topic Re: What is your Check Point Idea of the Year? in General Topics

What is your Check Point Idea of the Year?

PhoneBoy — Mon, 07 May 2018 17:29:30 GMT

As part of our First Birthday celebration, we are having an awards ceremony.

For awards, you need categories and voting!

Over the course of this week, we will share some of the categories and solicit nominations for said categories.

See the complete list of categories and voting instructions here: https://community.checkpoint.com/community/about-checkmates/blog/2018/05/08/checkmates-first-birthday-celebration

This category is about ideas that you wish Check Point would develop into a product/service offering, or improvements to existing ones.

I polled some folks inside Check Point that aren't in R&D and got plenty of suggestions.

Here are a few of them:

Cloud-based Endpoint Management
Automatic performance tuning based on hardware/policy configuration
Threat-hunting Platform

Now, it's your turn, CheckMates community: what's your Idea of the Year?

Please leave your suggestions below as comments.

A few disclaimers/notes:

There are no guarantees that any idea suggested will be developed, even the "Idea of the Year" .
From the suggestions below, we will choose 3-5 ideas which will be put up for voting during the week of 14th May.
Preference will be given to ideas that come from customers and partners, though Employees are welcome to participate as well.
"Likes" and "discussion" around specific ideas will influence (but not wholly determine) the final list, so if you like something someone has suggested, let it be known!

Voting

Voting is now open for the above categories.

We will take your votes until 25th May 2018 @ 11:59pm Pacific Daylight Time.

A vote will enter you into a raffle for a Check Point 1490 Appliance!

Re: What is your Check Point Idea of the Year?

Nader_Assi__Old — Mon, 07 May 2018 20:42:11 GMT

Be able to integrate the IPS blade with a 3rd party Vulnerability Scanner or a new/future "Check Point Vulnerability blade" that would scan the network/devices/servers. Then, it would provide a list a detected vulnerabilities and its associated IPS protections.

Re: What is your Check Point Idea of the Year?

Vladimir — Mon, 07 May 2018 22:44:02 GMT

Pick any of these:

1. Cloud-based management. Expand on the "Demo Mode" with redundancy and dynamic capacity expansion for logging.

2. Objects only UI export/import functionality (with selector option).

3. Parser library for integration of 3rd party logs into SmartEvent.

4. Integration of 3rd party APIs with SmartEvent actions.

5. Implement all of the binary options (i.e. disabled or enabled) that are presently available only via CLI or DBedit into SmartConsole's object properties.

6. Remove maintenance charges for memory modules from the list, they looks ridiculous to anyone paying attention.

7. Make SmartEvent a basic component of the management server in addition to keeping it available as a separate license. Since removal of SmartReporter calling SmartEvent an "option" is not going over well with SMBs. Additionally, almost every security vendor now offering their "Dashboards" comparable with SmartView as standard.

8. Reintroduce Web Management portal functionality covering all policies.

9. Get your marketing in order: that "X generation" and "Don't believe the hype" are awful and do nothing to attract new customers. absence from most of the categories in Gartner and NSS labs reports is detrimental. I am beginning to hear the question "what is Check Point". Take a look at cloud offerings by PAN and Fortinet: they are listed on top of AWS and Azure 3rd party security vendor solutions (AMIs, VMs).

10. Integrate CPUSE with SmartConsole.

11. SD-WAN options for normal gateways/clusters, as well as a separate, cheaper licensed limited functionality objects and, possibly, cloud-based configurator but with logging and monitoring by both, cloud and SMS.

12. And this is a big one: please figure out upgrade and update mechanisms that do not look like Rube-Goldberg machine. Yes, CPUSE in a small environments is a step in the right direction, however it does not work for upgrades in the cloud, we are still figuring out the cluster upgrade sequences and in MDS environment it is actually not funny. In ideal scenario, your customers should right-click the object in the SmartConsole, irrespective of what it represents: gateway, cluster, VSX, SMS, SmartEvent server, MDS, Endpoint Management or vSEC and select "upgrade" or "update" and be done with it.

