Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Security Management Portal (SMP)

Cost-effective managed security

Security Management Portal (SMP) introduces a central management and service provisioning platform that answers your needs as a Managed Security Service Provider (MSSP) targeting SMBs and vertical markets. It features an intuitive, Web-based user interface and uses robust and resilient architecture to support the management of up to tens of thousands of Check Point Safe@Office gateways. SMP can easily be integrated with existing billing, CRM and other back-office systems to support existing business processes and provides a host of capabilities specifically tailored to increase your revenue with minimal administrative and support costs.

Key Benefits

  • Creates new revenue opportunities
  • Reduces administrative overhead to lower operational costs
  • Supports existing business processes
  • Enhances brand awareness
  • Demonstrates added value
  • Grows with your needs

Features

All-in-one managed services solution
SMP integrates a wide array of built-in managed services into a single turnkey solution:

  • Network and firewall management
  • Dynamic VPN management
  • Gateway firmware updates
  • Antivirus and anti-spam
  • URL filtering
  • Gateway antivirus signature updates
  • Logging, monitoring, and reporting
  • Notifications and custom alerts
  • Dynamic DNS
  • Vulnerability scanning

These services enable service providers to deliver a flexible and comprehensive value-added managed security service offering to small businesses, while maintaining cost effectiveness. SMP allows complete remote management of all network security aspects and significantly reduces the need for onsite configuration and troubleshooting. In addition, Safe@Office gateways can be preconfigured before being shipped to the customer, thereby minimizing deployment time and costs.

Streamlined provisioning and maintenance
SMP simplifies the deployment and maintenance of Safe@Office gateways by using group-based management tools. Administrators can define multiple service plans, each consisting of a template that defines the plan’s expiration date, gateway properties, VPN settings and security policy, as well as additional services such as antivirus protection and content filtering.

Once a subscription-based service plan has been defined, it can be associated with an unlimited number of Safe@Office gateways. Each gateway that is assigned a particular service plan inherits all of that plan’s properties, but specific aspects can be overridden if required. When the administrator updates the plan via SMP’s Web-based user interface, the changes are automatically applied to all the appropriate gateways. By eliminating the need to make repetitive policy changes to thousands of individual devices, SMP delivers unparalleled scalability and time savings.

User-friendly management
SMP includes a user-friendly, Web-based interface, which allows you to provide efficient customer support and reduce customer representative training costs. The tree-based interface provides an intuitive display for viewing and editing service plans, customers, gateways, VPN communities and security policies. The interface also provides a single, centralized snapshot of all rules, objects, logs, statuses and alerts for Safe@Office gateways.

Granular role-based administration
SMP provides a flexible and granular method for distributing management responsibility among a group of administrators by dividing responsibilities according to type of service plan, customer or specific functional tasks. System administrators can create and customize system user roles with a fine level of detail, specifying exactly which objects can be viewed, edited or created.

All administrator activity is logged and reported, thus improving security by providing information that can identify unauthorized policy changes.

Integration with back-office operations
SMP includes a comprehensive SOAP/XML standards-compliant API that allows easy integration with third-party billing systems, customer service applications and other third-party systems so you can leverage your back-office infrastructure and support existing business processes.

Self-provisioning portal
SMP provides the option of enabling a Web-based Self-Provisioning Portal (SPP) that allows customers to control certain aspects of their security services, thus reducing customer support overhead and operating costs. For example, customers can be permitted to change their personal details or to modify their list of Web Filtering categories.

Logging, reporting, monitoring and alerts
SMP turns the vast amount of data collected from security devices into understandable information that can be used to demonstrate security services’ effectiveness and value-for-money to customers. Security reports are automatically generated and emailed to customers at predefined intervals and can also be viewed directly from the SMP management interface. Security reports include information about blocked attacks, detected viruses, filtered Web sites, detected spam and more.

In addition, SMP offers powerful real-time monitoring tools that enable you to see the status of the SMP server and connected devices at a single glance. These tools include real-time load visualization graphs, status displays and customizable alerts. You can use real-time alerts and notifications to proactively support your customers and notify them of connection outages, VPN tunnel drops or attacks, all before the customers become aware of these problems.

Resilient management infrastructure
SMP provides a fully redundant management infrastructure that enables extensive control of customer security. Service providers can deploy more than one management server in a NOC with full load balancing and automatic failover, thereby enabling around the clock business availability, fault tolerance, high performance and scalability.

Automatic firmware updates
Ensuring that thousands of gateways all enforce the highest level of security can be a daunting administrative task. To alleviate this problem, Safe@Office gateways use “pull” technology for automatic and scheduled firmware updates: gateways automatically detect and download new firmware whenever it becomes available on the management server, instead of the management server initiating communications with each individual gateway. This reduces the load on the management server. In addition, updates can be scheduled to minimize gateway downtime, and administrators also have the option to override group settings and push unique firmware and settings to specific gateways.

