SlideShare a Scribd company logo

Check Point Software Technologies: Secure Your AWS Workloads

Amazon Web Services
Amazon Web Services

Hosting workloads on AWS provides organizations with agility, speed, efficiency, and reduced costs. Check Point vSEC further enhances this experience by delivering advanced, multi-layered threat prevention security for your AWS workloads, protecting assets and enabling secure connectivity from enterprise networks to your AWS resources. Register for our upcoming webinar to learn how Check Point vSEC on AWS provided customers with an advanced threat prevention solution to enable secure application delivery. Learn how to migrate your applications and workloads to AWS with vSEC’s comprehensive security solution tailored to help protect your cloud environment. Join us to learn: • How Check Point vSEC enabled customers to confidently migrate from an on-premises infrastructure to AWS • How to prevent network attacks and data breaches when hosting workloads in a cloud-based environment • How Courtagen Life Sciences secured their cloud environment to maintain compliance, reduce IT expenses and leverage the full capabilities of the AWS Cloud Who should attend: IT Admins, Security Admins, Cloud Admins, Business Decision Makers, Compliance & governance officers, Line of Business leaders, DevOps engineers & architects

Related slideshows

You Can't Protect What you Can't See. AWS Security Best Practices - Session S...
You Can't Protect What you Can't See. AWS Security Best Practices - Session S...You Can't Protect What you Can't See. AWS Security Best Practices - Session S...
You Can't Protect What you Can't See. AWS Security Best Practices - Session S...
 
Hybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsHybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both Worlds
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
 
