Major Aerospace Company
This major aerospace customer is a leader in technologically advanced and intelligent solutions for the global aerospace and defense industry. Over its long history, the Company has developed the capabilities, comprehensive portfolio, and expertise to solve its customers’ toughest challenges.
Delivering End-to-End Security in a Fast-Changing, Highly Regulated Environment
When charged with upgrading the Company’s security infrastructure to meet Gen V and future cyber threats, the Company’s security team knew it would not be an easy task. The Company’s network infrastructure consists of almost a dozen nodes spread around the globe, capable of delivering massive bandwidth to any link. On any particular link, bandwidth can spike from one to 10 gigabits per second for long periods, often multiple times a day. The network is fully redundant, with high availability, low latency and instant scalability mandated to meet customer Service Level Agreements (SLA’s).
The security team had to find a solution that would allow them to scale on demand and stay secure in the face of these dynamically changing bandwidth requirements or overall latency would increase, thus violating customer SLA’s.
As the IT Security Manager explained, “We protect all data in transit to make sure what is inside, stays inside. It is no longer enough to protect just North-South traffic; we have to secure East-West traffic as well, along with addressing insider security threats that are becoming more and more prevalent in our industry.”
Check Point is the Clear Winner in a Highly Contested Trial
To find a solution that could meet their current and future needs, the security team decided to hold a “Next-Generation Firewall Bake-Off.” The Company wanted a single security vendor so as to avoid any “finger-pointing” in case of potential issues. They also sought a supplier with a proven track record of releasing cutting-edge technology that addressed new types of threats. The team invited five leading security companies to compete in a rigorous trial.
Check Point emerged as the clear winner.
“The 6500 Firewalls, along with the Maestro Hyperscale Orchestrator and R80 Unified Security Management, stood far above the competition,” the Security Manager summarized. “Maestro allows us to scale our throughput up or down instantly as required by our customers.”
The 6500 Next Generation Firewalls provided the foundation of the company’s security architecture. In addition to the Check Point Intrusion Protection System (IPS), the team enabled Site-to-Site VPN, Mobile Access, Application Control, URL Filtering, Content Awareness (data security), Identity Awareness, Anti-Bot, and Anti-Virus Protection. These features stopped virtually all incoming attacks.
With more than 120 6500 Firewalls required to support traffic loads, the security team concluded that the Maestro Hyperscale Orchestrator was the best solution for their critical need to provide near-instantaneous flexibility and scalability across their network’s multiple nodes. Based on Check Point’s patented HyperSync technology, Maestro’s N+1 clustering allows firewall capacity to be added or reduced without physically changing hardware. This design also provides the high-availability and low-latency requirements of the Company’s customers by load-balancing among the clustered 6500 Firewalls, thus optimizing customer investment while providing full redundancy.
“Check Point’s Maestro Hyperscale Orchestrator allows us to add capacity on the fly, allowing us to optimize our network and provide the customer with the best experience and lowest latency possible,” the Security Manager emphasized.
The selection of the Check Point R80 Unified Security Management system became a critical piece in meeting the security challenges the team set out to address. With the R80 features, the team members finally had the tools they needed to monitor their network, respond proactively to potential issues, as well as to develop and test new changes before implementing them in the production environment.
“R80 gives us a single pane of glass to look through instead of needing to look in multiple locations,” said the Security lead. “And because it acts as a single, unified system with the Maestro, we can now implement policies that follow the frequent changes we make in our network, making our work much easier.”
With R80 Unified Security Management system overseeing the Maestro Orchestrator and managing their ever-changing 6500 Firewall requirements, the Company’s security team felt they had implemented a solution that met today’s needs and would continue to do so far into the future.
New 6500-Based Security Solution Yielded Immediate Results
The security team realized immediate benefits from their new installation. Check Point 6500 Firewalls now not only guarded the entire company against Gen V attacks, but protected customer and employee data as well. The selection of Check Point resulted in a much more efficient security infrastructure, increasing user uptime, and reducing workload across the entire IT group.
Maestro: Bringing Cloud Benefits to On-Premises Installations
Before installing the Maestro Hyperscale Orchestrator, increasing capacity often meant adding new hardware. It was a time-consuming exercise that could impact overall network performance. Maestro allowed the security team to manage firewall capacity remotely, removing any potential throughput issues.
Explained the Company’s Security Manager: “No longer is the firewall a potential choke-point in our network. With Maestro, we can scale security throughput right along with network and data demand. It’s scalable, just like our network is.”
Additional Insight with R80 Unified Security Management
Security engineers at the Company now feel they are ahead of the game. With R80 Unified Security Management, they can change policies dynamically and with minimal rule changes.
“Single-pane-of-glass visibility allows us to see what’s going on everywhere, at any time, allowing us to be more proactive as opposed to reactive,” said the Security Manager. “We’re now at least 100% more efficient than we were before Check Point. “
Check Point’s Diamond Support Eases Installation
The Company chose Check Point Diamond Support for 24×7 response and guaranteed resolution times. The entire IT team has been impressed with the expertise and responsiveness of Check Point Diamond-level support engineers.
“Check Point has been a partner in every aspect of the installation and management of our network,” explained the Security team leader. “Their Diamond engineers dive in and take ownership: they get to the bottom of an issue without delay.”
Summarizing his experience with Check Point, the Security Manager exclaimed: “The entire project has been inspirational. It’s given us all a sense of pride in what we are doing.”