Making your protection software-defined
Westcon Imagine 2014 - You may be well on your way to software defined networking, but how about your software defined protection?
That’s the question posed by Hamish Sopher, Check Point New Zealand Country Manager, who says today’s multi-threat environment calls for an operation resilient, multi-layered protection that is segmented across multiple enforcement points - software defined protection (SDP).
“SDP is a new, pragmatic, security architecture and methodology offering an infrastructure that is modular, agile and most importantly, secure.
“Such architecture must protect organisations of all sizes at any location: headquarters, branch offices, roaming through smartphones or mobile devices, or when using cloud environments.
“Protections should automatically adapt to the threat landscape without the need for security administrators to follow up manually on thousands of advisories and recommendations.
“These protections must integrate seamlessly into the larger IT environment, and the architecture must provide a defensive posture that collaboratively leverages both internal and external intelligent sources.”
Sopher says perimeters are no longer defined and the attack surface is no longer only at the company edge, with smart devices allowing us to communicate and send files and images at the press of the button.
Our information is also online and available for hackers to use against us by enticing us to click on a link in an email that looks like it’s from a trusted source, but actually contains malware.
“And threats are growing more intelligent every day with the online sale of exploit kits and techniques for obfuscating known malware.”
Not only are attacks more sophisticated, but hackers are more motivated – and not only by financial gain, with nation states and hacktivists seeking to gain a technological edge or promote a political position.
“BYOD, mobility and cloud computing have revolutionised static IT environments, introducing the need for dynamic networks and infrastructures.”
All of which, Sopher says, is creating a perfect storm.
“Threats can target employees and their devices when they’re mobile. As threats grow more intelligent every day, we need to define the right methodology to protect enterprises in this ever-changing threat landscape.
“Also, as technology advances, security must advance with it. This includes adding additional layers of protection as viewed through a pragmatic security architecture and methodology.
“Multi-layered, segmented security can help protect enterprises in this ever-changing threat landscape,” he adds.
“Although there is a wide proliferation of point security products, these products tend to be reactive and tactical in nature, rather than architecturally oriented.
“Today’s corporations need a single architecture that combines high performance network security devices with real-time proactive protections.”
He says organisations can build the SDP architecture using Check Point products and security services across networks, hosts and mobile and cloud environments.
Sopher says Check Point knows security can be complex to implement. “Our philosophy is that security without management is not really secure, so we have invested heavily in providing a comprehensive and unified security management system.
“It translates your security strategy into a secure reality with unified policy and event management. Not only is it highly efficient, but it also gives you full visibility into the security posture of your company.”
Software-defined Protection explained
Software-defined Protection (SDP) is a new, pragmatic, security architecture and methodology offering an infrastructure thatis modular, agile and most importantly, secure.
The SDP architecture partitions the security infrastructure into three interconnected layers:
- An enforcement layer that is based on physical and virtual security enforcement points and that segments the network, as well as executes the protection logic in high demand environments
- A control layer that analyses different sources of threat information and generates protections and policies to be executed by the enforcement layer
- A management layer that orchestrates the infrastructure and brings the highest degree of agility to the entire architecture.
For more information visit www.checkpoint.com