Global Asset Management Company
Check Point CloudGuard IaaS for NSX allows us to micro-segment our data center and protect traffic at a granular / the segment level. Before, it was very difficult to segment and apply policy to inter-VLAN traffic. The biggest ROI we’ve seen is the ability to capture all of that internal traffic and extend the same security policies on our physical perimeter gateways across the whole infrastructure.
The company serves more than 19 million clients worldwide with industry-leading retirement plans, Employee Stock Ownership Plans (ESOPs), deferred compensation plans, and insurance offerings. Businesses, governments, institutions, and individuals turn to it to help them achieve their financial goals. Founded in the U.S., the company operates in Asia, Europe, Australia, Latin America, and North America.
Investing in the Cloud for Added Agility
Financial services organizations, such as insurance companies, investment banks, and asset managers, realize that extracting value from “big data,” will make them more successful and competitive driving new revenue streams and cost efficiencies. With this vision or goal, in-house development teams are creating new financial models and algorithms by tapping into unstructured data sources, machine learning, and predictive analytics capabilities. This helps asset manager’s development teams as they needed more agility and flexibility as they developed and tested new applications in short time frames.
“Our developers want to be able to quickly spin up a virtual environment for testing or Quality Assurance (QA) purposes and then spin them down just as quickly,” said the Senior IT Network Analyst for the asset management firm. “They need workloads at some times and not others, so we’re moving to a private cloud model for more hosting flexibility to service these dynamic compute requirements.”
The firm’s security infrastructure team already managed firewalls and rules, proxies, and remote access using Check Point solutions. However, as they deployed a VMware NSX private cloud environment, they needed to secure it while maintaining security for their existing data center applications.
“We have a number of home-grown, proprietary applications that we will not move to the cloud,” said the Senior IT Network Analyst. “We wanted the ability to segment and protect applications, regardless of whether they are hosted in our traditional data center or in the cloud without compromising security for either environment.”
Orchestrating the Migration
The team looked at several potential solutions for securing their private cloud environment before choosing Check Point CloudGuard for VMware NSX, which protects internal data center (east-west) traffic with multi-layered protections. It transparently enforces security between virtual machines at the network level, automatically quarantines infected machines for remediation, and provides comprehensive visibility into virtual network traffic patterns and threats.
“Check Point CloudGuard for VMware is a more robust solution than others we evaluated,” said the Senior IT Network Analyst. “CloudGuard IaaS gives us the deep packet inspection we wanted, as well as the orchestration and automation we’re looking for.”
What’s more, the team deployed VMware NSX ahead of schedule, deciding to deploy Check Point CloudGuard for NSX without vendor or partner assistance. With the help of the administrator’s guide, they had the NSX cloud environment secured in under an hour. In addition, they transformed existing physical Check Point gateways into CloudGuard IaaS gateways using the Check Point R80 Hotfix feature for CloudGuard IaaS.
“We wanted to leverage the existing rule set and management orchestration that we already had,” said the Senior IT Network Analyst. “Now we’ve automated the entire NSX infrastructure to enable automated traffic redirection through the CloudGuard IaaS gateways simply by assigning resources to security groups.”
Extending Knowledge and Current Processes
The asset management company already had Check Point security gateway capabilities like firewall, antivirus, URL filtering, application control, intrusion prevention, and URL filtering capabilities enabled for its data center environment. Check Point CloudGuard for NSX not only extends those protections to the private cloud, it greatly simplified overall security management. Within NSX, the team redirects all traffic to Check Point CloudGuard IaaS virtual gateway, enabling continuous security protection and management through a single pane of glass. The Check Point R80 management console gives the lean operations team one place to go for consolidated management, correlation, and logging.
“Check Point CloudGuard for NSX allows us to micro-segment and protect our data center,” said the Senior IT Network Analyst. “Before, it was very difficult to segment and apply security protections to inter-VLAN traffic. The biggest ROI we’ve seen is the ability to capture all of internal data center traffic and extend the same security policies on our physical gateways across the whole physical and cloud infrastructure.”
Partnering for Protection
As the security landscape evolves, the asset management company values Check Point in helping them navigate the changes and gain confidence and peace of mind. Looking ahead, they plan to try Check Point SandBlast Threat Emulation and Threat Extraction capabilities.
“Check Point is a trusted solution partner, not just a security help desk to call,” said the IT Network Analyst Senior. “Check Point listens to your concerns, drives the needed changes, and helps you achieve your overall business and technical goals and results. Check Point CloudGuard for NSX is an ideal solution for organization that needs to secure their private cloud.”
“Check Point CloudGuard for VMware is a more robust solution than others we evaluated. CloudGuard IaaS gives us the deep packet inspection we wanted, as well as the orchestration and automation we’re looking for.”
— IT Network Analyst Senior, Global Asset Management Company
“Check Point is a partner, not just a help desk to call. They’re people who can listen to your concerns, drive home change, and help you achieve results. I would recommend Check Point CloudGuard for NSX to anyone looking to secure their private cloud.”
— IT Network Analyst Senior, Global Asset Management Company