Landkreis Augsburg was created in 1972 from portions of the former districts of Augsburg, Schwabmünchen, Wertingen, Donau-Ries, and Neuburg-Schrobenhausen. Home to 254,000 people, the district includes 46 towns, markets and communities. Landkreis Augsburg is also an innovation engine, attracting industrial, commerce and service organizations.
Supporting Hyperscale Growth
The beautiful Landkreis Augsburg offers a rich range of social, economic and mobility services to its citizens, businesses and visitors. Services are delivered through the district’s main office in Augsburg, as well as through 14 other locations. It’s the IT team’s responsibility, to provide Internet access, digital capabilities and security to these locations, as well as to 17 schools and 19 local communities.
One Check Point firewall cluster had provided on-premises perimeter security between the district’s local networks and Internet access point. The cluster supported approximately 1,000 endpoints and 2,000 Windows devices. However, rapid growth was taxing its capabilities. At the same time, the district continuously expands its offerings to add new capabilities, which must be secured.
A second firewall cluster secured the school networks. In addition to school rooms and labs (about 3,000 Windows devices), the firewalls secured wi-fi networks with approximately 6,000 clients—most of which are bring-your-own-devices owned by teachers and students. All need access to the Internet for coursework and other resources.
“Rapid growth was beginning to tax our firewalls”, said Johannes Reitschuster, Deputy IT Director and Team Lead for Landkreis Augsburg. “Endpoints were being added and we were planning to increase our internet bandwidth capacity. We didn’t want security to become a bottleneck.”
It was time, to find a hyperscale solution. A Europe-wide tender was issued, looking for solutions that offered scalability without impact to performance. The new solution had to integrate easily with a high-availability data center strategy, be easy to manage and above all—scale on demand to easily accommodate future requirements. Only Check Point could provide a solution.
The Best Protection with the Most Flexibility
“Check Point Maestro Hyperscale Orchestrator and Quantum Security Gateways gave us unmatched protection and scalability”, said Reitschuster. “No other solution came close to its power and ease of use.”
Check Point Maestro orchestrates Quantum security gateways into a unified system with on-demand scalability. It provides cloud-level resilience, high availability and reliability to the district’s on-premises environments with simple installation and management. Maestro also met the district’s requirements for full active-active redundancy.
Check Point Quantum security gateways with SandBlast zero-day protection provide a full spectrum of security services with industry-leading, real-time protection against the latest threats and attacks. The district uses the firewall, IPS, anti-virus, anti-bot, https inspection, application control, URL filtering, Threat Extraction (content disarm and reconstruction), Threat Emulation sandboxing and data loss prevention blades. Now, Reitschuster’s team can scale up network throughput to 1.5Tbps of threat prevention capacity to protect networks across the district — where and when needed.
The team used the Check Point Maestro Jump Start online course to quickly become acquainted with Maestro. They also chose Check Point PRO Support for ongoing monitoring and reporting. Check Point Premium PRO Support combines security expertise with machine intelligence for proactive 24x7x365 monitoring of the hyperscale implementation. PRO Support augments Reitschuster’s team, delivering proactive ticket creation, professional reporting with alerts and remediation through the dashboard.
“We installed the Quantum security gateways and Maestro partially on our own”, said Reitschuster. “The Check Point Professional Service team wrote a method of procedure for us and reviewed our configuration on the first day. The next day we cut over 17 schools on our own.”
Check Point Professional Service worked with Reitschuster’s team to cut over the district and local communities. With a few adjustments to the existing ruleset, the cutover went flawlessly.
“We could use our existing security ruleset and management tools”, said Reitschuster. “Installation and configuration was fast. The Check Point Professional Service Team said it was the fastest cutover they’d seen.”
A Complete Success
Landkreis Augsburg described the new solution as a complete success — from planning and installation to cutting over its production environment and being supported during the entire process. The deployment also included an upgrade to Check Point R81 Security Management. Reitschuster’s team easily leveraged his existing familiarity with Check Point while simplifying security management. Check Point R81 prevents threats autonomously. When combined with PRO Support, the district’s team is freed from daily routine monitoring and management while gaining full threat visibility and control. Gateways automatically optimize themselves and the team can deploy policy or change rules in seconds.
“The management system is so easy to use”, said Reitschuster. “You can drag and drop objects to rules. We have excellent logging, which is really helpful for researching attacks. And multiple staff members can use the management console simultaneously without affecting each other’s work.”
Check Point PRO Support has been invaluable to the team. If an issue is detected, a Check Point expert contacts Reitschuster’s team — before downtime occurs. Check Point PRO works with the team for resolution and also delivers an overview of overall security, diagnostics, and actionable insights.
“We had a system process quit and reboot”, said Reitschuster. “The Check Point PRO team had already seen it, automatically opened a ticket, and then notified us. Together, we quickly resolved the issue with the TAC. Proactive support is great and it was a really good experience.”
With Quantum security gateways, the district has successfully defended against many different attacks. When the Log4J vulnerability was reported, Reitschuster and his team could easily see attacks in the logs. At the same time, Check Point was notifying the Landkreis Augsburg team to keep them informed while the security gateways automatically updated with the latest IPS signatures to instantly prevent exploits.
“Check Point gives us a much better feeling about security”, said Reitschuster. “We have a safer Internet connection for our users with state-of-the-art protection and outstanding performance.”
Bring on the Future
Check Point Maestro and Quantum security gateways have successfully future-proofed the district’s security, making it ready for continued growth and new user requirements. With the capacity and performance needed to grow security on demand, Reitschuster’s team is fully equipped.
“Check Point has given us scalability with investment protection”, said Reitschuster. “For a local government, that’s vital. We can grow quickly and effortlessly with confidence.”