1 of 38
Check Point vSEC: Secure Your AWS Workloads Nick Matthews • Partner Solutions Architect, AWS Don Meyer • Head of Product Marketing, Check Point Software Technologies Brendan McKernan • President and Co-Founder, Courtagen Life Sciences J. Bendonis • Technology Manager, Rutter Networking Technologies
$6.53M 56% 70% Increase in theft of hard intellectual property Of consumers indicated they’d avoid businesses following a security breach Average cost of a data breach Your Data and IP are Your Most Valuable Assets https://www.csid.com/resources/stats/data-breaches/ http://www.pwc.com/gx/en/issues/cyber- security/information-security-survey.html https://www.csid.com/resources/stats/data-breaches/
In June 2015, IDC released a report which found that most customers can be more secure in AWS than their on-premises environment. How? Automating logging and monitoring Simplifying resource access Making it easy to encrypt properly Enforcing strong authentication AWS Can Be More Secure Than Your Existing Environment
AWS and You Share Responsibility for Security AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption
Constantly Monitored The AWS infrastructure is protected by extensive network and security monitoring systems:  Network access is monitored by AWS security managers daily  AWS CloudTrail lets you monitor and record all API calls  Amazon Inspector automatically assesses applications for vulnerabilities
Highly Available The AWS infrastructure footprint protects your data from costly downtime  35 Availability Zones in 13 regions for multi-synchronous geographic redundancy  Retain control of where your data resides for compliance with regulatory requirements  Mitigate the risk of DDoS attacks using services like AutoScaling, Route 53
Integrated With Your Existing Resources AWS enables you to improve your security using many of your existing tools and practices  Integrate your existing Active Directory  Use dedicated connections as a secure, low-latency extension of your data center  Provide and manage your own encryption keys if you choose
Key AWS Certifications and Assurance Programs
vSEC for Amazon Web Services Advanced Threat Prevention to Secure Workloads in the AWS Cloud Don Meyer, Head of Product Marketing, Data Center
Cloud Security Requirements Increasing sophistication of threats and malware Lateral spread of threats Consistent protections and policy management Consolidated visibility, logging, and reporting Sacrificing speed and agility for security
Challenge: The Cloud is Already Secure, Why Additional Security?  Perception:  Security handled by cloud provider  Segmentation or isolation = security  Cloud Provider only secures infrastructure, not customer data and apps = Shared Responsibility Model  Data Isolation does NOT protect against malware or other threats
Solution: Advanced Security Protects Customer Assets in Public Clouds Advanced security methods in Public Clouds:  Prevent threats within Public Clouds  Comprehensive protections to prevent breaches and data loss Security Groups with Advanced Threat Prevention:  Fine-tuned policies with layered protections (Firewall, IPS, Anti-Virus, AntiBot, and more)  Achieved between VPCs using network firewall and network segments
Challenge: Network Security Solutions Don’t Fit in Public Cloud Architecture Perception:  Environment is too dynamic  Rapid adding/removing of VMs, subnets, etc.  Network security solutions single point of failure / don’t support HA configuration / cannot scale automatically  Cloud networks are too opaque with no visibility or control on network traffic
Solution: Network Security FITS in Public Cloud Deployed in VMs within VPCs  Single or multiple NICs  Private or Public IPs Auto-scales to Meet Elastic Demand  Integrates with built-in ELB  Triggered based on CloudWatch threshold Operate in HA Mode in Cloud  Within VPC (HA-cluster)  Across availability-set Security Policies Update Automatically  Auto-discovery of cloud assets (new VMs,subnets, etc)
Check Point vSEC for AWS vSEC CONTROLLER  Automated security with unified management  Context-aware policies and logs leveraging AWS defined objects  Consolidated logging and reporting across private, public and hybrid clouds  Comprehensive protections including: Firewall, IPS, AntiBot, AntiVirus, VPN, DLP and SandBlast Zero-Day Protections  Secure all traffic between applications inside the public cloud and across the hybrid cloud vSEC GATEWAY
Quickly Enable vSEC Advanced Security in AWS Marketplace
Security as Dynamic as the Cloud  Technical Proficiency and proven customer success, Reduced deployment complexity, seamless integration  Recognizes Check Point’s expertise in IaaS security and ability to deliver advanced threat preventions to protect customer data and workloads in AWS cloud making easy migration
Security as Dynamic as the Cloud  Full Support for Auto-scaling, Amazon ELB, Amazon CloudWatch and multiple Availability Zones  Rapid and Easy Deployment with Single Click deployment from AWS Marketplace automated with AWS CloudFormation templates
AWS Cloud – Awareness with vSEC  R80 Smart Management with vSEC controller discovers AWS cloud objects  Leverages AWS objects like VPC’s, Subnets and Instances in security policy and logs  Dynamic and automated policies updated in real-time  Improved visibility and forensics
