Rex Global Check Point SmartCenter - Comprehensive Security Management

Home > Rex Global Solutions > Check Point Solutions > Check Point SmartCenter

Check Point SmartCenter

Comprehensive Security Management

SmartCenter solutions are powerful tools for centrally configuring, managing and monitoring multiple Check Point gateways and enforcement points as well as certified best-of-breed security solutions. Based on Check Point's unique three-tiered Security Management Architecture (SMART), SmartCenter solutions enable organizations to perform all aspects of security management via a single, unified console. This comprehensive approach delivers the industry's best security management and lowest total cost of ownership for network security deployments.

Specifically, SmartCenter is comprised of a dashboard that enables administrators to centrally define VPN, firewall and QoS policies and a management server to store these policies. This is combined with automatic policy distribution to deliver greater control, improved security and enhanced ease of use.

YOUR CHALLENGE

Organizations of all sizes, across all industries, face a serious threat of attacks against both networks and critical applications. Network level attacks attempt to target network components or the firewall directly, while application level attacks attempt to exploit vulnerabilities in applications running on the network. The growing number and severity of these threats requires a renewed vigilance on the part of the security manager to actively and intelligently block Internet attacks. A robust and reliable security solution must have the intelligence not only to block all attacks at both the network and application level, but also to provide the security manager with a detailed understanding of the attacks. Useful forensic information combined with real-time security updates delivers better perimeter security and protects the organization from emerging Internet threats, helping managers ensure network reliability.

OUR SOLUTION

Check Point SmartCenter™ solutions are powerful tools for centrally configuring, managing and monitoring multiple VPN-1® and FireWall-1® enforcement points. Leveraging Check Point’s revolutionary Security Management Architecture (SMART), SmartCenter solutions deliver a unique three-tier architecture including an integrated, intuitive GUI to define all the elements of a comprehensive security policy from a single console. Advanced One-Click technologies automate the process of policy distribution to all enforcement points, making it simple for you to maintain the most up-to-date security policy at all security enforcement points. These capabilities deliver unprecedented scalability and ease-of-use, thereby reducing administrative overhead and strengthening your network security.

[click for larger image]

SmartCenter solutions enable administrators to manage large numbers of VPN-1 and FireWall-1 enforcement points from a single location

SMARTCENTER SOLUTIONS OVERVIEW

Check Point offers various levels of management functionality with SmartCenter and SmartCenter Pro™ to deliver integrated and cost-effective solutions to enable the highest levels of control and security in a single management console.

SmartCenter is Check Point’s flagship enterprise management solution and is comprised of a “dashboard” that enables administrators to centrally define VPN, firewall, QoS and Web access policies, and a management server that stores and distributes these different policies.

SmartCenter Pro provides all the capabilities of SmartCenter and:

Visual management of network security
Very large scale management
Ability to manage, distribute and inventory software centrally
Real-time security and VPN performance monitoring
Powerful integration with LDAP-based directories
Fault tolerance of all management operations

Scalable Centralized Management

SmartCenter and SmartCenter Pro are both comprised of a user interface and a management server that enables administrators to centrally manage large numbers of VPN-1 and FireWall-1 enforcement points.

SmartDashboard™ is a sophisticated, yet simple, user interface for defining and managing multiple elements of a security policy: firewall, VPN, network address translation, QoS, Web access and VPN client security. All object definitions (users, hosts, networks, services, etc.) are shared among all elements for efficient policy creation and security management.
SmartCenter Server is the management server that stores and distributes the security policy defined using SmartDashboard. It also stores common Check Point databases, including network object definitions, user definitions and log files for any number of enforcement points.

COMPREHENSIVE SECURITY MANAGEMENT

Policy-based VPN/firewall management

SmartCenter and SmartCenter Pro enable administrators to centrally manage and deploy a single policy to a large number of VPN-1 and FireWall-1 enforcement points. Once a policy is defined, it can be automatically distributed to all locations. This dramatically increases management efficiency and strengthens security because the security policy is always up-to-date at all security enforcement points.

Automatic NAT Configuration

SmartCenter provides administrators the capability to automate NAT rule generation thereby enhancing secure connectivity while saving administrative time.

Integrated Client Security

Check Point VPN-1 SecureClient™ provides a personal firewall, based on Check Point’s patented Stateful Inspection technology, for remote access VPN users. Personal firewall policies may be defined within SmartDashboard under the Desktop Security tab based on source, destination and type of network traffic received by or sent from the client system. Rules may be customized by user or groups of users, enabling enterprises to exercise even more granular control over remote users’ systems.

Granular User Authorization and Authentication Management

As Web-based applications become more widely used, centralized management of user authentication and authorization becomes a critical requirement. SmartCenter management centralizes and simplifies administration of users of corporate Web applications. Administrators can use the Web Access tab in SmartDashboard to easily define Web access policies for authorization, authentication and auditing of users in a Web-based application environment.

