Prominent Museum in D.C. Safeguards Its Mission with Check Point
Check Point CloudGuard™ IaaS automates protection across our dynamic cloud environments while Check Point R80 unifies visibility into threats across the network, enabling us to efficiently address security incidents with less effort.”
Michael Trofi, Founder of Trofi Security & Acting CISO, Prominent Museum in D.C.
Prominent Museum in D. C.
This prominent museum in D.C. documents history and preserves artifacts. Since its dedication, the Museum has welcomed more than 40 million visitors, including 99 heads of state and more than ten million school-age children. To protect its irreplaceable documents, photos, videos, and recordings from today’s fifth generation cyber-threats, the museum turned to the Check Point
Preserving and Protecting
This museum keeps one of the world’s largest archives of significant historical events, focused on their digital preservation and storage. More than 16.5 million people from over 200 countries visit the site annually, which is available in 16 languages.
The museum’s systems are barraged by hate emails, vicious social media posts, and increasingly sophisticated 5th generation cyber-attacks from around the world.
“We’re moving our applications to the cloud to eliminate our data center and maximize our resources,” said Michael Trofi, founder of Trofi Security and Acting CISO. “With the risks we face, we needed strong, effective protection for users and applications across our existing on-premises and multi-vendor hybrid cloud infrastructure.”
Securing All Applications Equally
Securing SaaS and hosted applications across a hybrid cloud environment is not as easy. One of the security team’s first challenges was to manage and protect user identities across the entire infrastructure.
Employees and partners are located around the world with varying levels of online access to our institutional assets. The museum chose software-as-aservice (SaaS) applications, including Microsoft Office 365, Google Suite, file-sharing, and operations solutions to meet users’ needs. Each is hosted in its respective vendor’s cloud and protected by Check Point CloudGuard SaaS.
A component of the Infinity Architecture and delivered from the Check Point cloud, CloudGuard SaaS delivers zero-day threat, identity, and data protection while preventing employee account breaches.
“Employees’ Google email accounts and credentials were especially vulnerable to spoofing through the Chrome browser,” said Trofi. “We needed a way to detect account hijacking attempts and prevent unauthorized access to petabytes of priceless data. In addition to our Check Point Firewalls, Check Point CloudGuard™ SaaS was the right solution.”
The museum also utilizes Check Point CloudGuard IaaS to protect its applications that have been moved to public clouds. Financials, human resources, PCI-compliant payment systems, and data archives are being deployed on AWS, Google, Oracle, and Azure public clouds. By hosting various
applications within their specific vendor’s cloud, the museum is assured that application performance, upgrades, and maintenance are optimized by the cloud providers themselves, with a reduced effort by museum staff. Check Point CloudGuard IaaS extends the same protection as the Check Point firewalls to the museum’s applications in these public cloud environments.
Since CloudGuard SaaS and IaaS are part of the Infinity Architecture, they both benefit from Check Point SandBlast™ Zero Day protection software which runs across all Check Point physical and virtual appliances at the heart of the Museum’s security infrastructure. It provides multi-layered protection from known threats and zero-day attacks using Threat Emulation technology, as well as identity awareness, content awareness, antivirus, anti-bot, intrusion prevention, application control, and URL filtering capabilities. With Check Point SandBlast, advanced protections are extended across all environments, regardless of the physical network construct or cloud environment used.
Cloud Diversity, Security Management Uniformity
Michael Trofi’s team now manages all security policies, threat prevention, and operations in a single pane of glass through Check Point’s R80 Security Management. The team is also able to leverage automation of routine tasks to increase efficiency. Check Point R80 eliminates the need for monitoring multiple systems and ensures consistent policy across cloud and premises environments.
“Check Point CloudGuard IaaS automates protection across multiple dynamic clouds,” said Trofi, “while Check Point R80 unifies visibility into threats across the network, enabling us to efficiently address security incidents with less effort.”
Unified Security Architecture
Since deploying Check Point Infinity with CloudGuard SaaS, the museum has defeated multiple Gmail hijacking attempts. In one case, CloudGuard SaaS detected an attempt by someone in New York to access a Gmail account in Argentina. Check Point R80 enables the team to view and correlate events across multiple clouds and physical firewalls with real-time visibility into the barrage of threats targeting the Museum.
“We now have actual metrics about the volumes of phishing and malware targeting us, as opposed to what we thought was occurring,” said Trofi. “Visibility also uncovered configuration issues in partners’ email systems that prevented donation requests from getting through. Check Point enabled us to address another issue that we weren’t aware of previously.”
“We’re defending our assets against advanced large scale, multi-vector mega attacks,” said Trofi. “Check Point Infinity Total Protection will be a next step, enabling us to proactively deploy new protections as the threat landscape changes.”
Check Point Infinity Total Protection is an all-inclusive subscription offering. With it, the Museum can instantly access new Check Point solutions as new threats emerge, instead of having to initiate procurement of individual components.
“Check Point operates invisibly to our users, partners, and outsiders,” said Trofi. “That’s the way it should be. Transparency goes a long way in augmenting our mission.”