Caretower Ltd.

Check Point Cloudguard Iaas for Microsoft Azure

Check Point's vSEC Microsoft Azure Security Gateway protects your assets from internal and external threats with the full range of Check Point Software Blades. Combined with advanced integration options, security is tailored to fit the most dynamic environment needs. Virtual and physical gateways are managed by our unified management platform.

Features

  • Stateful inspection firewall and Intrusion Prevention System
  • Antivirus and Anti-bot protect the cloud from malicious attacks
  • Application Control mitigates application DDOS attacks and protects cloud services
  • Data Loss Prevention protects sensitive data from theft/unintentional loss
  • SandBlast provides protection against malware and zero-day attacks
  • IPSec VPN & Mobile access(SSL) secures communication to the cloud
  • vSEC provides lateral threat prevention internal to the public cloud
  • Centralized management for cloud and on-premise infrastructure
  • Consolidated logs and reporting for hybrid cloud environments

Benefits

  • Easily extend security to your Google cloud
  • Protect Azure Cloud-hosted apps against malware
  • Provide CPU-level security in software-defined networking environments hosted on AWS
  • Prevent cross-application malware infection within Azure environments
  • Full protections of the Check Point Software Blade architecture
  • Safeguard against data and infrastructure breaches
  • Securely connect enterprise and mobile users
  • Advanced protection against malware and zero-day attacks
  • Single pane-of-glass management drives a lower security cost
  • Consistent policy and threat visibility across cloud and on-premise deployments

Pricing

£1120 per instance

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

225021348592505

Caretower Ltd.

Davide Poli

02083729246

pro5@caretower.com

Service scope

Service scope
Service constraints No obvious constraints, it requires underlying Azure Cloud compute power in the form of their Azure Cloud cores to be able to run as this is simply just the yearly licensing fee and associated software. If you want to deploy more than two IaaS gateways, you will need distributed management
System requirements
  • Azure Cloud Compute power
  • Appropriate connectivity from your network
  • A Check Point User Center Account and ID

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Standard Support Customers have an SLA of 4h for Severity 2,3,4 Questions and 30 Minutes for Severity 1 Questions. Premium support customers have an SLA of 4h for sev 3-4, 2h for sev 2, and 30 mins for sev 1. Elite support customers have an SLA for 4h for Sev 3-4, 30 mins for Sev 1-2.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Customers can log into Check Point Web Chat via www.checkpoint.com, Then they would click support, support center and the underneath "Get Help" select Live Chat.
Web chat accessibility testing N/A
Onsite support Yes, at extra cost
Support levels "1. Check Point Standard Support: SLA 9x5 Buisness Day. Response Time Severity 1: 30 Minutes, Severity 2,3,4 4 Hours.

2. Check Point Premium Support: SLA 7 x 24 Every Day. Response Time Severity 1: 30 Minutes, Severity 2,2 Hours and Severity 3 & 4 4 Hours.

3.Check Point Elite Support: SLA 7 x 24 Every Day. On Site Engineer for Critcal SRs Response Time Severity 1: 30 Minutes, Severity 2 30 minutes and Severity 3 & 4 4 Hours.

we can provide a TAM at a cost from Professional services and any support tickets that arise associated to the platform will be dealt by engineers skilled on the platform.

The cost of support is often done on a percentage basis, per total license cost of entire purchase.

Standard is free and allows customer to file support tickets with Check Point. Premium Support is priced at 7% the total Subscription price and Elite is priced at 10%."
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Once Cloudguard IaaS is purchased, a UC (User Center) will be created if one does not already exist and the procured number of licenses (counted per core required) will associated with this UC alongside the correct level of support and from there please follow the SecureKnowledge article. (https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk104418&partition=General&product=vSEC)
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction At the end of the contract, the user will still be able to use the technology but not be entitled to any updates, hotfixes or support.
End-of-contract process At the end of the contract, the user will still be able to use the technology but not be entitled to any updates, hotfixes or support.

Using the service

Using the service
Web browser interface Yes
Using the web interface Users Can set network management, System management, Configure Advacned Routing, Manage users, High availability tools, maintaince and software updates on the web interface
Web interface accessibility standard None or don’t know
How the web interface is accessible You can access the web interface from the management IP address of the instance.
Web interface accessibility testing None
API Yes
What users can and can't do using the API Users can use APIs to allow the system to access, manipluate, delete, change, add resource on applications or gateways via web servcies.
API automation tools Ansible
API documentation Yes
API documentation formats
  • HTML
  • PDF
  • Other
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface Users can implement Linux and other commands to process or access information or tasks.

Scaling

Scaling
Scaling available Yes
Scaling type Automatic
Independence of resources Check Point Virtual Machine Scale Set (VMSS) will auto scale the traffic across the load balancers.
Usage notifications Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Check Point

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Any data on the device is securely stored within a hardened machine image under the Gaia OS.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
Backup controls Users can set which back ups are used and when the back ups take place.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability This is purely dictated by the host cloud provider uptime SLAs
Approach to resilience Check Point Vsec Gateway for Microsoft Azure is designed to be resilient through high availability and load sharing.
Outage reporting Through Check Point Smart Log you can see outages and any service disruption.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication RADIUS, TACACS; SecureID
Access restrictions in management interfaces and support channels Within Check Point R80.10 Management Console you can control which admins can access what parts or make changes to whichs parts on the management or policies.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Third Party Accredited
ISO/IEC 27001 accreditation date Microsoft Azure Defined
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification Yes
Who accredited the ISO 28000:2007 Third party accredited
ISO 28000:2007 accreditation date Microsoft Azure Defined
What the ISO 28000:2007 doesn’t cover N/A
CSA STAR certification Yes
CSA STAR accreditation date Microsoft Azure Defined
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover N/A
PCI certification Yes
Who accredited the PCI DSS certification Third party accredited
PCI DSS accreditation date Microsoft Azure Defined
What the PCI DSS doesn’t cover N/A
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security No
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Section 404 of the Sarbanes Oxley Act

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach User Defined
Vulnerability management type Supplier-defined controls
Vulnerability management approach User Defined
Protective monitoring type Supplier-defined controls
Protective monitoring approach User Defined
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach User Defined

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider Amazon
How shared infrastructure is kept separate Microsoft Azure infrastructure is designed from the facility to applications for hosting millions of customers simultaneously, and it provides a trustworthy foundation upon which businesses can meet their security needs.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres https://www.microsoft.com/en-us/legal/compliance/energy

Pricing

Pricing
Price £1120 per instance
Discount for educational organisations Yes
Free trial available Yes
Description of free trial To begin a trial service you can access an eval license from the aws marketplace if you search Check Point Cloud Guard IaaS, sign in and deploy a PAYG VM which will include a 30 day free trial of Cloudguard IaaS and all of its features.

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