Typical Deployment Scenarios Public Cloud only with Remote Access  Migration of on-premises data and apps to public cloud Hybrid Cloud – securely connect on-premises with cloud with site-to-site VPN  Distributed Architecture (Web tier in public cloud and App and DB tiers on-premises)  DR architecture with secure backup to public cloud  Legacy applications isolated in the public cloud  Branch services delivered from the cloud  Phased migration, cloud bursting, optimal resource utilization
Auto-Scaling (with HA) Check Point vSEC in AWS Reference Architecture  Auto-scaling across Availability Zones  ELB distributes traffic across zones  Uses Amazon CloudWatch and IAM  AWS CloudFormation template support for automated deployment  Complete SK article
Courtagen Life Sciences Brendan McKernan, President and Co-Founder
Who We Are  Molecular information company that deliver better patient care and develop better targeted therapies  Leader in innovative genetic testing  Employs proprietary bioinformatics  Securely embracing the cloud in Life Sciences Industry
120–320 GB >150 TB <1hr Total Data stored in the cloud Workload completion timeData uploaded per run Cloud-scale Computing For Compute Intensive Workloads in Bioinformatics
Business and Technical Challenges Business Challenges  Maintain internal security requirements and compliance  Maximize business agility and flexibility  Platform that is easy to access and manage Technical Challenges  Perform compute intensive analysis for dynamic elastic workloads with high availability  Protects patient data  Supports a Hybrid cloud architecture
Why Check Point? Scalability to support additional users Industry Leader in Security and meets regulation requirements Seamless integration with Amazon Web Services
The Solution – Check Point and AWS Capabilities and Technical Benefits  Robust and Advanced Security / Secure Remote Access  High availability with redundancy  Full Capabilities of AWS Cloud computing services
“Check Point is an ideal partner because their platform allows us to leverage the cloud to its fullest capabilities. In addition, it gives us the security, speed and agility, and savings to efficiently grow our business Brendan McKernan, President and Co-Founder, CourtagenLife Sciences The Solution – Check Point and AWS
Business Benefits and ROI Business Benefits and ROI  Advanced and scalable security to support speed and agility of cloud  Supports dynamic workforce and hybrid cloud  Robust security for regulatory compliance and security regulations  Reduced Costs on IT to 2% of budget from 8-15%  Outsourcing IT allows focus on core competencies and integrates best-of-breed technologies
Rutter Networking Technologies J. Bendonis, Technology Manager
Who are we  Leading provider of technology solutions  Certified services provider for Check Point and Amazon Web Services  Check Point partner since 2003  Managed Service Provider for Courtagen since 2013  More info at www.rutter-net.com/aws
Check Point Case Study: Rutter Networking Technologies Rutter Networking – Managed Services Providers  Courtagen partnered with Rutter Networking to deploy and manage the networking, communication and security capabilities of their AWS Cloud computing deployment and infrastructure  Rutter Networking and Check Point worked to deliver a complex and challenging architecture
Deployment Architecture and Implementation  Check Point vSEC for AWS for advanced security, perimeter protection, remote access and hybrid connectivity  Check Point 4000 Appliances deployed on-premises  Check Point Smart-1 Security Management Appliance for security management across the hybrid cloud and deployed on-premises  AWS DirectConnect, Amazon ELB, High Availability Zones, Amazon VPC, Amazon EC2, Built-in security controls
Network Security Deployed in AWS VPC – Hybrid Cloud Customer Data CenterAvailability Zone 1 Availability Zone 2 Elastic Load Balancing Internet and SaaS apps Branches / Mobile Users Smart management Check Point 46xx Check Point 42xx Private Subnet Public Subnet Private Subnet Public Subnet Direct Connect Enterprise servers Internet and SaaS apps Service Provider (WAN)
Solution Results  Rapid and easy deployment  Unified management across hybrid environment  Comprehensive advanced security capabilities with audit trails  Advanced and scalable security to support speed and agility of cloud
Summary Summary  Solution is Cost-Effective – Secure – Compliant  Solution Delivers value now and in the future Future Directions  Check Point can help provide guidance for future technology needs  Cloud-based solution can scale and evolve
More Information  Check Point vSEC for AWS product page and collateral – Solution Brief and Free Trial  Check Point vSEC for AWS landing page – Tech Brief  AWS Advanced Cloud Security Partner – Check Point  AWS Security Competency Partner – Check Point  vSEC in AWS Marketplace  Check Point Reference Architectures for vSEC  AWS Deployment Guide – Rutter Networking Technologies
Questions & Answers Nick Matthews - Partner Solutions Architect, AWS Don Meyer - Head of Product Marketing, Check Point Software Technologies Brendan McKernan - President and Co-Founder, Courtagen Life Sciences J. Bendonis – Technology Manager, Rutter Networking Technologies

More Related Content

Check Point Software Technologies: Secure Your AWS Workloads

  • 1. Check Point vSEC: Secure Your AWS Workloads Nick Matthews • Partner Solutions Architect, AWS Don Meyer • Head of Product Marketing, Check Point Software Technologies Brendan McKernan • President and Co-Founder, Courtagen Life Sciences J. Bendonis • Technology Manager, Rutter Networking Technologies
  • 2. $6.53M 56% 70% Increase in theft of hard intellectual property Of consumers indicated they’d avoid businesses following a security breach Average cost of a data breach Your Data and IP are Your Most Valuable Assets https://www.csid.com/resources/stats/data-breaches/ http://www.pwc.com/gx/en/issues/cyber- security/information-security-survey.html https://www.csid.com/resources/stats/data-breaches/
  • 3. In June 2015, IDC released a report which found that most customers can be more secure in AWS than their on-premises environment. How? Automating logging and monitoring Simplifying resource access Making it easy to encrypt properly Enforcing strong authentication AWS Can Be More Secure Than Your Existing Environment
  • 4. AWS and You Share Responsibility for Security AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption
  • 5. Constantly Monitored The AWS infrastructure is protected by extensive network and security monitoring systems:  Network access is monitored by AWS security managers daily  AWS CloudTrail lets you monitor and record all API calls  Amazon Inspector automatically assesses applications for vulnerabilities
  • 6. Highly Available The AWS infrastructure footprint protects your data from costly downtime  35 Availability Zones in 13 regions for multi-synchronous geographic redundancy  Retain control of where your data resides for compliance with regulatory requirements  Mitigate the risk of DDoS attacks using services like AutoScaling, Route 53
  • 7. Integrated With Your Existing Resources AWS enables you to improve your security using many of your existing tools and practices  Integrate your existing Active Directory  Use dedicated connections as a secure, low-latency extension of your data center  Provide and manage your own encryption keys if you choose
  • 8. Key AWS Certifications and Assurance Programs
  • 9. vSEC for Amazon Web Services Advanced Threat Prevention to Secure Workloads in the AWS Cloud Don Meyer, Head of Product Marketing, Data Center
  • 10. Cloud Security Requirements Increasing sophistication of threats and malware Lateral spread of threats Consistent protections and policy management Consolidated visibility, logging, and reporting Sacrificing speed and agility for security
  • 11. Challenge: The Cloud is Already Secure, Why Additional Security?  Perception:  Security handled by cloud provider  Segmentation or isolation = security  Cloud Provider only secures infrastructure, not customer data and apps = Shared Responsibility Model  Data Isolation does NOT protect against malware or other threats
  • 12. Solution: Advanced Security Protects Customer Assets in Public Clouds Advanced security methods in Public Clouds:  Prevent threats within Public Clouds  Comprehensive protections to prevent breaches and data loss Security Groups with Advanced Threat Prevention:  Fine-tuned policies with layered protections (Firewall, IPS, Anti-Virus, AntiBot, and more)  Achieved between VPCs using network firewall and network segments
  • 13. Challenge: Network Security Solutions Don’t Fit in Public Cloud Architecture Perception:  Environment is too dynamic  Rapid adding/removing of VMs, subnets, etc.  Network security solutions single point of failure / don’t support HA configuration / cannot scale automatically  Cloud networks are too opaque with no visibility or control on network traffic
  • 14. Solution: Network Security FITS in Public Cloud Deployed in VMs within VPCs  Single or multiple NICs  Private or Public IPs Auto-scales to Meet Elastic Demand  Integrates with built-in ELB  Triggered based on CloudWatch threshold Operate in HA Mode in Cloud  Within VPC (HA-cluster)  Across availability-set Security Policies Update Automatically  Auto-discovery of cloud assets (new VMs,subnets, etc)
  • 15. Check Point vSEC for AWS vSEC CONTROLLER  Automated security with unified management  Context-aware policies and logs leveraging AWS defined objects  Consolidated logging and reporting across private, public and hybrid clouds  Comprehensive protections including: Firewall, IPS, AntiBot, AntiVirus, VPN, DLP and SandBlast Zero-Day Protections  Secure all traffic between applications inside the public cloud and across the hybrid cloud vSEC GATEWAY
  • 16. Quickly Enable vSEC Advanced Security in AWS Marketplace
  • 17. Security as Dynamic as the Cloud  Technical Proficiency and proven customer success, Reduced deployment complexity, seamless integration  Recognizes Check Point’s expertise in IaaS security and ability to deliver advanced threat preventions to protect customer data and workloads in AWS cloud making easy migration
  • 18. Security as Dynamic as the Cloud  Full Support for Auto-scaling, Amazon ELB, Amazon CloudWatch and multiple Availability Zones  Rapid and Easy Deployment with Single Click deployment from AWS Marketplace automated with AWS CloudFormation templates
  • 19. AWS Cloud – Awareness with vSEC  R80 Smart Management with vSEC controller discovers AWS cloud objects  Leverages AWS objects like VPC’s, Subnets and Instances in security policy and logs  Dynamic and automated policies updated in real-time  Improved visibility and forensics
  • 20. Typical Deployment Scenarios Public Cloud only with Remote Access  Migration of on-premises data and apps to public cloud Hybrid Cloud – securely connect on-premises with cloud with site-to-site VPN  Distributed Architecture (Web tier in public cloud and App and DB tiers on-premises)  DR architecture with secure backup to public cloud  Legacy applications isolated in the public cloud  Branch services delivered from the cloud  Phased migration, cloud bursting, optimal resource utilization
  • 21. Auto-Scaling (with HA) Check Point vSEC in AWS Reference Architecture  Auto-scaling across Availability Zones  ELB distributes traffic across zones  Uses Amazon CloudWatch and IAM  AWS CloudFormation template support for automated deployment  Complete SK article
  • 22. Courtagen Life Sciences Brendan McKernan, President and Co-Founder
  • 23. Who We Are  Molecular information company that deliver better patient care and develop better targeted therapies  Leader in innovative genetic testing  Employs proprietary bioinformatics  Securely embracing the cloud in Life Sciences Industry
  • 24. 120–320 GB >150 TB <1hr Total Data stored in the cloud Workload completion timeData uploaded per run Cloud-scale Computing For Compute Intensive Workloads in Bioinformatics
  • 25. Business and Technical Challenges Business Challenges  Maintain internal security requirements and compliance  Maximize business agility and flexibility  Platform that is easy to access and manage Technical Challenges  Perform compute intensive analysis for dynamic elastic workloads with high availability  Protects patient data  Supports a Hybrid cloud architecture
  • 26. Why Check Point? Scalability to support additional users Industry Leader in Security and meets regulation requirements Seamless integration with Amazon Web Services
  • 27. The Solution – Check Point and AWS Capabilities and Technical Benefits  Robust and Advanced Security / Secure Remote Access  High availability with redundancy  Full Capabilities of AWS Cloud computing services
  • 28. “Check Point is an ideal partner because their platform allows us to leverage the cloud to its fullest capabilities. In addition, it gives us the security, speed and agility, and savings to efficiently grow our business Brendan McKernan, President and Co-Founder, CourtagenLife Sciences The Solution – Check Point and AWS
  • 29. Business Benefits and ROI Business Benefits and ROI  Advanced and scalable security to support speed and agility of cloud  Supports dynamic workforce and hybrid cloud  Robust security for regulatory compliance and security regulations  Reduced Costs on IT to 2% of budget from 8-15%  Outsourcing IT allows focus on core competencies and integrates best-of-breed technologies
  • 31. Who are we  Leading provider of technology solutions  Certified services provider for Check Point and Amazon Web Services  Check Point partner since 2003  Managed Service Provider for Courtagen since 2013  More info at www.rutter-net.com/aws
  • 32. Check Point Case Study: Rutter Networking Technologies Rutter Networking – Managed Services Providers  Courtagen partnered with Rutter Networking to deploy and manage the networking, communication and security capabilities of their AWS Cloud computing deployment and infrastructure  Rutter Networking and Check Point worked to deliver a complex and challenging architecture
  • 33. Deployment Architecture and Implementation  Check Point vSEC for AWS for advanced security, perimeter protection, remote access and hybrid connectivity  Check Point 4000 Appliances deployed on-premises  Check Point Smart-1 Security Management Appliance for security management across the hybrid cloud and deployed on-premises  AWS DirectConnect, Amazon ELB, High Availability Zones, Amazon VPC, Amazon EC2, Built-in security controls
  • 34. Network Security Deployed in AWS VPC – Hybrid Cloud Customer Data CenterAvailability Zone 1 Availability Zone 2 Elastic Load Balancing Internet and SaaS apps Branches / Mobile Users Smart management Check Point 46xx Check Point 42xx Private Subnet Public Subnet Private Subnet Public Subnet Direct Connect Enterprise servers Internet and SaaS apps Service Provider (WAN)
  • 35. Solution Results  Rapid and easy deployment  Unified management across hybrid environment  Comprehensive advanced security capabilities with audit trails  Advanced and scalable security to support speed and agility of cloud
  • 36. Summary Summary  Solution is Cost-Effective – Secure – Compliant  Solution Delivers value now and in the future Future Directions  Check Point can help provide guidance for future technology needs  Cloud-based solution can scale and evolve
  • 37. More Information  Check Point vSEC for AWS product page and collateral – Solution Brief and Free Trial  Check Point vSEC for AWS landing page – Tech Brief  AWS Advanced Cloud Security Partner – Check Point  AWS Security Competency Partner – Check Point  vSEC in AWS Marketplace  Check Point Reference Architectures for vSEC  AWS Deployment Guide – Rutter Networking Technologies
  • 38. Questions & Answers Nick Matthews - Partner Solutions Architect, AWS Don Meyer - Head of Product Marketing, Check Point Software Technologies Brendan McKernan - President and Co-Founder, Courtagen Life Sciences J. Bendonis – Technology Manager, Rutter Networking Technologies

Editor's Notes

  1. :