Phoenix Software Ltd

Cloudguard Iaas for Azure

Check Point's vSEC Azure Security Gateway protects your assets from internal and external threats with the full range of Check Point Software Blades. Combined with advanced integration options, security is tailored to fit the most dynamic environment needs. Virtual gateways and physical gateways are managed by our unified management platform.

Features

  • Easily extend security to your Azure cloud
  • Protect Azure Cloud-hosted apps against malware
  • Provide CPU-level security in software-defined networking environments hosted on Azure
  • Prevent cross-application malware infection within Azure environments
  • Full protections of the Check Point Software Blade architecture
  • Safeguard against data and infrastructure breaches
  • Securely connect enterprise and mobile users
  • Advanced protection against malware and zero-day attacks
  • Single pane-of-glass management drives a lower security cost

Benefits

  • Stateful inspection firewall, and industry leading Intrusion Prevention System
  • Antivirus, and Anti-bot protect the cloud from malicious attacks
  • Mobile access delivers an SSL encrypted connection to Azure
  • Two-factor authentication and device pairing ensure security
  • Data Loss Prevention protects sensitive data from theft/unintentional loss
  • Provides the most advanced protection against malware and zero-day attacks
  • Cloudguard provides lateral threat prevention internal to the public cloud
  • One-click deployment using the Azure Resource Manager templates

Pricing

£612 per server per year

Service documents

G-Cloud 10

446696124192909

Phoenix Software Ltd

Jonny Scott

01904 562200

gcloud@phoenixs.co.uk

Service scope

Service scope
Service constraints "No obvious constraints, it requires underlying azure compute power in the form of their azure cores to be able to run as this is simply just the yearly licensing fee and associated software.

If you want to deploy more than two IaaS gateways, you will need distributed management"
System requirements
  • Azure Compute power (Azure Cores) Appropriate connectivity from your network
  • A Check Point User Center Account and ID

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Yes, Standard Support Customers have an SLA of 4 Hours for Severity 2,3,4 Questions and 30 Minutes for Severity 1 Questions. Yes, Premium Support Customers have an SLA of 4 Hours for Severity 3,4 Questions, 2 Hours for Severity 2 and 30 Minutes for Severity 1 Questions. Yes, Elite Support Customers have an SLA of 4 hours for Severity 3,4 Questions and 30 minutes for Severity 1,2 Questions .
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Customers can log into Check Point Web Chat via www.checkpoint.com, Then they would click support, support center and the underneath "Get Help" select Live Chat.
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels Check Point Standard Support: SLA 9x5 Buisness Day. Response Time Severity 1: 30 Minutes, Severity 2,3,4 4 Hours. Latest hotfixes yes, Major Upgrades and Enhancements Yes. Check Point Premium Support: SLA 7 x 24 Every Day. Response Time Severity 1: 30 Minutes, Severity 2,2 Hours and Severity 3 & 4 4 Hours. Latest hotfixes yes, Major Upgrades and Enhancements Yes. Check Point Elite Support: SLA 7 x 24 Every Day. On Site Engineer for Critcal SRs Response Time Severity 1: 30 Minutes, Severity 2 30 minutes and Severity 3 & 4 4 Hours. Latest hotfixes yes, Major Upgrades and Enhancements Yes. Check Point Diamond Support: SLA 7 x 24 Every Day. Designated Diamond Engineer Response Time Severity 1: 30 Minutes, Severity 2,3,4 based on level of support(Standard, Premium or Elite. Latest hotfixes yes, Major Upgrades and Enhancements Yes.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Users have documentation and getting started guides.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Users can extract all of their data in a file. And delete their technology instances.
End-of-contract process At the end of the contract, the user will still be able to use the technology but not be entitled to any updates, hotfixes or support.

Using the service

Using the service
Web browser interface Yes
Using the web interface Users Can set network management, System management, Configure Advacned Routing, Manage users, High availability tools, maintaince and software updates on the web interface
Web interface accessibility standard None or don’t know
How the web interface is accessible You can access the web interface from the management IP address of the instance.
Web interface accessibility testing None
API Yes
What users can and can't do using the API Users can use APIs to allow the system to access, manipluate, delete, change, add resource on applications or gateways via web servcies.
API automation tools Ansible
API documentation Yes
API documentation formats
  • HTML
  • PDF
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface Users can implement Linux and other commands to process or access infromation or tasks.

Scaling

Scaling
Scaling available Yes
Scaling type Automatic
Independence of resources Check Point Virtual Machine Scale Set (VMSS) will auto scale the traffic across the load balancers.
Usage notifications Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold Check Point Software Technologies

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach Any data on the device is securely stored within a hardened machine image under the Gaia OS.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up Users can Snapshot, System BackUp and save configuration.
Backup controls Users can set which back ups are used and when the back ups take place.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Data is protected between ourselves, Azure and the customers network through security VPN tunnels.

Availability and resilience

Availability and resilience
Guaranteed availability Check Point Vsec Gateway for Azure is designed to be resilient through high availability, load sharing or autoscaling.
Approach to resilience Check Point Vsec Gateway for Azure is designed to be resllient through high availability, load sharing or autoscaling.
Outage reporting Through Check Point Smart Log you can see outages and any service disruption.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Username or password
  • Other
Other user authentication Administrators authenticate through prefered method. Remote users or network users authenticate through AD query or 2FA
Access restrictions in management interfaces and support channels Within Check Point R80.10 Management Console you can control which admins can access what parts or make changes to whichs parts on the management or policies.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification Yes
Who accredited the ISO 28000:2007 BSI
ISO 28000:2007 accreditation date 21/01/2016
What the ISO 28000:2007 doesn’t cover N/A
CSA STAR certification Yes
CSA STAR accreditation date Microsoft Defined
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover Microsoft Defined
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO 27001

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach User defined
Vulnerability management type Supplier-defined controls
Vulnerability management approach User defined
Protective monitoring type Supplier-defined controls
Protective monitoring approach User defined
Incident management type Supplier-defined controls
Incident management approach Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider Azurre
How shared infrastructure is kept separate Azure’s infrastructure is designed from the facility to applications for hosting millions of customers simultaneously, and it provides a trustworthy foundation upon which businesses can meet their security needs.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £612 per server per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial 15 Day Evalution license
Link to free trial https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk111841

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