End Point (Endpoint) security services on Check Point

EndPoint (or End Point) protection is aimed at protecting all our devices all of the time even when we are mobile. Controlling access and encouraging safe usage. Applies to laptops, PCs, tablets, mobile phones (of all flavours). Management and Monitoring also available


  • End Point protection against modern cyber threats: zero-day vulnerabilites
  • Enforcement of usage policy on devices
  • Provision of Anti-virus
  • Granular policies for mobile and fixed endpoint devices
  • Built-in integration with enterprise directories, SIEM and MDM
  • Light touch, optimized security, so lower costs
  • Minimal performance impact and false positives on devices and networks
  • Comprehensive centralised view of user security
  • Automatic sharing of threat intelligence globally


  • Discover Shadow IT & Risk eliminating the IT blindspot
  • Prevent leaks of sensitive data via USB or cloud storage
  • Block cyber attacks by the rapid detection of anomalies
  • Advanced protection against known and unknown attacks
  • Reduce risk of downloading or distributing malware
  • Spot data leakage from inside staff or malware
  • Apply consistent security on all types of end-points
  • Patching and security updates from threat intelligence built-in
  • Always-on security for all traffic even when mobile or @home
  • Mobile Security: secure users in any location, any device


£1.5 to £10 per device per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10



Simon Moore


Service scope

Service scope
Software add-on or extension No
Cloud deployment model Private cloud
Service constraints No
System requirements
  • Software licence per protected Endpoint
  • Endpoints, need to be pointed at management service

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Our support is available 24x7x365. We categorise all incidents as P1, P2 or P3. The response times for each are as follows: P1 - 30 minutes P2 - 4 hrs P3 - 8 hrs

Costs can be reduced by dropping service to 8x5 or NBD
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing Vendor Defined capability
Onsite support Yes, at extra cost
Support levels NBD, 8x5, 24x7.

A client engaged technical account manager can be provided, but required when multiple services are engaged to ensure interoperability and cost benefits. Once configured the service is stable and only needs client based support knowledge on major changes - this will be addressed through documentation.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Initial consultation on configuration of the Software included. Additionally, 1. If the customer chooses to install with their own resources, we can provide HiveLOGIC support through HiveLOGIC consultancy services 2. Provide support for: - SOC Services, including Monitoring and Reporting - Rapid Response service to events and observations 3. Training Workshops 4. Direct, side-by-side support 5. Issue and problem resolution
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Only data held in service are security logs and configuration details. Both can be exported if necessary
End-of-contract process No additional services required, service simply stops and user redirects their end points to send traffic to other destinations.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Nil
Accessibility standards WCAG 2.0 AA or EN 301 549
Accessibility testing N/A
What users can and can't do using the API Allow the security tools to understand the information flows that need inspecting in custom applications. Equivalent to signatures and content correlation rules in firewalls and SIEM systems.
API documentation Yes
API documentation formats PDF
API sandbox or test environment No
Customisation available Yes
Description of customisation 1) Look and feel of GUI.
2) policy based security rules that enforced by the management engine. Ie can users use Facebook for example


Independence of resources Management is scaled on a cloud and resources are increased linearly with demand as a licence is sold per endpoint being protected.


Service usage metrics Yes
Metrics types Details are provided on traffic flows and hits on security rules
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold CheckPoint

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Via the web based management console, and download of data
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.999% Up time
Approach to resilience Multiple Instances, hardware and datacentres
Outage reporting API, dashboard and email alerts

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Management interfaces may only be accessed from known addresses and via privilege account management based authentication.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date 22/05/2015
CSA STAR certification level Level 3: CSA STAR Certification
What the CSA STAR doesn’t cover None
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We work as a network of SMEs supported by larger businesses where scale, and costs make this sensible. Design and service ownership always resides with the Hd of Operations within HiveLOGIC (HL). We then outsource the day to day manning of our service desk to Westcon/ Comstor owing to the economies of scale they can achieve.

HL assesses service levels, SLAs, policies and procedures provided by Westcon on a regular basis :6 monthly or less and on demand.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Other than patching and software levels, Any change is limited to configuration of the software controls. All such changes are assessed for security impact, as this a security based service

All configuration details are also recorded and changes are documented to enable auditing.
Vulnerability management type Undisclosed
Vulnerability management approach Threats to the system are constantly assessed by the vendor (CheckPoint) and changes made to the software base.

The infrastructure which hosts the cloud broker is constantly updated against threat intelligence and internal recommendations.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The vendor provided cloud service, sold as a licence per end user is constantly monitored for breaches and attacks. As a security enforcement point it is assumed attack is inevitable and every measure is taken to continually tighten security and monitor for potential of breach.
Incident management type Supplier-defined controls
Incident management approach Incidents in the cloud service are actively driven out.

Incidents on client devices or against client applications are reported and acted upon as per policy. Any known attacks are instantly stopped. non-malicious, unauthorised accesses are blocked and then investigated as potential false positives.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £1.5 to £10 per device per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial One month trial of the full service for a limited test user set.


Pricing document View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