Absolute Zero Trust Security with Check Point Infinity

Zero Trust Networks

Zero Trust security is about having the ability to “Divide and Rule” your network in order to reduce the risk of lateral movement.

Check Point offers two ways to implement least privileged access to your networks:

• ZTNA-as-a-service with Harmony Connect Remote Access takes only five minutes to deploy and secures access to any internal enterprise network or application residing in the data center, IaaS, public or private clouds. With intuitive clientless access to Web, RDP, SSH and SQL-based resources, the service is both user and management friendly, while catering to the needs of diverse personnel, including employees, third-party users, administrators, engineers and DevOps.
• Security Gateways enable you to create granular network segmentation across public/private cloud and LAN environments. With detailed visibility into the users, groups, applications, machines and connection types on your network, they allow you to set and enforce a “Least Privileged” access policy. So, only the right users and devices can access your protected assets.

ZTNA-AS-A-SERVICE|NEXT GENERATION FIREWALL

Zero Trust People

With 81% of data breaches involving stolen credentials¹, it is clear that username and passwords do no longer prove the identity of a user. Identities are easily compromised, so access control to your valuable assets must be strengthened.

• Check Point Identity Awareness ensures access to your data is granted only to authorized users, and only after their identities have been strictly authenticated; using Single Sign-On, Multi-Factor Authentication, context-aware policies (e.g. time and geo-location of the connection), and anomaly detection.
• Harmony Connect Remote access offers least privileged access for diverse users, including internal and external identities, by integrating into directories, identity providers and offering PAM-as-a-service for engineers, administrators and DevOps.

IDENTITY AWARENESS|EMAIL SECURITY| ZTNA-AS-A-SERVICE
¹2017 Verizon DBIR

Zero Trust Devices

Security teams must be able to isolate, secure, and control every device on the network at all times.

Check Point solutions enable you to block infected devices from accessing corporate data and assets, including employees’ mobile devices and workstations, IoT devices and Industrial Control Systems.

In addition, Check Point Advanced Threat Prevention for Endpoints protect employees’ devices at all times and maintain your corporate security policy on untrusted networks.

MOBILE SECURITY | ADVANCED ENDPOINT PROTECTION AND THREAT PREVENTION|IOT SECURITY

Zero Trust Workloads

Securing workloads, particularly those who are running in the public cloud, is essential since these cloud assets (e.g. containers, functions, and VM’s) are vulnerable, and attractive target to malicious actors.

Check Point Infinity includes cloud security solutions that integrate with any public or private cloud infrastructure and provide full visibility and control over these ever changing environments; including AWS, GCP, Microsoft Azure, Oracle Cloud, IBM Cloud, Alibaba Cloud, NSX, Cisco ACI, Cisco ISE, OpenStack, etc.

Offering DevOps a wealth of cloud-native capabilities such as privileged access management (PAM) and automated server onboarding Harmony Connect Remote Access, part of Check Point Infinity, protects against DDoS attacks by hiding resources behind a secure cloud, while preventing application-targeted threats.

CLOUD SECURITY POSTURE MANAGEMENT | PUBLIC CLOUD SECURITY | DEVOPS ACCESS

Zero Trust Data

Zero Trust is all about protecting the data while it is shared continuously between workstations, mobile devices, application servers, databases, SaaS applications, and across the corporate and public networks.

Check Point Infinity delivers multi-layered data protection, that preemptively protects data from theft, corruption, and unintentional loss, wherever it is.

1. Data Encryption — By encrypting your data, wherever it resides, being used or transferred, you can render it useless if it is stolen.

FULL DISK ENCRYPTION | REMOVABLE MEDIA ENCRYPTION| VPN IPSEC

2. Data Loss Prevention — Tracks and controls data movements across the network to ensure sensitive information does not leave the organization.

DATA LOSS PREVENTION

3. Data Management Categorization and Classification — Classify and protect business documents and files, inside and outside your organization. Provide employees one-touch access from their mobile devices to corporate email, files, directories, etc.

DOCUMENT SECURITY | MOBILE SECURE WORKSPACE

Visibility & Analytics

You can’t protect what you can’t see or understand. A Zero Trust Security model constantly monitors, logs, correlates, and analyzes every activity across your network.

Check Point Infinity is managed via R80 Centralized Security Management which provides security teams full visibility into their entire security posture; so they can quickly detect and mitigate threats in real-time.

CENTRALIZED SECURITY MANAGEMENT | SECURITY EVENT MANAGEMENT | SECURITY COMPLIANCE

Automation & Orchestration

Zero Trust infrastructure should support automated integration with the organization’s broader IT environment to enable speed and agility, improved incident response, policy accuracy, and task delegations.

Check Point Infinity includes a rich set of APIs that support these goals, and these APIs are used by Check Point’s technology partners to develop integrated solutions.

CHECK POINT APIS | CHECK POINT TECHNOLOGY PARTNERS