewall monitoring or management
49%
Web Content
48%
Greatest Managed
Security Service
Interested is in
vulnerability
assessments.
Managed Secured Cloud Services “in the network”
Customers receive Customers receive
bundle of a “clean” line bundle of a “clean” line
with all security with all security
protections inside the protections inside the
network cloud without any network cloud without any
security equipment security equipment
presence on the presence on the
customer sitecustomer site
Check Point offers a Check Point offers a
hosted security solution hosted security solution
for managed “in the for managed “in the
network” security services network” security services
with a full set of advanced with a full set of advanced
security services and a security services and a
comprehensive platform comprehensive platform
for management, updates for management, updates
and monitoringand monitoring
THE SERVICETHE SERVICE

END CUSTOMER END CUSTOMER
BENEFITSBENEFITS
SecureSecure
3
Managed Cloud Services for SMB
Managed
IPS
SMP
Hosted
SMP
A cloud-based service to allow
customers enjoy immediate
attack alerts and mitigations,
continuous tuning of their IPS
protection profiles, and a unique
global attack intelligence portal.
Management tool specifically
designed for very large numbers
of SMB customers
• Service package configuration
• Updates
• Messaging
For MSPs with limited resources
available: SMP management
hosted at Check Point servers
and managed by Check Point
security experts
Check Point
SOC
Actionable attack alerts

On-going policy tuning
Global intelligence
Customer
IPS blades
IPS events
I
P
S
bl
a
d
e
I
P
S
bl
a
d
e
I
P
S
bl
a
d
e
I
P
S
bl

a
d
e
I
P
S
bl
a
d
e
I
P
S
bl
a
d
e
IPS Managed
Service portal
Introducing IPS Managed Services
1. Actionable attack alerts
2. Ongoing tuning of IPS protections
3. Global attack intelligence & benchmarks
24/7 IPS MANAGEMENT BY
CHECK POINT EXPERTS
4
Managed IPS - Two service levels
Premium
Expert monitoring
Ongoing policy tuning

Premium reporting
Incident tracking and
escalation
Standard
Instant alerts
Automated monitoring
One-time policy tuning
Standard reporting
Managed IPS in Action
Get
actionabl
e attack
alerts
Ongoing
tuning of
IPS
protections
Global
attack
intelligence
&
benchmarks
IPS bladeIPS blade
IPS bladeIPS blade
IPS bladeIPS blade
IPS Events
CheckPoint SOC
Experts
Fine-tuning
IPS Protections

Attacks & Vulnerabilities
Info
CheckPoint Update
Services & Threat Research
5
IPS Events - Real SQL Injection
Blacklisted IP
A surge of events
Leave log monitoring to the experts
A relentless
flow of event
notifications
A handful of
actionable
alerts
24/7 analysis
by Check
Point experts
~50,000 ~5
6
Get actionable attack alerts
Instant alert
What happened?
What to do next?
Severity Indicator
Enjoy real-time global intelligence
Global
benchmarks
What
attacks?

Who is
attacking?
Blacklists
7
Optimally tune your IPS
-
500,000
1,000,000
1,500,000
2,000,000
2,500,000
Feb Mar Apr May
0
20
40
60
80
100
120
# of Prevented events # of Protections in Prevent
Monitoring
IPS protection
activity
Benchmarking with
other IPS
What protections to put in PREVENT?
# of protections in Prevent and # of prevented events,
Feb – May 2011
Following our policy tuning:
 30% more protections in

Prevent
 Tenfold increase of
prevented events
# of protections in Prevent
# of prevented events
Extending the Simplicity
Check Point Cloud Security Services
Protecting your business, optimizing
performance, uptime and flexibility
Firewall
VPN
Antivirus
Intrusion Prevention n (IPS)
URL Filtering
Logging & Reporting
Your
Business
Best Ongoing Best Ongoing
ProtectionProtection
Expert ManagementExpert Management
Anti-Spam
Central Management
24x7 Support Services24x7 Support Services
Check Point
Security Management
8
Simple to start
1. Activate service
1. Determine # of users
2. Choose connection type

