Checkpoint Security Gateway Virtual Edition

Security Gateway Virtual Edition Overview:

Your Challenge:

Server virtualization continues at a staggering pace and with it the need to address security. Virtual environments have not only the same challenges as physical ones— needing protection from external threats—but also those unique to virtualization. Virtualization can create gaps in visibility, including inter-Virtual Machine (VM) traffic within a platform hosting multiple VMs. Also, new VMs need to be automatically protected as they are brought online, as do VMs being migrated from one physical platform to another due to infrastructure expansion or hardware failure.

Our Solution:

Check Point Security Gateway Virtual Edition—based on the Software Blade Architecture—provides a comprehensive virtual security solution for protection of VM environments and starts at only $2000. Plug-&-play operation streamlines deployment, and full support for live migration of VMs means zero downtime. Also, as new VMs are brought online, they are immediately protected by automatic security policy enforcement.

Product Features:

• Inter-VM traffic inspection
• Enforce security for dynamic virtual environments
• Fully virtualized security gateway
• Virtualization enablement
• Plug-&-play security for virtual machines
• Unified management for physical and virtual environments

Product Benefits:

• Software Blade Architecture delivers comprehensive security to both external networks and virtual environments
• Ensures VM security by inspecting all inter-VM traffic with granular firewall policies and integrated best-in-class intrusion prevention
• Plug-&-play deployment requires no network changes
• Provides continuous protection during live migration of VMs from one host to another and when new VMs are added
• Single pane of glass for managing both physical and virtual environments makes administration easy

Features:

Inter-VM Traffic Inspection

Ensure virtual machine security by inspecting all inter-VM traffic with granular firewall policies and integrated best-in-class intrusion prevention. Security Gateway VE utilizes VMware's VMsafe technology to seamlessly enforce security within the hypervisor.

Security Gateway VE enables you to separate virtual applications, protecting them from each other as well as external threats. Integrated IPS utilizes signature and protocol anomaly-based intrusion prevention to protect business-critical services like FTP, HTTP and VoIP from known and unknown attacks. And, Check Point Update Services provide real-time updates to keep protections current with the latest defenses.

Enforce Security for Dynamic Virtual Environments

Virtual machine protection is continuous during live migration of virtual machines from one host to another and when new virtual machines are added. Full support for VMware VMotion and full-term Dynamic Resource Scheduler (DRS) allows the security policy to be enforced while maintaining open connections. This also ensures zero down time when virtual machines are moved from host to host for maintenance and dynamic resource allocation.

Virtual machines are so easy to create that it sometimes leads to VM sprawl. Security Gateway VE alleviates this concern by ensuring that newly added virtual machines are segregated from existing VMs with automatic security policy enforcement.

Fully Virtualized Security Gateway

Security Gateway VE provides comprehensive security based on the Software Blade Architecture, protecting both inter-VM traffic and external networks and assets. In addition to seamless hypervisor-layer security, VE also provides the flexibility to be deployed as a Layer 2 or Layer 3 default gateway.

Security Gateway VE simplifies security deployments by consolidating proven security functions within a single solution streamlining deployment and administration. Virtual machines are protected from external threats as well as from each other with best-in-class integrated firewall, IPS, VPN, antivirus, antispam, URL filtering and Web security. Where separation of servers and data is required for compliance, VE protects segregated applications and information from one another without the need for physical security appliances.

Plug & Play Security for Virtual Machines

Security Gateway VE reduces administration overhead by automatically applying security to virtual machines without the need to change network topology configuration for the VMs, VLANs or vSwitches.

Virtualization Enablement

Virtualization initiatives are driven by consolidation, optimization, and return on investment. Relying on traditional physical security appliances to inspect inter-VM traffic impacts performance and complicates topology. With VE, this complexity is avoided, boosting performance by inspecting virtual machine traffic inside the virtual system.

Unifified Management for Physical and Virtual Enviroments

Security management is simplified with unified administration of physical and virtual environments including clear separation of administrative functions between virtualization and security administrators.

Security Gateway Virtual Edition is managed from the same Security Management or Multi-Domain Management (MDM) as all other physical Check Point security gateways and appliances. This enables you to deploy a single pane of glass to ensure consistent security at all gateways, while minimizing the expense of separate management consoles.

Check Point SmartDashboard GUI – Unified management for physical and virtual gateways

Traffic logging, reporting and full virtualization auditing solutions tailored for the virtual infrastructure enable users to accelerate and achieve compliance, with dedicated reports that are mapped to relevant requirements within the PCI, SOX, HIPAA, COBIT and ISO 17799 regulations and standards.

Check Point Security Management and MDM can also be deployed on virtual machines.

Deployments:

Virtualized Security Scenarios
	Use Security Gateway Virtual Edition to apply granular firewall and IPS policies for inter-VM traffic.
	Use Security Gateway Virtual Edition (VE) with firewall, IPS, VPN and Software Blades to secure your office networks and assets.
	Consolidate your Security Gateway deployment into a virtualized environment.

Specifications:

Documentation:

Download the Check Point Security Gateway Virtual Edition Datasheet (PDF).