CDW Limited

CDW Check Point CloudGuard Iaas for Amazon AWS

CheckPoint's vSEC Amazon AWS Security Gateway protects your assets from internal and external threats with the full range of Check Point Software Blades. Combined with advanced integration options, security is tailored to fit the most dynamic environment needs. Virtual gateways and physical gateways are managed by our unified management platform.

Features

  • Stateful inspection firewall, industry leading Intrusion Prevention System
  • Antivirus, and Anti-bot protect the cloud from malicious attacks
  • Application Control mitigates application DDOS attacks
  • IPSec VPN/Mobile access (SSL) secures communication to the cloud
  • Data Loss Prevention protects sensitive data from theft/unintentional loss
  • SandBlast provides the most advanced protection against attack
  • vSEC provides lateral threat prevention internal to the public cloud
  • Centralized management for cloud and on-premise infrastructure
  • Consolidated logs and reporting for hybrid cloud environments

Benefits

  • Easily extend security to your Amazon AWS cloud
  • Protect Amazon AWS Cloud-hosted apps against malware
  • Provide CPU-level security in software-defined networking environments
  • Prevent cross-application malware infection
  • Full protections of the Check Point Software Blade architecture
  • Safeguard against data and infrastructure breaches
  • Securely connect enterprise and mobile users
  • Advanced protection against malware and zero-day attacks
  • Single pane-of-glass management drives a lower security cost
  • Consistent policy and threat visibility across cloud and on-premise deployments

Pricing

£1,120 an instance a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@uk.cdw.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

2 9 2 9 4 6 0 0 7 3 0 8 9 5 3

Contact

CDW Limited Andy Wood
Telephone: 0161 837 7744
Email: tenders@uk.cdw.com

Service scope

Service constraints
"No obvious constraints, it requires underlying Amazon AWS compute power in the form of their Amazon AWS cores to be able to run as this is simply just the yearly licensing fee and associated software.
If you want to deploy more than two IaaS gateways, you will need distributed management"
System requirements
  • AWS Compute power (AWS Cores)
  • Appropriate connectivity from your network
  • A Check Point User Center Account and ID

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Standard Support Customers have an SLA of 4 Hours for Severity 2,3,4 Questions and 30 Minutes for Severity 1 Questions.
Premium Support Customers have an SLA of 4 Hours for Severity 3,4 Questions, 2 Hours for Severity 2 and 30 Minutes for Severity 1 Questions.
Elite Support Customers have an SLA of 4 hours for Severity 3,4 Questions and 30 minutes for Severity 1,2 Questions .
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
N/a
Web chat accessibility testing
N/a
Onsite support
Yes, at extra cost
Support levels
Check Point Standard Support: SLA 9x5 Buisness Day. Response Time Severity 1: 30 Minutes, Severity 2,3,4 4 Hours. Latest hotfixes yes, Major Upgrades and Enhancements Yes. Check Point Premium Support: SLA 7 x 24 Every Day. Response Time Severity 1: 30 Minutes, Severity 2,2 Hours and Severity 3 & 4 4 Hours. Latest hotfixes yes, Major Upgrades and Enhancements Yes. Check Point Elite Support: SLA 7 x 24 Every Day. On Site Engineer for Critcal SRs Response Time Severity 1: 30 Minutes, Severity 2 30 minutes and Severity 3 & 4 4 Hours. Latest hotfixes yes, Major Upgrades and Enhancements Yes. Check Point Diamond Support: SLA 7 x 24 Every Day. Designated Diamond Engineer Response Time Severity 1: 30 Minutes, Severity 2,3,4 based on level of support(Standard, Premium or Elite. Latest hotfixes yes, Major Upgrades and Enhancements Yes.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Users have documentation and getting started guides.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Users can extract all of their data in a file. And delete their technology instances.
End-of-contract process
At the end of the contract, the user will still be able to use the technology but not be entitled to any updates, hotfixes or support.

Using the service

Web browser interface
Yes
Using the web interface
Users Can set network management, System management, Configure Advacned Routing, Manage users, High availability tools, maintaince and software updates on the web interface
Web interface accessibility standard
None or don’t know
How the web interface is accessible
N/A
Web interface accessibility testing
N/A
API
Yes
What users can and can't do using the API
Users can use APIs to allow the system to access, manipluate, delete, change, add resource on applications or gateways via web servcies.
API automation tools
Ansible
API documentation
Yes
API documentation formats
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface
Users can implement Linux and other commands to process or access information or tasks.

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
Check Point Virtual Machine Scale Set (VMSS) will auto scale the traffic across the load balancers.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller (no extras)
Organisation whose services are being resold
Checkpoint

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery
Yes
What’s backed up
Users can Snapshot, System BackUp and save configuration.
Backup controls
Users can set which back ups are used and when the back ups take place.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
This is purely dictated by the host cloud provider uptime SLAs
Approach to resilience
Check Point Vsec Gateway forAmazon AWS is designed to be resllient through high availability and load sharing.
Outage reporting
Through Check Point Smart Log you can see outages and any service disruption.

Identity and authentication

User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication
RADIUS, TACACS; SecureID
Access restrictions in management interfaces and support channels
Within Check Point R80.10 Management Console you can control which admins can access what parts or make changes to which parts on the management or policies.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
15/12/2017
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
15/12/2017
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
N/A
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
No
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Section 404 of the Sarbanes Oxley Act
Information security policies and processes
As a NASDAQ listed company, Check Point is required to comply with Section 404 of the Sarbanes Oxley Act. As such we maintain internal controls that are consistent with the guidelines of Section 404 and are audited on an annual basis, as required by law.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
User defined
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
User defined
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
User defined
Incident management type
Supplier-defined controls
Incident management approach
User defined

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
AWS
How shared infrastructure is kept separate
Amazon AWS infrastructure is designed from the facility to applications for hosting millions of customers simultaneously, and it provides a trustworthy foundation upon which businesses can meet their security needs.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
N/a

Pricing

Price
£1,120 an instance a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
15 Day Evaluation license
Link to free trial
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk111841

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@uk.cdw.com. Tell them what format you need. It will help if you say what assistive technology you use.