LogRhythm and Check Point offer an integrated solution for enterprise threat lifecycle management and next generation network protection. LogRhythm collects extensive insight into the entire security gateway from Check Point via OPSEC LEA for detailed visibility into the users, groups, applications, machines and connection types. LogRhythm’s SmartResponse™ automation framework enables customers to build a plug-in to leverage Check Point for immediate protective action.
About Log Rhythm:
Empowers organizations to rapidly detect, respond to and neutralize cyber-threats
• Provides a holistic platform for end-to-end Threat Lifecycle Management, uniquely unifying next-gen SIEM, log management, network & endpoint forensics, advanced behavior analytics & machine learning, and security automation and orchestration
• Delivers rapid compliance automation and assurance, and enhanced IT intelligence
• Consistent market leadership including recognition as a Leader in Gartner’s Magic Quadrant since 2012
The Check Point/Log Rhythm Integration provides:
Real-time correlation of next generation firewall activity against user, network and endpoint behavior for enterprise-wide threat detection and response • Increased visibility and enhanced breach detection capabilities through the integration of network security data with multi-dimensional behavior analytics • Accurate threat detection by linking meaningful events with conditional logic and modern threat analytics to reduce the number of false positives and false negatives Combining Check Point’s next generation firewall capabilities with the multidimensional behavioral analytics of Log Rhythm delivers enterprise-wide continuous monitoring and real-time threat detection and response.
How to Setup Connectivity/OPSEC LEA Connection between Check Point and Log Rhythm:
1. Add a host node in the Check Point management station for the host where the Log Rhythm Agent
2. Add a Check Point OPSEC application in the Check Point management station.
3. Initialize the OPSEC applications Secure Internal Communications (SIC) certificate.
4. Record the Check Point Log Server Entity SIC Name.
5. (Optional) If the management station is also hosting a firewall, add a firewall rule to allow
connections between the Log Rhythm Agent system and the management station/firewall.
6. Pull the OPSEC application SIC communication certificate from the management station to the
Log Rhythm Agent system.
7. (Optional) If the log server or servers are also hosting a firewall, add a firewall rule to allow
connections between the Log Rhythm Agent system and the Check Point firewall/log servers.
8. (Optional) Install the Check Point Database to all management stations and log servers to which
the Log Rhythm Agent will be connecting.
9. Configure the Log Rhythm Agent to connect to the log servers."
Personal Experience With The Integration of Both Products:
I have implemented a Check Point - Log Rhythm Virtual solution for an MSSP practice. The solution included a Check Point 40 domain MDS with 2 HA pairs of VSX boxes that protected customer work loads within the internal/private ESXi hosted cloud. It also included 100's of Check point appliances/GW's around the world. I created custom Log Rhythm alarm rules that met the compliance requirements of what each customer standardized on. The alarms were triggered via the Check Point FW logs that were fed into the Log Rhythm Data Processor via the CP-MDS/Log manger. This type of service created a holistic security solution and added protection for all of our MSSP customers. The solution was very flexible and agile in the cloud based scenario in which I built it in. As the FW log count grew, I was able to expand into a load sharing type scenario with the LR solution.
Log Rhythm and Check Point are tightly integrated, combining the functionality of Check Point’s next generation firewalls with the threat management capabilities of Log Rhythm’s Threat Lifecycle Management Platform. The combined offering empowers customers to identify true behavioral anomalies, internal and external threats, and prevent breaches based on accurate enterprise security intelligence.