AnchorPoint Security » Checkpoint Unified Solutions

CheckPoint + AnchorPoint Unified Solution

AnchorPoint’s new Threat Prevention Managed Security Service combines best-of-breed threat prevention technology from Check Point with expert threat analysis

To prevent attacks on your network, 24 hours a day, seven days a week.

Benefits

Stop attacks with award-winning technology and expert analysis

  • Mitigate emerging threats rapidly with award-winning Check Point technology and AnchorPoint Security experts
  • Block attacks, protect your assets and supervise your network around the clockBlock attacks, protect your assets and supervise your network around the clockBlock attacks, protect your assets and supervise your network around the clock
  • Execute clear, actionable alerts against advanced threats and bot activity

Update your protections with Threat Prevention collaborative intelligence

  • Up-to-date global threat intelligence using a worldwide network of threat sensors
  • Proactive mitigation of threats based on global threat information
  • Real-time protection tuning delivered to Check Point gateways

Provide security monitoring, visibility and compliance

  • 24×7 fully-managed or monitoring service, to suit your needs
  • Access real-time alerts and comprehensive reports via intuitive web portal
  • Receive real-time push notifications on mobile devices, e-mail and phone
  • Based on Check Point IPS gateways (no additional products required)

Threat Prevention Managed Security Service

Features:

Award-winning Check Point Technology

IPS, Anti-Bot and Antivirus Software Blades defend your network against both external and internal (bot) threats.

Check Point’s IPS Software Blade provides industry-leading IPS protection with breakthrough performance. This full-featured IPS solution provides real-time and preemptive protection against emerging threats and vulnerabilities.

Check Point’s Anti-Bot Software Blade detects infected hosts on your network with its unique multi-tier ThreatSpect™ engine. You get up-to-the-minute bot intelligence from Check Point’s knowledge base. It combines information on remote operator hideouts, botnet communication patterns and attack behavior to accurately identify bot outbreaks. It also prevents damage by blocking bot communication between infected hosts and the botnet’s command and control centers.

Check Point’s Antivirus Software Blade uses real-time virus signatures and anomaly-based protections from Check Point’s knowledge base to detect and block malware at the gateway, before users are affected.

Real-time Security Intelligence Feeds

AnchorPoint leverages Check Point’s collaborative network and cloud-driven knowledge base that delivers real-time dynamic security intelligence to security gateways. That intelligence is used to identify emerging outbreaks and threat trends. Since processing is done in the cloud, millions of signatures and malware protection can be scanned in real time.

Check Point’s knowledge base is dynamically updated using feeds from a network of global threat sensors, attack information from gateways around the world, Check Point research labs and the industry’s best malware feeds. Based on the resulting security intelligence, updated protections and signatures are created and transmitted to your Check Point gateway. In addition, correlated security threat information is available in your web-based Service Portal so that you can maintain a regional and global perspective of current threats.

24/7/365 Monitoring of Security Logs

Your security logs are uploaded and securely stored at the AnchorPoint data center for automated threat analysis – without generating any noticeable load on your Internet connection.

The logs are processed by an analytics engine that normalizes them into events, stores them in the database. They are then correlated with previous events and alerts on both your and other service subscribers’ gateways. A variety of rules are applied to decide whether a new alert needs to be generated.

Multiple Service Levels

You can choose a service level that fits your needs:

  • Monitoring & Alert Service (Standard and Premium) – The Standard level provides automated IPS log analysis and provides alerts to you when a significant event is detected. The Premium level adds the benefit of an AnchorPoint analyst reviewing all alerts in order to determine if immediate action is required; if this occurs, a ticket is generated. Both levels have the option of adding the Threat Prevention feature, which includes Anti-Bot and Antivirus log analysis.
  • Fully-Managed Threat Prevention Service (Elite) – Includes a dedicated Check Point security appliance, premium support including on-site replacement, licenses for the IPS, Anti-Bot, and Antivirus Software Blades, and remote management of the appliance.
Ticketing System

For subscribers to the Premium and Elite versions of the Threat Prevention Managed Security Service, an AnchorPoint Security expert analyst reviews all of your alerts, in order to verify the criticality of each one, and determine whether an immediate action is required.

If the analyst judges the alert to be critical (e.g., a real attack is now occurring, a vulnerability in your network has been discovered, or an infection is evident), the analyst opens a “ticket”.

Tickets document the interaction between the service SOC and you, and are kept open until the issue is resolved. All past tickets are available for review and discussion in the service portal. In cases that require immediate response, the SOC expert can also contact you by phone at your option.

Managed Security Service Web Portal

The Web Portal securely connects to the service’s web server, and provides you with several informative views of the activity on your gateway, event and alert occurrences, as well as the real-time security intelligence.

  • The Overview tab provides a summary of your status with the service: last 24 hours events and alerts, open tickets, pending alerts, blocked events, activity map, etc.
  • Information about current and past alerts that have been generated by the Service are searchable on the Alerts tab. You can quickly filter results using parameters such as Severity, time frame, source and destination IP address, etc.
  • The Events tab provides a similar capability for viewing security events that have occurred.
  • Premium and Elite subscribers have access to the Tickets tab, which shows past and present tickets and allows you to interact with the analyst handling a current ticket.
  • The Reports tab of the portal offers a variety of predefined reports about protections, events, alerts and attacks. Reports can run immediately, or you can schedule certain reports to run at a certain frequency and to be sent to specific users.
  • The Global tab of the portal provides attack information from the Check Point ThreatCloud intelligence database. It also offers you the option to run a report that compares your security statistics vs. the global one, as a benchmark for your organization’s security posture. In addition, it offers access to several blacklists of bad reputation IP addresses.
Periodic Policy Tuning

An AnchorPoint security expert tunes your gateway’s protection policy periodically, optimizing your security and throughput performance.

The frequency of tuning varies with the service level; for Standard customers, tuning is performed yearly. Premium and Elite customers receive quarterly protection tuning.

Service Level Agreements (SLAs)

Standard Premium Elite
Description Threat Prevention Monitoring and Alerting Service Export Assisted Threat Prevention and Alerting Service Full Threat Prevention Management Service
Blades supported IPS, Anti-Bol, Antivirus, Url Filtering, Application Control, & Threat Emulation IPS, Anti-Bol, Antivirus, Url Filtering, Application Control, & Threat Emulation IPS, Anti-Bol, Antivirus, Url Filtering, Application Control, & Threat Emulation
24*7*365 security alerts Automated Expert reviewed Expert reviewed
Responsive Time: -Critical, high severity -Medium, low severity -Customer inquiries 6 hours 30 minutes Quarterly digest 1 hour 30 minutes Quarterly digest 1 hour
Gateway ownership and management By customer By customer By Check Point
Managed Service Portal access Yes Yes Yes
Incident tracking & escalation No Yes Yes
Local and Global reports Standard Enhanced Enhanced
Protection policy tuning Half Yearly Quarterly Quarterly

Learn more about Unified Solutions