Pentesec Ltd

Check Point Capsule Cloud

With Check Point Capsule Cloud, organisations are able to leverage protections from all Check Point Software Blades as a cloud-based service, protecting the network and their users from threats everywhere they go; preventing suspicious file downloads, blocking malicious websites, and stopping bots before they have a chance to cause damage.


  • Security as a service
  • Unified Management for cloud and physical gateways.
  • Protect users off the network with the same security policies
  • Always on resilient deployment
  • Identity aware policy engine with Active Directory integration.
  • Protections against unknown threats
  • URL Filtering and Application Control
  • Zero Day Threat Prevention
  • Logging and Reporting Functionality
  • IPS, Anti Virus and Anti Bot functionality


  • Can replace the use of SMB appliances at smaller sites.
  • Lower TCO and admin overheads
  • Integrates with AD, allows Identity Awareness and SSO functionality
  • Seamless integration with other Check Point products
  • No requirement to deploy additional hardware
  • Can be deployed as a cloud only service.
  • Can integrate with current management for both policy and logging
  • No need for existing Check Point infrastructure
  • Constant intelligence feed and updates from Threat Cloud
  • Ease of deployment, Can deploy client using GPO.


£1.08 to £2.15 per user per month

Service documents

G-Cloud 11


Pentesec Ltd

Richard Bass

01733 889406

Service scope

Service scope
Service constraints The cloud gateway can be integrated seamlessly into existing infrastructure, yet also offers the flexibility of quick and easily established protections for those with no current Check Point infrastructure.
System requirements
  • Deploys on most existing routers using IPSEC VPN
  • Single Sign on with SAML and Kerberos Authentication
  • Geo-redundant, selectable service locations
  • PC and Mac compatible
  • Android Support
  • IOS Support
  • Proxy service available

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Pentesec provide guaranteed response times: P1 Fatal issues will be responded to within 30 minutes between 8am and 6pm and 60 minutes out of hours. P2 High severity issues will be managed within 60 minutes in hours and 120 Minutes out of hours. P3 Medium issues will take 180 minutes in ours only, P4 Low issues will be responded to within 1 business day.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels All customers receive a dedicated account manager responsible for balancing their communications with our technical team.

Support can be provided in office hours which are 8am to 6pm Monday to Friday as 'Standard' and we provide 'Premium' support 24/7.

Pricing is dependent on the number of licences, and level of support required.

Support tickets are assigned to a technical expert who is responsible for managing that specific case.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Upon sign up, Pentesec request a list of any authorised personnel who can log, access and change tickets on your organisation's behalf.

Those users are then sent credentials, instructions and log in tokens to enable them to utilise our support service.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Once the contract comes to an end, all data collated will be returned in a pre-agreed format.
End-of-contract process Service will cease at the end of the contract term. All customer data will be returned in a pre-agreed format on request.

Using the service

Using the service
Web browser interface Yes
Using the web interface An account manager will on board new customers and assign them access to the Pentesec web portal. There you can track tickets, log calls, request call backs and access our services.
Web interface accessibility standard None or don’t know
How the web interface is accessible The Pentesec Portal is accessible via web browser.
Web interface accessibility testing The foundation framework that our portal is built within has accessibility features for assistive technology users.
Command line interface No


Scaling available No
Independence of resources Check Point have data centres worldwide and strives to provide service uptime that is equal or greater than 99.99% calculated per calendar month.
Usage notifications Yes
Usage reporting Other


Infrastructure or application metrics Yes
Metrics types Other
Other metrics
  • Support Requests
  • SLA Response
Reporting types Reports on request


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Check Point

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest Other
Other data at rest protection approach TBC
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Redundant systems and networks are deployed across servicing components
  • Load balancing ensures service availability in case of component failure
  • Policy, users, logs and configurations are stored in redundant locations.
Backup controls These backup options are provided by Check Point in the back end of their service and cannot be controlled.

DRP: In case of data center failure, automatic failover is deployed to an alternate data center. (Note: Selecting a specific data center (for example, in EU) will cause the loss of data center failover functionality.)

Check Point enforces internal policies to control the retention of backup data. All data is backed up at each data centre, on a rotating schedule of incremental and full backups.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability Support response times

In Hours SLA: P1 - 30 Minutes P2 - 60 Minutes P3 - 180 Minutes P4 - 1 Business Day

Out of Hours SLA: P1 - 60 Minutes P2 - 120 Minutes

Escalation path to Check Point available, with 24/7 response.
Approach to resilience This Information is available on request.
Outage reporting Email Alerts

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication Users can only be added and removed to the support portal by an authorised technical point of contact.
Access restrictions in management interfaces and support channels If users are not authorised technical points of contact then they cannot access support channels.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 British Assessment Bureau
ISO/IEC 27001 accreditation date 12/10/2018
What the ISO/IEC 27001 doesn’t cover NA
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Our information security governance manual is available upon request.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Configuration and Change Management processes are in place with formal management responsibilities and procedures assigned to ensure appropriate change control. Changes are logged for audit and all relevant information is retained.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Vulnerability scanning of our support platform is performed using industry leading services. Processes are in place to ensure that patching and remedial actions are taken in a regimented and consistent fashion to limit the business impact of newly discovered vulnerabilities.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our Protective Monitoring Approach conforms with ISO27001 Standards for logging and monitoring our services, and how to identify, handle and respond to incidents quickly.
Incident management type Supplier-defined controls
Incident management approach Our Incident Management Approach conforms with ISO27001 Standards.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres No


Price £1.08 to £2.15 per user per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Available for 25 users for up to 30 days.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