Virtual portal management
Service providers, value-added resellers (VARs) and system integrators can leverage their SMP deployment to create new business opportunities, in which they provide turnkey security management solutions to their business partners. SMP owners can create multiple virtual portals, each representing a “virtual SMP”, and sell them to partners that directly target end users in the SMB market segment. Such a business model allows SMP owners to further extend their product and service offering, while generating new revenue opportunities.

Gateway user authentication management
SMP can be used to remotely create and manage gateway administrator permissions, remote access VPN permissions, web filtering override permissions, hotspot authentication and remote desktop permissions.

Comprehensive web access policy
SMP supports a URL-based Web Filtering service that allows businesses to create Web access policies based on up to 60 categories of objectionable or malicious Web sites. In addition, service providers can also use Web rules to define gateway-specific or global white and black lists that allow or block access to specific URLs. By providing two ways of filtering content, SMP provides business owners with the flexibility to customize their Web Access policies to meet their needs.

Antivirus and anti-spam
SMP can ensure the content entering the network is scanned for viruses and spam. SMP offers support for Safe@Office automatic gateway antivirus updates and features a centralized, network-based email antivirus and anti-spam scanning solution. The integrated anti-spam service allows scanning email traffic for security threats before they ever reach the customer’s network, SMP ensures the content entering the network is free of malicious code and no bandwidth is wasted on downloading infected files.

Dynamic vpn community management
Many businesses use Virtual Private Networks (VPNs) to secure traffic between headquarters and remote offices and users. However, VPN management can be a time-consuming and complex task. SMP simplifies this by providing the Dynamic VPN (DVPN) module. In one step, administrators can define VPN communities and set security parameters for the entire VPN. By grouping a customer’s VPN endpoints in a community the administrator can automatically create fully meshed, star and nested VPN topologies establishing site-to-site tunnels between VPN peers. Once the VPN community is created all changes to gateways and internal networks are distributed to the entire community with the click of a button. New sites that are added automatically inherit the appropriate properties and establish secure IPSec sessions with the rest of the community. To ensure strong security in site-to-site VPN communications, the SMP internal Certificate Authority (CA) automatically issues X.509 digital certificates to all Safe@Office gateways that are part of a DVPN community and renews the certificates as needed.

Vulnerability scanning service
SMP integrates with a Vulnerability Scanning Service (VSS) that scans subscriber networks for security vulnerabilities. Vulnerability scanning reports include information about security vulnerabilities and information obtained by port scanning and can be generated automatically at user-defined intervals and emailed to customers. These reports are HTML-based and customizable and are an excellent tool for a service provider to demonstrate the added value

Integrated dynamic DNS
Tracking and monitoring customer gateways that use dynamic IP addresses can be difficult since their IP addresses change each time they connect to the Internet. SMP alleviates this issue by fully supporting the management and monitoring of dynamically addressed gateways. SMP can act as a secure Dynamic Domain Name Service (Dynamic DNS or DDNS) server, which constantly checks and updates the mapping of a domain name to a gateway’s corresponding IP address. Each time the gateway’s IP address changes, Dynamic DNS maps the domain name to the new IP address. With SMP, service providers can become Dynamic DNS providers for gateway owners, without any need for a third party provider.

Specifications

Supported Services
  • Firewall Management
  • VPN Management
  • Gateway Management
  • VStream Antivirus Updates
  • Real-time Monitoring
  • Automated Firmware Updates
  • Dynamic DNS
  • Role-based Permissions
  • Logging and Reporting
  • Web Filtering
  • Vulnerability Scanning
  • Built-in Customer Database
  • Customer Emailing
  • Self-Provisioning Portal
Integration
  • SOAP/XML API
  • XML Import/Export
  • LDAP Integration
Operating Systems
Microsoft Windows 2000/2003 Server
Directory Servers
  • Microsoft Active Directory
  • Sun iPlanet Directory Server
SKUs
Security Management Platform (SMP) - 10 Gateways
Security Management Platform (SMP) - 50 Gateways
Security Management Platform (SMP) - 250 Gateways
Security Management Platform (SMP) - 500 Gateways
Security Management Platform (SMP) - 1000 Gateways
Security Management Platform (SMP) - 5000 Gateways
1 Year of Gateway Software Updates - 5 Nodes
1 Year of Gateway VStream Antivirus Signature Updates - 5 Nodes
1 Year Category-based Web Filtering - 5 nodes
Security Management Platform (SMP) - 10 Gateways

SCALABILITY

  • Scalable to tens of thousands of devices
  • Automated server load balancing
  • Automated server failover
  • Profile-based management
  • Batch updates

MANAGED DEVICES

  • Check Point Safe@Office
  • ZoneAlarm® Secure Wireless Router Z100G
  • Check Point UTM-1™ Edge
  • Nokia IP30/IP40/IP60
  • NEC SecureBlade

Next Steps

Resources

Related Products