Pentesec Ltd

Check Point Capsule Cloud

With Check Point Capsule Cloud, organisations are able to leverage protections from all Check Point Software Blades as a cloud-based service, protecting the network and their users from threats everywhere they go; preventing suspicious file downloads, blocking malicious websites, and stopping bots before they have a chance to cause damage.

Features

  • Security as a service
  • Unified Management for cloud and physical gateways.
  • Protect users off the network with the same security policies
  • Always on resilient deployment
  • Identity aware policy engine with Active Directory integration.
  • Protections against unknown threats
  • URL Filtering and Application Control
  • Zero Day Threat Prevention
  • Logging and Reporting Functionality
  • IPS, Anti Virus and Anti Bot functionality

Benefits

  • Can replace the use of SMB appliances at smaller sites.
  • Lower TCO and admin overheads
  • Integrates with AD, allows Identity Awareness and SSO functionality
  • Seamless integration with other Check Point products
  • No requirement to deploy additional hardware
  • Can be deployed as a cloud only service.
  • Can integrate with current management for both policy and logging
  • No need for existing Check Point infrastructure
  • Constant intelligence feed and updates from Threat Cloud
  • Ease of deployment, Can deploy client using GPO.

Pricing

£1.08 to £2.15 per user per month

Service documents

Framework

G-Cloud 11

Service ID

8 7 2 8 7 4 0 0 0 1 7 7 7 9 2

Contact

Pentesec Ltd

Richard Bass

0845 519 1337

richard.bass@pentesec.com

Service scope

Service constraints
The cloud gateway can be integrated seamlessly into existing infrastructure, yet also offers the flexibility of quick and easily established protections for those with no current Check Point infrastructure.
System requirements
  • Deploys on most existing routers using IPSEC VPN
  • Single Sign on with SAML and Kerberos Authentication
  • Geo-redundant, selectable service locations
  • PC and Mac compatible
  • Android Support
  • IOS Support
  • Proxy service available

User support

Email or online ticketing support
Email or online ticketing
Support response times
Pentesec provide guaranteed response times: P1 Fatal issues will be responded to within 30 minutes between 8am and 6pm and 60 minutes out of hours. P2 High severity issues will be managed within 60 minutes in hours and 120 Minutes out of hours. P3 Medium issues will take 180 minutes in ours only, P4 Low issues will be responded to within 1 business day.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
All customers receive a dedicated account manager responsible for balancing their communications with our technical team.

Support can be provided in office hours which are 8am to 6pm Monday to Friday as 'Standard' and we provide 'Premium' support 24/7.

Pricing is dependent on the number of licences, and level of support required.

Support tickets are assigned to a technical expert who is responsible for managing that specific case.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Upon sign up, Pentesec request a list of any authorised personnel who can log, access and change tickets on your organisation's behalf.

Those users are then sent credentials, instructions and log in tokens to enable them to utilise our support service.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Once the contract comes to an end, all data collated will be returned in a pre-agreed format.
End-of-contract process
Service will cease at the end of the contract term. All customer data will be returned in a pre-agreed format on request.

Using the service

Web browser interface
Yes
Using the web interface
An account manager will on board new customers and assign them access to the Pentesec web portal. There you can track tickets, log calls, request call backs and access our services.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The Pentesec Portal is accessible via web browser.
Web interface accessibility testing
The foundation framework that our portal is built within has accessibility features for assistive technology users.
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
Check Point have data centres worldwide and strives to provide service uptime that is equal or greater than 99.99% calculated per calendar month.
Usage notifications
Yes
Usage reporting
Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
Other
Other metrics
  • Support Requests
  • SLA Response
Reporting types
Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Check Point

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Other
Other data at rest protection approach
TBC
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Redundant systems and networks are deployed across servicing components
  • Load balancing ensures service availability in case of component failure
  • Policy, users, logs and configurations are stored in redundant locations.
Backup controls
These backup options are provided by Check Point in the back end of their service and cannot be controlled.

DRP: In case of data center failure, automatic failover is deployed to an alternate data center. (Note: Selecting a specific data center (for example, in EU) will cause the loss of data center failover functionality.)

Check Point enforces internal policies to control the retention of backup data. All data is backed up at each data centre, on a rotating schedule of incremental and full backups.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Support response times

In Hours SLA: P1 - 30 Minutes P2 - 60 Minutes P3 - 180 Minutes P4 - 1 Business Day

Out of Hours SLA: P1 - 60 Minutes P2 - 120 Minutes

Escalation path to Check Point available, with 24/7 response.
Approach to resilience
This Information is available on request.
Outage reporting
Email Alerts

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
  • Other
Other user authentication
Users can only be added and removed to the support portal by an authorised technical point of contact.
Access restrictions in management interfaces and support channels
If users are not authorised technical points of contact then they cannot access support channels.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
12/10/2018
What the ISO/IEC 27001 doesn’t cover
NA
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Our information security governance manual is available upon request.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Configuration and Change Management processes are in place with formal management responsibilities and procedures assigned to ensure appropriate change control. Changes are logged for audit and all relevant information is retained.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerability scanning of our support platform is performed using industry leading services. Processes are in place to ensure that patching and remedial actions are taken in a regimented and consistent fashion to limit the business impact of newly discovered vulnerabilities.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Our Protective Monitoring Approach conforms with ISO27001 Standards for logging and monitoring our services, and how to identify, handle and respond to incidents quickly.
Incident management type
Supplier-defined controls
Incident management approach
Our Incident Management Approach conforms with ISO27001 Standards.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£1.08 to £2.15 per user per month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Available for 25 users for up to 30 days.
Link to free trial
Enquiries@pentesec.com

Service documents

Return to top ↑