Caretower Ltd.

Check Point Cloudguard Iaas for Microsoft Azure

Check Point's vSEC Microsoft Azure Security Gateway protects your assets from internal and external threats with the full range of Check Point Software Blades. Combined with advanced integration options, security is tailored to fit the most dynamic environment needs. Virtual and physical gateways are managed by our unified management platform.

Features

  • Stateful inspection firewall and Intrusion Prevention System
  • Antivirus and Anti-bot protect the cloud from malicious attacks
  • Application Control mitigates application DDOS attacks and protects cloud services
  • Data Loss Prevention protects sensitive data from theft/unintentional loss
  • SandBlast provides protection against malware and zero-day attacks
  • IPSec VPN & Mobile access(SSL) secures communication to the cloud
  • vSEC provides lateral threat prevention internal to the public cloud
  • Centralized management for cloud and on-premise infrastructure
  • Consolidated logs and reporting for hybrid cloud environments

Benefits

  • Easily extend security to your Google cloud
  • Protect Azure Cloud-hosted apps against malware
  • Provide CPU-level security in software-defined networking environments hosted on AWS
  • Prevent cross-application malware infection within Azure environments
  • Full protections of the Check Point Software Blade architecture
  • Safeguard against data and infrastructure breaches
  • Securely connect enterprise and mobile users
  • Advanced protection against malware and zero-day attacks
  • Single pane-of-glass management drives a lower security cost
  • Consistent policy and threat visibility across cloud and on-premise deployments

Pricing

£1120 per instance

  • Education pricing available
  • Free trial available

Service documents

Framework

G-Cloud 11

Service ID

2 2 5 0 2 1 3 4 8 5 9 2 5 0 5

Contact

Caretower Ltd.

Davide Poli

02083729246

pro5@caretower.com

Service scope

Service constraints
No obvious constraints, it requires underlying Azure Cloud compute power in the form of their Azure Cloud cores to be able to run as this is simply just the yearly licensing fee and associated software. If you want to deploy more than two IaaS gateways, you will need distributed management
System requirements
  • Azure Cloud Compute power
  • Appropriate connectivity from your network
  • A Check Point User Center Account and ID

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard Support Customers have an SLA of 4h for Severity 2,3,4 Questions and 30 Minutes for Severity 1 Questions. Premium support customers have an SLA of 4h for sev 3-4, 2h for sev 2, and 30 mins for sev 1. Elite support customers have an SLA for 4h for Sev 3-4, 30 mins for Sev 1-2.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Customers can log into Check Point Web Chat via www.checkpoint.com, Then they would click support, support center and the underneath "Get Help" select Live Chat.
Web chat accessibility testing
N/A
Onsite support
Yes, at extra cost
Support levels
"1. Check Point Standard Support: SLA 9x5 Buisness Day. Response Time Severity 1: 30 Minutes, Severity 2,3,4 4 Hours.

2. Check Point Premium Support: SLA 7 x 24 Every Day. Response Time Severity 1: 30 Minutes, Severity 2,2 Hours and Severity 3 & 4 4 Hours.

3.Check Point Elite Support: SLA 7 x 24 Every Day. On Site Engineer for Critcal SRs Response Time Severity 1: 30 Minutes, Severity 2 30 minutes and Severity 3 & 4 4 Hours.

we can provide a TAM at a cost from Professional services and any support tickets that arise associated to the platform will be dealt by engineers skilled on the platform.

The cost of support is often done on a percentage basis, per total license cost of entire purchase.

Standard is free and allows customer to file support tickets with Check Point. Premium Support is priced at 7% the total Subscription price and Elite is priced at 10%."
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once Cloudguard IaaS is purchased, a UC (User Center) will be created if one does not already exist and the procured number of licenses (counted per core required) will associated with this UC alongside the correct level of support and from there please follow the SecureKnowledge article. (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk104418&partition=General&product=vSEC)
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
At the end of the contract, the user will still be able to use the technology but not be entitled to any updates, hotfixes or support.
End-of-contract process
At the end of the contract, the user will still be able to use the technology but not be entitled to any updates, hotfixes or support.

Using the service

Web browser interface
Yes
Using the web interface
Users Can set network management, System management, Configure Advacned Routing, Manage users, High availability tools, maintaince and software updates on the web interface
Web interface accessibility standard
None or don’t know
How the web interface is accessible
You can access the web interface from the management IP address of the instance.
Web interface accessibility testing
None
API
Yes
What users can and can't do using the API
Users can use APIs to allow the system to access, manipluate, delete, change, add resource on applications or gateways via web servcies.
API automation tools
Ansible
API documentation
Yes
API documentation formats
  • HTML
  • PDF
  • Other
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface
Users can implement Linux and other commands to process or access information or tasks.

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
Check Point Virtual Machine Scale Set (VMSS) will auto scale the traffic across the load balancers.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Check Point

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
Any data on the device is securely stored within a hardened machine image under the Gaia OS.
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery
Yes
Backup controls
Users can set which back ups are used and when the back ups take place.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
This is purely dictated by the host cloud provider uptime SLAs
Approach to resilience
Check Point Vsec Gateway for Microsoft Azure is designed to be resilient through high availability and load sharing.
Outage reporting
Through Check Point Smart Log you can see outages and any service disruption.

Identity and authentication

User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication
RADIUS, TACACS; SecureID
Access restrictions in management interfaces and support channels
Within Check Point R80.10 Management Console you can control which admins can access what parts or make changes to whichs parts on the management or policies.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Third Party Accredited
ISO/IEC 27001 accreditation date
Microsoft Azure Defined
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
Yes
Who accredited the ISO 28000:2007
Third party accredited
ISO 28000:2007 accreditation date
Microsoft Azure Defined
What the ISO 28000:2007 doesn’t cover
N/A
CSA STAR certification
Yes
CSA STAR accreditation date
Microsoft Azure Defined
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
N/A
PCI certification
Yes
Who accredited the PCI DSS certification
Third party accredited
PCI DSS accreditation date
Microsoft Azure Defined
What the PCI DSS doesn’t cover
N/A
Other security certifications
No

Security governance

Named board-level person responsible for service security
No
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Section 404 of the Sarbanes Oxley Act

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
User Defined
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
User Defined
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
User Defined
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
User Defined

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Amazon
How shared infrastructure is kept separate
Microsoft Azure infrastructure is designed from the facility to applications for hosting millions of customers simultaneously, and it provides a trustworthy foundation upon which businesses can meet their security needs.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
https://www.microsoft.com/en-us/legal/compliance/energy

Pricing

Price
£1120 per instance
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
To begin a trial service you can access an eval license from the aws marketplace if you search Check Point Cloud Guard IaaS, sign in and deploy a PAYG VM which will include a 30 day free trial of Cloudguard IaaS and all of its features.

Service documents

Return to top ↑