https://community.checkpoint.com/t5/General-Topics/Going-all-in/m-p/61567#M12473 <P>Here are some comments and pointers that might be useful for you.</P> <P>First of all make sure you have correct security in correct places. Don't enable all blades in all gateways, but make a design and analyze what kind of security is relevant and where.</P> <P><STRONG>CloudGuard SaaS</STRONG></P> <P><A href="https://community.checkpoint.com/t5/CloudGuard-SaaS/One-administrative-CloudGuard-SaaS-documentation/td-p/25533" target="_blank">https://community.checkpoint.com/t5/CloudGuard-SaaS/One-administrative-CloudGuard-SaaS-documentation/td-p/25533</A></P> <P><STRONG>Access Control</STRONG></P> <P>- Utilize inline layers with security zones</P> <P>- For identity awareness consider different identity sources such as identity collector that can be very useful in larger environments. It also integrates smoothly with Cisco ISE.<BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108235" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108235</A></P> <P>- Understand the capabilities of Unified policies. You mentioned DLP, but also make sure you are familiar with Content Awareness that is natively part of R80.x installation without a special license.</P> <P><STRONG>Threat Prevention</STRONG></P> <P><A href="https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/IPS-Ease-of-Use-in-R80-20-TechTalk/td-p/19361" target="_blank">https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/IPS-Ease-of-Use-in-R80-20-TechTalk/td-p/19361</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 31 Aug 2019 03:07:13 GMT Lari_Luoma 2019-08-31T03:07:13Z https://community.checkpoint.com/t5/General-Topics/Going-all-in/m-p/61564#M12472 <P>I'd like to ask members' opinion about Check Point(ification) of the business.</P> <P>While all of us have heard and seen the arguments in favor of consolidation of security product for the sake of compatibility and efficiency, I am presently contemplating a possibility to actually doing that.</P> <P>While I am pretty familiar with the gateways and IaaS products and to some degree with the endpoint, I've never had an opportunity to see the all CP shop.</P> <P>If any of you have worked in these environments, please share your opinions, impressions and gotchas?</P> <P>Are there any components, (other than proxy), that should be integrated, if I am going for the best possible coverage of hybrid AD, O365 and other SaaS apps, with particular focus on Salesforce.</P> <P>DLP will be predominant factor in my choice of the products, or their combination.</P> <P>Good granularity and ease of setup and administration of DLP function is important.</P> <P>&nbsp;</P> <P>Thank you,</P> <P>Vladimir</P> <P>&nbsp;</P> Fri, 30 Aug 2019 21:37:12 GMT https://community.checkpoint.com/t5/General-Topics/Going-all-in/m-p/61564#M12472 Vladimir 2019-08-30T21:37:12Z https://community.checkpoint.com/t5/General-Topics/Going-all-in/m-p/61567#M12473 <P>Here are some comments and pointers that might be useful for you.</P> <P>First of all make sure you have correct security in correct places. Don't enable all blades in all gateways, but make a design and analyze what kind of security is relevant and where.</P> <P><STRONG>CloudGuard SaaS</STRONG></P> <P><A href="https://community.checkpoint.com/t5/CloudGuard-SaaS/One-administrative-CloudGuard-SaaS-documentation/td-p/25533" target="_blank">https://community.checkpoint.com/t5/CloudGuard-SaaS/One-administrative-CloudGuard-SaaS-documentation/td-p/25533</A></P> <P><STRONG>Access Control</STRONG></P> <P>- Utilize inline layers with security zones</P> <P>- For identity awareness consider different identity sources such as identity collector that can be very useful in larger environments. It also integrates smoothly with Cisco ISE.<BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108235" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk108235</A></P> <P>- Understand the capabilities of Unified policies. You mentioned DLP, but also make sure you are familiar with Content Awareness that is natively part of R80.x installation without a special license.</P> <P><STRONG>Threat Prevention</STRONG></P> <P><A href="https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/IPS-Ease-of-Use-in-R80-20-TechTalk/td-p/19361" target="_blank">https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/IPS-Ease-of-Use-in-R80-20-TechTalk/td-p/19361</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 31 Aug 2019 03:07:13 GMT https://community.checkpoint.com/t5/General-Topics/Going-all-in/m-p/61567#M12473 Lari_Luoma 2019-08-31T03:07:13Z