What is our primary use case?
We use Check Point Infinity to protect our organization against the latest generation cyber-attacks, characterized by large-scale spread and fast movement across multiple attack vectors.
These sophisticated attacks are on mobile devices, endpoints, cloud, and various enterprise networks. They easily bypass the conventional, static detection-based systems used by organizations today.
The legacy perimeter-focused security approaches have become ineffective. The outdated assumption that everything inside the security perimeter can be trusted leaves organizations exposed for vulnerability and attack.
To protect the organization, we need to move up to the latest generation of cybersecurity tools. These combine real-time threat prevention, shared intelligence, and the most advanced zero-trust security across network, cloud, endpoint, and mobile devices.
How has it helped my organization?
Rebuilding security infrastructure around the Zero Trust approach, using disparate technologies might lead to complexities and inherent security gaps. To avoid errors and provide robust security, Check Point offers more practical and holistic approaches to implement Zero Trust. It is based on a single consolidated cybersecurity architecture, Check Point Infinity.
Check Point provides different solutions to protect organizations at each level. They have products that can work in a silo or can be integrated with other security solutions to enhance security by mitigating risk and providing a dashboard for monitoring.
Generated logs can be sent to a SIEM solution, where a use case or action can be defined against raised alerts. Automated policies/processes can be created accordingly.
For example, if we need to block communication from a suspicious IP for which an alert has been raised, and send it to ServiceNow. We can create a playbook on the ServiceNow platform for raisings an alert, which will instruct the NGFW firewall to block the connection.
What is most valuable?
The Check Point Infinity security architecture enables organizations to fully implement all of the Zero Trust Principles.
Zero Trust Security, Check Point Infinity is an architecture provided by Check Point that includes a solution for protecting organizations at different levels.
Zero Trust Networks: The Check Point Security Gateway enables micro-segmentation across the organization's network. Integration with Identity awareness and Application Control enables policy enforcement at a granular level.
Zero Trust Workloads: Protect workloads hosted in private and public clouds, enforce compliance, detect and remediate misconfiguration.
Zero Trust People: Identity awareness enables granting access to data for authorized users with SSO and MFA.
Zero Trust Devices: Sandblast Agent Endpoint and Check Point Sandblast Mobile protect employees' mobile devices and workstations from advanced attacks, Zero-day malware, malicious app installation, and more. Network-based threat prevention protects devices from threats that are coming from the network and vice versa.
Zero Trust Data: Protect data by performing full hard disk encryption on endpoint and external media encryption on all removable storage media. Data shared to external partners over the Internet is encrypted by site-to-site VPN and client-to-site VPN.
Visibility and Analytics: The Check Point attack dashboard allows for immediate response to security incidents and provides real-time forensics for investigating events.
Automation and Orchestration: Security architecture integration with organization border IT environment enhances speed and agility, incident response, policy accuracy, and task delegation.
What needs improvement?
The licensing model for Check Point Infinity is not clear. As infinity licenses are based on the number of users, it confuses larger organizations, where not every user needs every service.
For an organization size of more than 100,000 users, where only a few users need to have access to SandBlast Mobile for protecting their BYOD devices against threats, and there are a few users that need Capsule to access corporate data, and in addition, if the organization needs to protect all of the user's email accounts using Check Point Email Security, then it creates issues in terms of the license count. It is confusing when it comes to figuring out how to fulfill the requirements.
What do I think about the stability of the solution?
Check Point solutions are stable.
What do I think about the scalability of the solution?
It's a framework, so it is scalable.
How are customer service and technical support?
The technical support is excellent.
Which solution did I use previously and why did I switch?
We are using this solution to provide having security at each level of the environment.
How was the initial setup?
Different solutions or products from Check Point are involved for creating complete this security framework.
What about the implementation team?
We deployed with an in-house team with OEM support.
What's my experience with pricing, setup cost, and licensing?
Check Point should provide an enterprise-wide license where the organization should be provided free hand of using any license or services for an agreed period of time (EULA).
Which other solutions did I evaluate?
We have worked with different products from Check Point and other security solutions.
What other advice do I have?
This is a security architecture. Organizations can use different Check Point solutions for protecting different environments, such as the network, email, endpoints, and more.
Which deployment model are you using for this solution?