3. Select protection package
Set it and forget it!Set it and forget it!
Hands on lab Setup
Internet
Lan Interface
192.168.10.1/24
SMP/WebUI to manage the Safe@ locally
Lan Interface 192.168.10.2/24
Vmware images:
 SMP
 SmartProvisioning
Two Security Packages to choose from:
No Hardware Purchase
9
Software updates
Security updates
E-mail anti-virus
URL filtering
Dynamic DNS
Dynamic VPN
Logging and Reporting
E-mail antispam
Vstream antivirus
Vstream antispam
Small Business and branch offices
Safe@Office 1000NW
Services
Include
Service Provider
Security Provider - Services Model

SMP-On-Demand Topology
Portal Manager
Portal Manager
Portal Manager
SWTP - Sofaware Tranport Protocol (SWTP)
10
• Web-based management
interface
• Supports tens of thousands
of Sales@Office™ gateways
• Remote management
• Addition of value added
services (anti-virus,
antispam, content filtering)
• Single-step VPN deployment
• Comprehensive reporting
• Automatic firmware updates
• Automatic custom alerts
• Low cost infrastructure &
operation
SMP – Security Management Portal
URL Filtering Configuration
11
URL Filtering Configuration
URL Filtering Configuration
12
URL Filtering Configuration
Embedded Antispam Configuration
• Manage the Embedded Antispam
13

Embedded Antispam Configuration
• Manage the Embedded Antispam
Embedded Antispam Configuration
• Manage the Embedded Antispam
14
State of the art reporting
State of the art reporting
15
State of the art reporting
State of the art reporting
16
State of the art reporting
State of the art reporting
17
Managed Cloud Security Service
10 Node
Standard
Premium
Wired
Wired ADSL
Wireless
Wireless ADSL
36, Monthly
3, Yearly
1, 3 Year
25 Node
Standard
Premium
Wired
Wired ADSL

Wireless
Wireless ADS
36, Monthly
3, Yearly
1, 3 Year
Unlimited
Standard
Premium
Wired
Wired ADSL
Wireless
Wireless ADS
36, Monthly
3, Yearly
1, 3 Year
Node
Features Connectivity Payment
Best-in-Class Support
 Firewall
 VPN
 Software Updates
 Logging & Reporting
 Management Services
 24x7 Support Services
 Standard package
+
 Intrusion Prevention (IPS)
 Antivirus
 Anti-Spam
 URL Filtering

Always-On 24x7 Award-Winning Support
24 x 7 Chat, Email, Phone
Check Point Support
No Additional Cost
Upgrades, New Releases
& Service Updates
18
Security From The Cloud
Best security from the industry leader
SummarySummary
35©2011 Check Point Software Technologies Ltd. | [Unrestricted] For everyone |
Get started with only $19/month
Ongoing support by dedicated security experts
Security Management Portal (SMP)
Success Stories
19
 Customer needs
 Secure restaurant networks
 Encrypted HQ link
 Managed wi-fi hotspots service
 A Single device
 The Solution: Safe@Office 500W
 Temp hotspots passwords generated at
cashiers
 SMP for large-scale management
 VLANs for network segmentation
 USB used for print server
 Offered and managed through a Telco
VPNs and Hotspots in
Restaurants

Connecting Branches and offering Wi-fi
McDonald’s
 Customer needs
 Security at employees homes
 Secured connection to HQ
 Handle mixed home/work environment
 Remote maintenance from HQ
 Highly scalable management
 The Solution: UTM-1 Edge W / Safe@Office
W / ZoneAlarm Z100G
 Thousands of units
 SMP / SmartLSM large-scale management
 802.1x, Multilple SSIDs
 Solution offered and managed by Telco‘s
Secure Home
Networking and Work
Access
Securing and Connecting Teleworkers
20
/>www.sofaware.com
21
Online Documentation
Online FAQ
22
i
Questions?