13. Integrate ICA management functionality in SmartConsole, as WebUI for it is a pain to even get to.

14. Permit installation of individual layers of the policy by dedicated administrators.

15. "migrate export" capabilities with scheduling configurable in SmartConsole (retention duration and scheduled transfer to remote repositories via SCP, SFTP).

16. Expanded log maintenance capabilities configurable in SmartConsole (retention duration and scheduled transfer to remote repositories via SCP, SFTP).

17. Rule acceleration status indicator in SmartConsole.

18. Add Users, (including those in AD) as a possible choice for source in "Suspicious Activity Rule" in SmartView Monitor.

Re: What is your Check Point Idea of the Year?

Xavier_Koenig — Mon, 07 May 2018 23:38:24 GMT

Any sort of "home lab" license or trial would be nice. I understand the need to protect IP, but a week long license makes it tough to learn new concepts and explore the product in-depth. Maybe even a discounted, somewhat restrictive version for existing customers? Many other vendors do this currently, as it helps grow their customer base and strengthen brand loyalty.

Re: What is your Check Point Idea of the Year?

Vladimir — Mon, 07 May 2018 23:42:01 GMT

Xavier, there is now CheckMates Pro license that gives you a one year license, presumably renewable, so long as you contribute to the CheckMates for total of only 250 points.

Search this forum for "CheckMates Pro" and you'll get to it.

Re: What is your Check Point Idea of the Year?

Emanuele_Baldon — Tue, 08 May 2018 05:24:59 GMT

Firewall Cluster with different hardware

Re: What is your Check Point Idea of the Year?

Neil_ZInk — Tue, 08 May 2018 19:05:53 GMT

GeoProtection -> Block or redirect vs just a blank page
API for GeoProtection rules
Export/import for GeoProtection objects
Self-Help portal to see if port/IP is blocked
Option on URL/Application blade to make specific rules to apply to : URL, application, or both

Re: What is your Check Point Idea of the Year?

RickLin — Wed, 09 May 2018 03:19:30 GMT

CheckPoint Threat Prevention Policy or Profile have IPS AB AV TE TEX blades.

Able to add another Tag to describe or present which Blade log(s) is in APT Cyber Kill Chain which stage ?

Are able to link today AB log to link with IPS log that trigger before that belong the same one Cyber Kill Chain ?

No matter Management or Gateway Gaia memory management optimization.

Access Control Policy Rule Assistant( Both Order and InLine Layer, both Firewall and APCL/URLF Blade)

Re: What is your Check Point Idea of the Year?

Kalyan_Addenki — Wed, 09 May 2018 19:37:31 GMT

Check Point Threat Hunting Platform

- Enable Threat Hunting capability for both Sandblast Agent, Mobile & Network.
- Use the SmartEvent to provide the hunting capability across the organization network as it correlates & indexes all the logs in the environment.
- Provide a detailed dashboard view for top similar threats and the machines affected. I know there are some available in the security check-up report but no dynamic view.
- Collect & correlate all the sandblast forensic logs from the agents, mobile centrally on the SmartEvent server and present it on dynamic view for detailed investigation.
- Integrate with Cloud IoCs with the internal threat posture to categorize the risk of the organization.
- Provide some level of automation capability to either enable remediation or isolation process to all/selected machines affected with a threat.

Re: What is your Check Point Idea of the Year?

