Check Point Hosted Management Service
With Pentesec, your Check Point Management Server will be hosted on an Enterprise High Availability Multi-Domain Server Cluster, across geographically separated Datacenters.
This provides constant availability and scaling resource management, all backed up with
an industry leading Enterprise SLA and without losing the ability to self manage your organisation’s security.
- 24 x 7 Management Monitoring
- 24x7 Gateway Monitoring
- Upgrades and Patching Included
- Daily Policy and Database Backup
- 12 Hour Disaster Recovery Plan
- 100% Availability (HA + Geographical Seperation)
- 12 Months of logs available.
- Monitor all Check Point Firewalls, with alerts, statistics and trends.
- Smart Event server hosted on the Multi-Domain environment
- Service Hosted on Enterprise Dual CMA on HA MDS
- All upgrades and patching actioned by qualified Check Point experts
- No caps on hardware resources, allocation will scale with you.
- Extended availability of SmartTracker logs
- Discounted Pentesec services, including Managed IPS, and Firewall Managed Service.
- Priced per gateway – only pay for what you use.
- You remain in complete control of your environment.
- View via Web Portal or App, direct to your mobile.
- 2 Weeks active SmartLog network logs for quick fault resolution.
- High availability Domain blades on Multi-Domain Servers
- Considerable cost saving vs owning on site management server.
£4000 per device per year
- Education pricing available
|Service constraints||This service is limited to the management of Check Point R80.x SmartCenter services, for the management of R80.x and any supported lesser version Check Point firewalls and enforcement points.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Pentesec provide guaranteed response times: P1 Fatal issues will be responded to within 30 minutes between 8am and 6pm and 60 minutes out of hours. P2 High severity issues will be managed within 60 minutes in hours and 120 Minutes out of hours. P3 Medium issues will take 180 minutes in ours only, P4 Low issues will be responded to within 1 business day.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AAA|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
All customers receive a dedicated account manager responsible for balancing their communications with our technical team.
Support can be provided 24/7 via phone and web portal. Monitoring is available 24/7 - 100% availability SLA.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||The service is activated according to client requirements. Training is available. Full on-boarding and transition support is included.|
|End-of-contract data extraction||Client data is made available to the client upon request at the conclusion of the contract.|
|End-of-contract process||The service includes the off-boarding of client data, client related documentation, and client connectivity.|
Using the service
|Web browser interface||Yes|
|Using the web interface||The Check Point Hosted Management Platform that Pentesec have built provides a web interface where users can administer their Check Point firewalls in much the same way they would be able to if they had their own management device on site. The usability is no different, the benefit is the reduced costs, reduced hardware maintenance and increased resilience.|
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||Users would be limited to the functionality offered by Check Point's management GUI and the software blades applied.|
|Web interface accessibility testing||The user's browser should provide assistance on using this service as standard.|
|Command line interface||No|
|Independence of resources||We constantly monitor health and performance to pro-actively maintain a healthy and functional system.|
|Infrastructure or application metrics||Yes|
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Supplier-defined controls|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider|
|Protecting data at rest||Other|
|Other data at rest protection approach||-|
|Data sanitisation process||Yes|
|Data sanitisation type||Explicit overwriting of storage before reallocation|
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
|Backup controls||Backups are taken on a preset daily schedule.|
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Supplier controls the whole backup schedule|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||100% SLA available on High Availability Management Servers across geographically separated data centres.|
|Approach to resilience||This information is available on request.|
|Outage reporting||Outages are reported via email alert.|
Identity and authentication
|Access restrictions in management interfaces and support channels||
Client access to management domain is restricted to known “GUI Client” IP addresses both by a service protecting firewall and by Check Point Multi Domain server.
Client access to management domain is restricted to authorised administrators only who authenticate using Two-Factor Authentication.
|Access restriction testing frequency||Less than once a year|
|Management access authentication||
|Devices users manage the service through||Directly from any device which may also be used for normal business (for example web browsing or viewing external email)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||At least 12 months|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||At least 12 months|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||British Assessment Bureau|
|ISO/IEC 27001 accreditation date||12/10/2018|
|What the ISO/IEC 27001 doesn’t cover||N.A|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||ISO 9001|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Our CTO has direct responsibility for our security policies and we have an Information Security Management System manual in place.We work to ISO 27001 Standards.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Configuration and Change Management processes are in place with formal management responsibilities and procedures assigned to ensure appropriate change control. Changes are logged for audit and all relevant information is retained.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Vulnerability scanning is performed using industry leading services. Processes are in place to ensure that patching and remedial actions are taken in a regimented and consistent fashion to limit the business impact of newly discovered vulnerabilities.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Our Protective Monitoring Approach conforms with ISO27001 Standards for logging and monitoring our services, and how to identify, handle and respond to incidents quickly.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Our Incident Management Approach conforms with ISO27001 Standards.|
|Approach to secure software development best practice||Supplier-defined process|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||No|
|Price||£4000 per device per year|
|Discount for educational organisations||Yes|
|Free trial available||No|