Security Management Portal (SMP)
Cost-effective and hosted managed security
SMP On-Demand introduces a fully-hosted central management and service provisioning platform that answers your needs as a Managed Security Service Provider (MSSP) targeting small-and-medium businesses (SMBs) and vertical markets. Delivered as a “Software-as-a-Service” (SaaS), it features an intuitive, Web-based user interface and uses robust and resilient fully-hosted architecture to support the management of up to thousands of Check Point Safe@Office gateways. Like SMP, it can easily be integrated with existing back-office systems to support existing business processes and provides a host of capabilities specifically tailored to increase your revenue, all with minimal upfront investment and low administrative and support costs.
Benefits
- Minimal upfront investment and simple licensing and ordering process
- Quick deployment to jumpstart your MSSP business
- Creates new revenue opportunities
- Reduces administrative overhead to lower operational costs
- Supports existing business processes
- Grows with your needs
Features
All-in-one hosted management solution
SMP On-Demand integrates a wide array of built-in managed services into a single turnkey solution:
- Network and firewall management
- Dynamic VPN management
- Gateway firmware updates
- URL filtering
- Gateway antivirus signature updates
- Integrated Anti-spam
- Logging, monitoring and reporting
- Notifications and custom alerts
- Dynamic DNS
These services enable service providers to deliver a flexible and comprehensive value-added managed security service offering to small businesses, while maintaining cost-effectiveness. SMP On-Demand allows complete remote management of all network security aspects and significantly reduces the need for onsite configuration and troubleshooting. In addition, Safe@Office gateways can be preconfigured before being shipped to the customer, thereby minimizing deployment time and costs.
Streamlined provisioning and maintenance
SMP On-Demand simplifies the deployment and maintenance of Safe@Office gateways by using group-based management tools. Administrators can define multiple service plans, each consisting of a template that defines the plan’s expiration date, gateway properties, VPN settings and security policy, as well as additional services such as antivirus protection, anti-spam and content filtering.
Once a subscription-based service plan has been defined, it can be associated with an unlimited number of Safe@Office gateways. Each gateway that is assigned a particular service plan inherits all of that plan’s properties, but specific aspects can be overridden if required. When the administrator updates the plan via the SMP On-Demand Web-based user interface, the changes are automatically applied to all the appropriate gateways. By eliminating the need to make repetitive policy changes to thousands of individual devices, SMP On-Demand delivers unparalleled scalability and time savings.
Granular role-based administration
SMP On-Demand provides a flexible and granular method for distributing management responsibility among a group of administrators, by dividing responsibilities according to type of service plan, customer or specific functional tasks. System administrators can create and customize user roles with a fine level of detail, specifying exactly which objects can be viewed, edited or created. All administrator activity is logged and reported, thus improving security by providing information that can identify unauthorized policy changes.
Integration with back-office operations
SMP On-Demand includes a comprehensive SOAP/XML standards-compliant API that allows easy integration with third-party billing systems, customer service applications and other third-party systems, so you can leverage your back-office infrastructure and support existing business processes.
Self-provisioning portal
SMP On-Demand provides the option of enabling a Web-based Self-Provisioning Portal (SPP) that allows customers to control certain aspects of their security services, thus reducing customer support overhead and operating costs. For example, customers can be permitted to change their personal details or to modify their list of Web Filtering categories.
Logging, reporting, monitoring and alerts
SMP On-Demand turns the vast amount of data collected from security devices into understandable information that can be used to demonstrate security services’ effectiveness and value-for-money to customers. Security reports are automatically generated and emailed to customers at predefined intervals and can also be viewed directly from the SMP On-Demand management interface. Security reports include information about blocked attacks, detected viruses, filtered Web sites, detected spam and more.
In addition, SMP On-Demand offers powerful real-time monitoring tools that enable you to see the status of the SMP On-Demand server and connected devices at a single glance. These tools include real-time load visualization graphs, status displays and customizable alerts. You can use real-time alerts and notifications to proactively support your customers and notify them of connection outages, VPN tunnel drops, or attacks, all before the customers become aware of these problems.
Automatic firmware updates
Ensuring that thousands of gateways all enforce the highest level of security can be a daunting administrative task. To alleviate this problem, Safe@Office gateways use “pull” technology for automatic and scheduled firmware updates: gateways automatically detect and download new firmware whenever it becomes available on the management server, instead of the management server initiating communications with each individual gateway. This reduces the load on the management server. In addition, updates can be scheduled to minimize gateway downtime, and administrators also have the option to override group settings and push unique firmware and settings to specific gateways.
Gateway user authentication management
SMP On-Demand can be used to remotely create and manage gateway administrator permissions, remote access VPN permissions, web filtering override permissions, hotspot authentication and remote desktop permissions.
Comprehensive web access policy
SMP On-Demand supports a URL-based Web Filtering service that allows businesses to create Web access policies based on up to 60 categories of objectionable or malicious Web sites. In addition, service providers can also use Web rules to define gateway-specific or global white and black lists that allow or block access to specific URLs. By providing two ways of filtering content, SMP On-Demand provides business owners with the flexibility to customize their Web Access policies to meet their needs.
Gateway antivirus
SMP On-Demand offers support for Safe@Office automatic gateway antivirus updates. By scanning traffic for security threats before it reaches the customer’s network, SMP On-Demand ensures the content entering the network is free of malicious code and that no bandwidth is wasted on downloading infected files.
Integrated anti-spam
SMP On-Demand anti-spam service relies on a global spam detection network that allows extremely rapid response to spam and phishing email outbreaks. The service offers three layers of protection: IP reputation checking, block/allow lists and content-based anti-spam, which complement each other and provide a comprehensive anti-spam solution that ensures protection against the heaviest spam attacks.
Dynamic VPN community management
Many businesses use Virtual Private Networks (VPNs) to secure traffic between headquarters and remote offices and users. However, VPN management can be a time-consuming and complex task. SMP On-Demand simplifies this by providing the Dynamic VPN (DVPN) module. In one step, administrators can define VPN communities and set security parameters for the entire VPN. By grouping a customer’s VPN endpoints in a community, the administrator can automatically create fully meshed, star and nested VPN topologies, establishing site-to-site tunnels between VPN peers. Once the VPN community is created, all changes to gateways and internal networks are distributed to the entire community with the click of a button. New sites that are added automatically inherit the appropriate properties and establish secure IPSec sessions with the rest of the community. To ensure strong security in site-to-site VPN communications, the SMP On-Demand internal Certificate Authority (CA) automatically issues X.509 digital certificates to all Safe@Office gateways that are part of a DVPN community and renews the certificates as needed.
Integrated dynamic DNS
Tracking and monitoring customer gateways that use dynamic IP addresses can be difficult, since their IP addresses change each time they connect to the Internet. SMP On-Demand alleviates this issue by fully supporting the management and monitoring of dynamically addressed gateways. SMP On-Demand can act as a secure Dynamic Domain Name Service (Dynamic DNS or DDNS) server, which constantly checks and updates the mapping of a domain name to a gateway’s corresponding IP address. Each time the gateway’s IP address changes, Dynamic DNS maps the domain name to the new IP address. With SMP On-Demand, service providers can become Dynamic DNS providers for gateway owners, without any need for third-party providers.
Technical Specifications
| Supported Services |
|
| Integration |
|
| SKUs | SMP On-Demand Base Annual Pack for 50 Gateways, including antivirus and firmware updates |
SMP On-Demand Annual Extension Pack for Additional 10 Gateways, including antivirus and firmware updates |
|
1 Year of Category-based Web Filtering – 5 Nodes |
SCALABILITY
|
MANAGED DEVICES
|