Checkpoint vSEC for Cisco ACI
Enables the rapid and secure deployment of applications in next-generation data centers
Sorry, this unit has been discontinued. Please, contact us for a replacement product!
Check Point vSEC for Cisco ACI enables the rapid and secure deployment of applications in next-generation data centers. Combining the most comprehensive threat prevention security with complete visibility and control across both physical and virtual environments, Check Point vSEC lowers the costs and complexities of securing private clouds.
Advanced threat prevention security for private clouds
- Multi-layered security architecture—including award-winning Check Point SandBlast Zero-Day Protection—safeguards private cloud environments against even the most sophisticated attacks
- Secure east-west traffic between physical and virtual machines to prevent lateral movement of threats within the private cloud
- Security protections include Firewall, Intrusion Prevention System (IPS), Anti-Virus, AntiBot, Anti-Spam, Application Control, as well as Check Point SandBlast Zero-Day Protection
Enables the secure delivery of applications at a fraction of the cost and time
- Tightly integrated with the Cisco APIC controller for automated security provisioning and policy orchestration
- Dynamically learns ACI-defined objects such as end point groups (EPGs) in vSEC Controller, including any changes or new additions, without manual intervention
Improved operational efficiencies
- Unified management with a single policy for virtual and physical gateways simplifies security enforcement
- Centralized logging and reporting provides complete forensics analysis inside private cloud data centers
FeaturesComprehensive Threat Prevention
vSEC for Cisco ACI provides industry-leading, advanced threat prevention security to keep data centers protected from lateral movement of even the most sophisticated threats. Fully integrated multi-layer security protections include:
- Stateful Firewall, Intrusion Prevention System (IPS), Antivirus and Anti-Bot technology protects data centers against lateral movement of threats
- SandBlast Zero-Day Protection sandbox technology provides the most advanced protection against malware and zero-day attacks
- Application Control helps prevent application layer denial-of-service (DoS) attacks, thus protecting the next-generation data center
- Data Loss Prevention protects sensitive data from theft or unintentional loss
- IPSec VPN and Mobile Access allow secure communication into cloud resources
Cisco ACI provides the framework to allow automated, policy-based service insertion from a single-pane-of-glass management platform. The Check Point integration with Cisco ACI automates and simplifies the insertion of vSEC gateways into the ACI fabric to protect east-west traffic from lateral movement of threats.Automated and Dynamic Security Policy
The integration with Cisco’s Application Policy Infrastructure Controller (APIC) shares infrastructure context with the Check Point vSEC Controller, allowing Cisco ACI objects such as end point groups (EPGs) to be imported and utilized within Check Point security policies. This reduces the time it takes to create and update security policies from minutes to seconds. What’s more, any changes or new additions to Cisco ACI objects are automatically reflected without the need for manual administrator intervention.
|Supported Cisco Solution||APIC Version 1.2|
|Supported Check Point Releases||Check Point vSEC R77.30
Check Point Gateway R77.30
Check Point Smart Management R80
- Pricing and product availability subject to change without notice.
- Check Point vSEC controller for ACI is licensed based on Cisco ACI physical leaf switches.
- The vSEC license is for the aggregated number of physical leaf switches connected to the APIC (ACI management system)
- The vSEC for ACI license is on top of regular management and gateways pricing.
- Licenses can be aggregated – one can purchase additional leaf licenses for an existing environment.
- The License should be deployed on the Check Point management server.
- The license is perpetual, the license includes high availability.
- Security Management software required: R80
- Gateways supported:
- vSEC Virtual Edition (each gateway will support 1 VRF/Policy).
- VSX enabled physical security gateway appliances, 1 x VS needed per VRF/Policy.