SIMPLE VPN MANAGEMENT

One-Click VPN Deployment

SmartDashboard enables administrators to create largescale VPNs in a single operation. Using VPN Manager, administrators can define VPN communities, and set security parameters for the entire VPN, such as intranet, extranet and remote access deployments, in one step. By grouping all VPN-1 gateways in a community, VPNs are enabled among all the gateways or between a remote user and a gateway. As new sites or users are added to the community, they automatically inherit the appropriate properties and can immediately establish secure IPSec sessions with the rest of the VPN community. SmartCenter supports a number of network topologies including fully meshed, star, hub and spoke in addition to hybrids of the same. This enables enterprises to migrate their costly frame relay connections to Internet VPNs simply and cost-effectively.

Integrated, Strong Authentication Out-Of-The-Box

Check Point management solutions include an Internal Certificate Authority, enabling organizations to use X.509 digital certificates to authenticate participants in an IPSec VPN. One-Click Certificates are automatically issued to all Check Point management and enforcement points for site-to-site VPN communications eliminating the need to deploy a separate PKI product for strong authentication.

Granular Remote User VPN Management

The VPN-1 SecureClient Packaging Tool enables security administrators to create customized, self-extracting installation packages for their VPN-1 SecureClient users. In addition, administrators can specify Secure Configuration Verification (SCV) checks—a set of conditions that define a securely configured client system, such as the current version of anti-virus software or the proper operation of the personal firewall policy. This powerful tool streamlines remote user management and improves overall security by ensuring that client software installations are always consistent and current.

POWERFUL LOGGING AND REPORTING

Real-Time Data Analysis

SmartCenter Server gathers detailed log information from all VPN-1 and FireWall-1 gateways as well as many OPSEC-certified security applications. Additionally, it logs administrator activity, which can dramatically reduce the time needed to troubleshoot configuration errors. The graphical SmartView Tracker™ uses the logging data on the server to provide real-time visual tracking, monitoring and accounting information for all connections including remote VPN user sessions. Administrators can perform searches on or filter log records to quickly locate and track events of interest. In the case of an attack or otherwise suspicious network activity, administrators can use SmartView Tracker to temporarily or permanently terminate connections from specific IP addresses.

Integrated Reporting Infrastructure

SmartView Reporter™, an optional module, turns raw log data generated by VPN-1 and FireWall-1 enforcement points into actionable information in the form of comprehensive pre-defined reports. It integrates with SmartCenter and uses the same user and object definitions stored on the SmartCenter Server when developing reports. This eliminates the need for administrators to replicate information across multiple elements of a security management infrastructure and, therefore, reduces errors and administrative overhead.

GREATER CONTROL OF SECURITY ENVIRONMENT WITH ADVANCED SMARTCENTER PRO FEATURES

While SmartCenter provides an enterprise with the capability to centrally define and monitor its security policy, SmartCenter Pro delivers greater understanding and control of the network security environment with a number of advanced integrated capabilities in addition to those of SmartCenter.

Security Visualization

SmartMap™ is a security policy visualization tool that provides a detailed, graphical map of an organization’s security deployment. It provides greater control, improved security and unparalleled ease-of-use by allowing security managers to validate the integrity of their security policy prior to deployment.

Large Scale VPN and Security Management

SmartLSM™ introduces a new management paradigm for large-scale VPN/security installations. Using SmartLSM, administrators can provision a single security policy — called a Profile — and apply it to hundreds of gateways. In addition, automated processes for policy installation and updates enable rapid deployment and minimize management requirements. This reduces the costs and time required to deploy and manage security for hundreds of gateways.

Automated Software and License Distribution

SmartUpdate™ is a One-Click technology that automatically distributes software applications and updates to Check Point and OPSEC-certified products and manages product licenses. It provides a centralized means to guarantee that security throughout the network is always up to date. Furthermore, it reduces the need for IT personnel at branch offices.

Real-Time Performance Monitoring

SmartView Monitor™ is a security and VPN performance analysis solution that presents users with graphical views of metrics such as bandwidth, round trip time, and packet loss. Armed with information provided by SmartView Monitor, organizations can act to maximize security ROI, improve performance and manage network costs.

LDAP-based User Management

Account Management Module simplifies the process of security management, especially in large-scale deployments. It enables VPN-1 and FireWall-1 enforcement points to obtain identification and security information for network users from OPSEC-certified LDAP directory servers.

Management Infrastructure Redundancy

Management Server High Availability delivers non-stop connectivity to VPN-1 and FireWall-1 enforcement points. Multiple management servers can be connected to others by a “nervous system” that automatically synchronizes customer and administrator data. This eliminates the need to deploy dedicated redundant hardware and software.

PRODUCT FEATURES: