Pentesec Ltd

Check Point Hosted Management Service

With Pentesec, your Check Point Management Server will be hosted on an Enterprise High Availability Multi-Domain Server Cluster, across geographically separated Datacenters.

This provides constant availability and scaling resource management, all backed up with
an industry leading Enterprise SLA and without losing the ability to self manage your organisation’s security.

Features

  • 24 x 7 Management Monitoring
  • 24x7 Gateway Monitoring
  • Upgrades and Patching Included
  • Daily Policy and Database Backup
  • 12 Hour Disaster Recovery Plan
  • 100% Availability (HA + Geographical Seperation)
  • 12 Months of logs available.
  • Monitor all Check Point Firewalls, with alerts, statistics and trends.
  • Smart Event server hosted on the Multi-Domain environment
  • Service Hosted on Enterprise Dual CMA on HA MDS

Benefits

  • All upgrades and patching actioned by qualified Check Point experts
  • No caps on hardware resources, allocation will scale with you.
  • Extended availability of SmartTracker logs
  • Discounted Pentesec services, including Managed IPS, and Firewall Managed Service.
  • Priced per gateway – only pay for what you use.
  • You remain in complete control of your environment.
  • View via Web Portal or App, direct to your mobile.
  • 2 Weeks active SmartLog network logs for quick fault resolution.
  • High availability Domain blades on Multi-Domain Servers
  • Considerable cost saving vs owning on site management server.

Pricing

£4000 per device per year

  • Education pricing available

Service documents

G-Cloud 11

130387302060869

Pentesec Ltd

Richard Bass

01733 889406

richard.bass@pentesec.com

Service scope

Service scope
Service constraints This service is limited to the management of Check Point R80.x SmartCenter services, for the management of R80.x and any supported lesser version Check Point firewalls and enforcement points.
System requirements
  • Check Point Platform Only
  • Intended to replace on-site management device for Check Point Estates

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Pentesec provide guaranteed response times: P1 Fatal issues will be responded to within 30 minutes between 8am and 6pm and 60 minutes out of hours. P2 High severity issues will be managed within 60 minutes in hours and 120 Minutes out of hours. P3 Medium issues will take 180 minutes in ours only, P4 Low issues will be responded to within 1 business day.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels All customers receive a dedicated account manager responsible for balancing their communications with our technical team.

Support can be provided 24/7 via phone and web portal. Monitoring is available 24/7 - 100% availability SLA.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started The service is activated according to client requirements. Training is available. Full on-boarding and transition support is included.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Client data is made available to the client upon request at the conclusion of the contract.
End-of-contract process The service includes the off-boarding of client data, client related documentation, and client connectivity.

Using the service

Using the service
Web browser interface Yes
Using the web interface The Check Point Hosted Management Platform that Pentesec have built provides a web interface where users can administer their Check Point firewalls in much the same way they would be able to if they had their own management device on site. The usability is no different, the benefit is the reduced costs, reduced hardware maintenance and increased resilience.
Web interface accessibility standard None or don’t know
How the web interface is accessible Users would be limited to the functionality offered by Check Point's management GUI and the software blades applied.
Web interface accessibility testing The user's browser should provide assistance on using this service as standard.
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources We constantly monitor health and performance to pro-actively maintain a healthy and functional system.
Usage notifications Yes
Usage reporting
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
Reporting types Real-time dashboards

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Other
Other data at rest protection approach -
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Event Logs Backup and Recovery
  • Security Reports Backup and Recovery
  • Statistics and Trends
  • Management configuration Backup and Recovery
  • Firewall Policy Backup and Recovery
  • Database Backup and Recovery
Backup controls Backups are taken on a preset daily schedule.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 100% SLA available on High Availability Management Servers across geographically separated data centres.
Approach to resilience This information is available on request.
Outage reporting Outages are reported via email alert.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Client access to management domain is restricted to known “GUI Client” IP addresses both by a service protecting firewall and by Check Point Multi Domain server.

Client access to management domain is restricted to authorised administrators only who authenticate using Two-Factor Authentication.
Access restriction testing frequency Less than once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 12/10/2018
What the ISO/IEC 27001 doesn’t cover N.A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications ISO 9001

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Our CTO has direct responsibility for our security policies and we have an Information Security Management System manual in place.We work to ISO 27001 Standards.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Configuration and Change Management processes are in place with formal management responsibilities and procedures assigned to ensure appropriate change control. Changes are logged for audit and all relevant information is retained.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability scanning is performed using industry leading services. Processes are in place to ensure that patching and remedial actions are taken in a regimented and consistent fashion to limit the business impact of newly discovered vulnerabilities.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our Protective Monitoring Approach conforms with ISO27001 Standards for logging and monitoring our services, and how to identify, handle and respond to incidents quickly.
Incident management type Supplier-defined controls
Incident management approach Our Incident Management Approach conforms with ISO27001 Standards.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres No

Pricing

Pricing
Price £4000 per device per year
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