Check Point SmartWorkflow

The Check Point SmartWorkflow Software Blade provides a seamless and automated process for policy change management that helps administrators reduce errors and enhance compliance. Enforce a formal process for editing, reviewing, approving and auditing policy changes from a single console, for one-stop, total policy lifecycle management.

Benefits
Features
Specifications

Increase security with total visibility and control of policy changes

Automatic, formal process for tracking, approving and auditing policy changes
Flexible authorization conforms to established company approval processes
All policy changes are made from Check Point's unified SmartDashboard console

Enhanced compliance and increased operational efficiency

Stay compliant by maintaining visibility and control of constantly changing policy
Advanced auditing and reporting tracks the evolution of policy changes
Streamlined change management reduces errors and saves administrator time

Flexible and extensible Software Blade for simple, cost-effective deployment

Easy one-click activation on any Check Point security management server
Deploy SmartWorkflow within your existing security environment or infrastructure
Flexible Software Blade Architecture allows deployment without capital costs

Single-console for Total Security Change Management

Via the SmartDashboard graphical user interface, the SmartWorkflow Software Blade provides an intuitive and easy-to-use security management console to centrally manage the editing, reviewing, approving and auditing of policy changes.

Automated Security Change Management

Administrators can automatically track changes made to rule bases, network objects, security policies, users, administrators, groups, OPSEC applications, VPN communities and servers.

Administrators have a constant need to make firewall changes. These changes are often done manually and hurriedly and can result in mis-configurations and duplication of rules. The SmartWorkflow Software Blade helps administrators track these changes in entities called sessions—logical units that contain a set of changes made within SmartDashboard. Administrators can track changes made to rule bases, network objects, security policies, users, administrators, groups, OPSEC applications, VPN communities and servers.

Visual Change Tracking and Reporting

Changes made to rules and objects are easily viewed in SmartDashboard, enabling administrators to review the impact on the entire rule base. Administrators can scroll through the changes in chronological order or generate a summary change report.

Changes made to rules and objects are easily viewed in SmartDashboard, enabling administrators to review the impact of the changes on the entire rule-base.

View Chages to Rule Base

Figure 1: Easily view changes made to the rule base

Administrators can scroll through the changes in chronological order or they can generate a summary change report that provides a comprehensive picture of the changes that were made during the current session. Clicking on a link in the “name” column of the summary change report will generate a detailed list of how the specific object has changed, who changed it as well as the previous time it was modified and by whom.

Policy Change Summary Report

Figure 2: Policy change summary report

Session Approval & Flexible Authorization

SmartWorkflow adds an extra layer of security by requiring a manager’s approval before installing a changed security policy. It can also adapt to existing change management approval processes with flexible approval configurations.

SmartWorkflow adds an extra layer of security by requiring a manager’s approval before installing a changed security policy (the “four-eyes” principle). Authorized managers can either approve the session or request that modifications be made to the session.

In addition, SmartWorkflow can adapt to existing change management approval processes. It can be configured so that only managers can approve a change or the administrator can approve his own changes or, in the case of an emergency, it can be configured so that a policy can be installed without official approval and the appropriate password.

Policy Revisions and Baseline Comparisons

Manager cans review the objects that were added, changed or deleted and compare these changes to the security policy that is currently installed. Managers can also review the changes between any two sessions or the changes of a single session.

Prior to approving a session, a manager can review the security configuration change summary report and see the objects that were added, changed or deleted and compare these changes to the security policy that is currently installed. In addition, via the SmartDashboard “read-only” mode, managers can review the changes between any two sessions or they can view the changes of a single session.

Audit Trails

SmartWorkflow enables administrators to track changes that have been made to objects, security policies and session events over an extended period of time. These changes are recorded in Check Point SmartView Tracker as audit logs.

Integrated into Check Point Software Blade Architecture

The SmartWorkflow Software Blade is fully integrated into the Software Blade architecture, saving time and reducing costs by allowing customers to quickly expand security protections to meet changing requirements.

The SmartWorkflow Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point security management servers, saving time and reducing costs by leveraging existing security infrastructure.

Specifications

Feature	Detail
Session-based Policy Changes	Security policy changes are done in the context of a session Notes can be added to sessions for clarification Changes made within a session can be discarded Sessions submitted for approval are “locked” for editing
Flexible Authorization	Role-based approval (“four eyes” principle) Self-approval Emergency bypass (requires password)
Policy Installation	Only approved policies can be installed Installation email notification
Highlighting	Changes highlighted in Check Point SmartDashboard List of changes in SmartDashboard
Reports	Report of session changes in HTML format Reports can be saved/emailed/printed
Session Information Tracking	Session information pane with session info, notes and list of changes Review changes in sequential order
Session Tracking	View all sessions created View session changes View session status (pending, approved, rejected, etc.)
Session Comparison	Compare changes between different sessions Compare changes between installed session and an approved session
Comprehensive Auditing	Every step in session is logged (session creation, submission, approval/rejection, installation) Every change created within a session generates an audit log All session audit logs have a session ID for session filtering All session audit logs contain change description: old/new value, session information, admin information Session audit logs are sent to Check Point SmartView Tracker All changes to objects generate an audit log All changes to rules generate an audit log
Check Point Management Integration	Seamless integration with Check Point Network Policy Management Check Point Multi-Domain Security Management (Provider-1) support Track changes for CMAs Track changes on global policy
Internet Protocol Version	IPv6 and IPv4

We'd Like to Help!

Call US Sales 1-866-488-6691
Contact Us
Find a Reseller

Products A-Z
- Appliances
- Appliances Overview
- 600 Appliances
- 1100 Appliances
- 2200 Appliances
- 4000 Appliances
- 12000 Appliances
- 21000 Appliance
- 61000 Security System
- DDoS Protector Appliances
- SecurityPower
- Secure Web Gateway Appliance
- Threat Prevention Appliance
- Series 80
- UTM-1 Edge
- IP Appliances
- Virtual Systems
- Safe@Office
- Smart-1
- Smart-1 SmartEvent
- Integrated Appliance Solution
- IAS Bladed Hardware
- Software Blades
- Software Blades Overview
- Security Gateway
- Firewall
- IPSec VPN
- IPS
- Mobile Access
- Application Control
- Identity Awareness
- DLP
- Web Security
- URL Filtering
- Anti-Bot
- Antivirus
- Anti-Spam & Email Security
- Advanced Networking & Clustering
- Voice over IP (VoIP)
- Threat Prevention
- ThreatCloud™
- Security Management
- Compliance
- Network Policy Management
- Endpoint Policy Management
- Logging & Status
- SmartWorkflow
- Monitoring
- Management Portal
- User Directory
- SmartProvisioning
- SmartReporter
- SmartEvent
- Multi-Domain Security Management
- Virtualization Security
- Security Gateway Virtual Edition
- Cloud Security
- Virtual Appliance for Amazon Web Services
- Security Systems
- Security Systems Overview
- Endpoint Security
- Endpoint Security
- Full Disk Encryption
- Media Encryption
- Anti-Malware & Program Control
- Remote Access VPN
- Firewall & Compliance
- Check Point WebCheck
- Check Point GO
- Solutions
- Remote Access
- Consumer Products
- ZoneAlarm Antivirus
- ZoneAlarm ForceField
- ZoneAlarm Internet Security Suite

Resources