Pentesec Ltd

Check Point Hosted Management Service

With Pentesec, your Check Point Management Server will be hosted on an Enterprise High Availability Multi-Domain Server Cluster, across geographically separated Datacenters.

This provides constant availability and scaling resource management, all backed up with
an industry leading Enterprise SLA and without losing the ability to self manage your organisation’s security.

Features

  • 24 x 7 Management Monitoring
  • 24x7 Gateway Monitoring
  • Upgrades and Patching Included
  • Daily Policy and Database Backup
  • 12 Hour Disaster Recovery Plan
  • 100% Availability (HA + Geographical Seperation)
  • 12 Months of logs available.
  • Monitor all Check Point Firewalls, with alerts, statistics and trends.
  • Smart Event server hosted on the Multi-Domain environment
  • Service Hosted on Enterprise Dual CMA on HA MDS

Benefits

  • All upgrades and patching actioned by qualified Check Point experts
  • No caps on hardware resources, allocation will scale with you.
  • Extended availability of SmartTracker logs
  • Discounted Pentesec services, including Managed IPS, and Firewall Managed Service.
  • Priced per gateway – only pay for what you use.
  • You remain in complete control of your environment.
  • View via Web Portal or App, direct to your mobile.
  • 2 Weeks active SmartLog network logs for quick fault resolution.
  • High availability Domain blades on Multi-Domain Servers
  • Considerable cost saving vs owning on site management server.

Pricing

£4000 per device per year

  • Education pricing available

Service documents

Framework

G-Cloud 11

Service ID

1 3 0 3 8 7 3 0 2 0 6 0 8 6 9

Contact

Pentesec Ltd

Richard Bass

0845 519 1337

richard.bass@pentesec.com

Service scope

Service constraints
This service is limited to the management of Check Point R80.x SmartCenter services, for the management of R80.x and any supported lesser version Check Point firewalls and enforcement points.
System requirements
  • Check Point Platform Only
  • Intended to replace on-site management device for Check Point Estates

User support

Email or online ticketing support
Email or online ticketing
Support response times
Pentesec provide guaranteed response times: P1 Fatal issues will be responded to within 30 minutes between 8am and 6pm and 60 minutes out of hours. P2 High severity issues will be managed within 60 minutes in hours and 120 Minutes out of hours. P3 Medium issues will take 180 minutes in ours only, P4 Low issues will be responded to within 1 business day.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
All customers receive a dedicated account manager responsible for balancing their communications with our technical team.

Support can be provided 24/7 via phone and web portal. Monitoring is available 24/7 - 100% availability SLA.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The service is activated according to client requirements. Training is available. Full on-boarding and transition support is included.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Client data is made available to the client upon request at the conclusion of the contract.
End-of-contract process
The service includes the off-boarding of client data, client related documentation, and client connectivity.

Using the service

Web browser interface
Yes
Using the web interface
The Check Point Hosted Management Platform that Pentesec have built provides a web interface where users can administer their Check Point firewalls in much the same way they would be able to if they had their own management device on site. The usability is no different, the benefit is the reduced costs, reduced hardware maintenance and increased resilience.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Users would be limited to the functionality offered by Check Point's management GUI and the software blades applied.
Web interface accessibility testing
The user's browser should provide assistance on using this service as standard.
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
We constantly monitor health and performance to pro-actively maintain a healthy and functional system.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Other
Other data at rest protection approach
-
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Event Logs Backup and Recovery
  • Security Reports Backup and Recovery
  • Statistics and Trends
  • Management configuration Backup and Recovery
  • Firewall Policy Backup and Recovery
  • Database Backup and Recovery
Backup controls
Backups are taken on a preset daily schedule.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
100% SLA available on High Availability Management Servers across geographically separated data centres.
Approach to resilience
This information is available on request.
Outage reporting
Outages are reported via email alert.

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Client access to management domain is restricted to known “GUI Client” IP addresses both by a service protecting firewall and by Check Point Multi Domain server.

Client access to management domain is restricted to authorised administrators only who authenticate using Two-Factor Authentication.
Access restriction testing frequency
Less than once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
12/10/2018
What the ISO/IEC 27001 doesn’t cover
N.A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
ISO 9001

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our CTO has direct responsibility for our security policies and we have an Information Security Management System manual in place.We work to ISO 27001 Standards.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration and Change Management processes are in place with formal management responsibilities and procedures assigned to ensure appropriate change control. Changes are logged for audit and all relevant information is retained.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability scanning is performed using industry leading services. Processes are in place to ensure that patching and remedial actions are taken in a regimented and consistent fashion to limit the business impact of newly discovered vulnerabilities.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our Protective Monitoring Approach conforms with ISO27001 Standards for logging and monitoring our services, and how to identify, handle and respond to incidents quickly.
Incident management type
Supplier-defined controls
Incident management approach
Our Incident Management Approach conforms with ISO27001 Standards.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£4000 per device per year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Return to top ↑