Aidan_Luby1 — Thu, 10 May 2018 17:01:53 GMT

Geoprotection rules for specific services/destinations/sources, or the ability to add geoprotection to rules in the firewall rulebase as a drop option/inline rule. (ie. Only allow RDP from this country)
Ability for EndPoint Security products to update the rulebase of the perimeter firewall they're behind. (ie. Block a source that's attempting to attack multiple pc's from outside the network)
Ability for EndPoint security products to notify you if certain IPS protections or other changes should be made on the perimeter firewall
Specify a source, destination or service to send via the fast path easily. (ie. VOIP SIP Traffic)
Show hits on NAT rules for optimization
Show hits on https policy rules
A logo that looks more professional, not like someone's kid's drawing
CPMerge for a gateway moving from R77.30 to R80 (Having to manually migrate a policy from a standalone 2200 to a SMS was VERY time consuming even for a small rulebase)
Ability to import Smartdashboard objects from R77.30 to R80.10. I exported 70 .ckp network objects in R77.30 but couldn't actually import them into R80.10
More consistent documentation or a tool for helping optimize the rulebase for SecureXL. After a reboot my fwaccel stats -s is about 60% for securexl connections, a week or two after it's around about 8%. TAC told me to just start disabling IPS inspections until it's better, but couldn't indicate which ones are actually problematic.

It's possible some of these exist already

Re: What is your Check Point Idea of the Year?

Jim_Stergiou — Thu, 10 May 2018 17:07:02 GMT

Add the ability to fetch IOCs (IPs, domains, hashes) directly from the Management Server using a URL and push them to the Security Gateways without the requirement of a policy push, similar to how AV and AB signatures get updated.

Re: What is your Check Point Idea of the Year?

Sal_Previtera — Thu, 10 May 2018 18:23:42 GMT

Move SmartDashboard or (Smart-anything) away from Windows, here is a NON-Windows based security solutions but I need windows to managed it...come on, it is time.

Maybe a simpler solution would be having all those "Smart-Anything", running directly from Management servers itself, we need to be able to manage it from anywhere without loading Windows or Java based applications.

Re: What is your Check Point Idea of the Year?

Mully — Thu, 10 May 2018 20:00:54 GMT

-Instead of only having a block on specific countries in Geo IP. Have a permit rule such as I only want US and Canadian ip's to connect via my VPN service, my OWA, or SFTP service. This would certainly be useful in the next version of Checkpoint.

-Snort rules import in Checkpoint R80.10 or a way to create new threat rules easily in the interface. Import a packet and write a rule with specific RegEx detection such as User-Agent.

Re: What is your Check Point Idea of the Year?

Steve_Moran1 — Thu, 10 May 2018 20:33:16 GMT

1. Geoprotection flexibility- countries a,b,c can hit this site, while d,e,f can hit this one, instead of on or off for the country.

2. There's a handy export button to export objects, how about the handy import button?

3. recreate all the canned reports from smart reporter in smart event.

4. finish integrating the legacy apps.

Re: What is your Check Point Idea of the Year?

RickLin — Fri, 11 May 2018 02:56:18 GMT

There is one more thing strange in my mind.

In R80.10, Security Gateway get interface with topology, it will also create Network object base our IPv4 static routes.

That is everybody known thing.

But the new network object can not display and can not be search out in Object Panel or Object explorer.

But it can display and be search out when we try to add object in Source or Destination.

Before R80, without this issue.

Hope this can be corrected in the feature.

Re: What is your Check Point Idea of the Year?

Moti — Fri, 11 May 2018 03:53:36 GMT

Tomer Sole

Re: What is your Check Point Idea of the Year?

Moti — Fri, 11 May 2018 03:54:09 GMT

What's #4?

Re: What is your Check Point Idea of the Year?

Shehan_Wickrama — Fri, 11 May 2018 05:21:09 GMT

Adding an option to add an IP to GUI users so the GUI user can login only if the IP matches to the mentioned IP . Fortinet already have this feature.

Re: What is your Check Point Idea of the Year?

Reinhard_Stich — Fri, 11 May 2018 06:00:46 GMT

1. VPN-domain per VPN-community. only one VPN domain makes it hard to configure several VPNs when you have large internal network ranges and want only a subnet as part of this VPN
2. a "rule checker" or "rule assistant". I know CP is working on something like that ...
3. a "performance assistant". if monitoring sees high CPU/memory usage it could recommend actions ..
br

reinhard

Re: What is your Check Point Idea of the Year?

Daniel_Taney — Fri, 11 May 2018 18:52:09 GMT

I was literally saying to a co-worker yesterday that Cisco is doing this now and it would be great if Check Point would adopt this functionality!