Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

CheckMates Fest 2021: Video and Q&A

The full CheckMates Fest 2021 video is available to CheckMates members.
Opening video is below.

 

Selected questions asked during the session are highlighted below.

Is the management server available on the cloud?

Yes, both for Endpoint Management and Network Security Management.

Does R81 include Mobile access policy in single console?

We’ve offered unified policy for MAB since R80.10. Legacy mode (and some settings) still requires SmartConsole in R81.

News about SourceGuard?

Its a formal part of our Shift Left approach and CloudGuard as enterprise management (where the UI elements are being added these days). In addition, it can be used as one-off from command line for developer consumption.

Is SSL decryption and inspection of inbound and or outbound connections going through the Firewall available?

This has been available for several versions already. A lot of improvements came out in the last few versions including TLS 1.3 support and Secure SNI handling (patented technology). Being on the latest release will ensure you can leverage all this functionality.

Is container security available in on-premise products? For example for the case of containers in local datacenter?

yes

Do you plan to implement VPN blade in SBA for Linux?

We are formally supporting the StrongSWAN client for Remote Access VPN with R81 gateways.

We support StrongSWAN for VPN for R81 gateways.

Will Sandblast Agent be submitted to independent testing eg NSSLabs, AvComparitives etc?

We participate in third party testing in general, yes, but not every third party test by every third party.

Is SandBlast Agent Web Extension for Edge in WORKGROUP mode (not domain joined) on the roadmap?

Planned for the near future.

Any update on ability to import third party IOC/threat feeds for endpoint?

We are working on this as part of our upcoming XDR offering, which is coming soon.

This interface on Sandblast Forensics offers support for integration with Service Now on incident management layer?

Technically you can do it today through the log exporter integration. You can export the forensics logs and then consume them in Service Now. We plan to do more native integration as part of the XDR offering.

Any plans for implementing Software-Defined Perimeter (SDP) ?

As it stands right now, we have a few security options for SDP/SASE. One of which, is Odo, which is being integrated as part of the CloudGuard Connect offering. See also CloudGuard Edge

Do we have roadmap for https redirect about captive portal?

This is supported with HTTPS Inspection enabled.

What URLs can we access to get any webinar from Check Point?

All CheckMates-related webinars are posted here on CheckMates. For other webinars, most of them will appear here:  https://www.checkpoint.com/webinars/ 

Can you compare XDR to EDR?

Think of SDR as an extension of EDR, covering not only endpoint but also FW, mail, mobile, cloud and more. On top of that, Threat Hunting, Incident analysis, Check Point intelligence and more.

What is the evergreen client?

Aclient which is always up to date, like your Chrome browser. It always updates itself to the last version automatically. We already doing it on Linux agent and browser agent. We are going to extend it to Windows and Mac.

On Predictive AI, is this based on historical data on customer or combined all data CP has? What type of datasets? Check Point only or external datasets as well? What is the learning timeframe for net new customers?

All Check Point protections leverage ThreatCloud, which is a mixture of the aforementioned. More details in the Threat Prevention Admin Guide .

Do we expect to see IoT Protect for SMBs? (visibility, Profiling/Modeling & enforcement)

The new IoT protect is built as a cloud solution and it will be available first for GAiA, but later also for SMB / Embedded GAiA.

Roadmap about mix and match on hyperscale, can we use different OS for different security group?

All should be Gaia, but you can mix different appliances

Question about SNX, is the still supported without java?

The deployment agent for SNX is still Java currently. SNX itself is a native component.

Do you have plans to release any WAF (Web Application Firewall)solution in the future base on OWASP top 10?

Very soon. this is what was mentioned as "application security" in the cloudguard roadmap 

Is URL filtering SBA included in R81 SmartEndpoint- ON Premise?

Yes, it is managed through the endpoint web management available on premise from R81. This will ultimately replace SmartEndpoint with a more convenient & modern management.

Is the upgrade from R80 to R81 seamless? Or is it as involved as R77 to R80?

You can upgrade from R80.20 and up to R81. The upgrade process received many improvements to make sure it's much better than the experience from R77.x. These include a detailed upgrade report and improved robustness. If you are on R80.10 or earlier, you'll need to do an upgrade first to R80.20 or up (preferably to R80.40).

Is there Covid Security in the roadmap?

In many ways, yes. Obviously, not in the physical aspects, but with the anti-phishing and other various network and endpoint protections we offer, including VPN, can help protect you from COVID-related attacks. (Such as false emails, etc.). Our CloudGuard Connect is a cloud service that is built to answer this need. Customers can connect their branch offices and remote users (either clientless or using the soon to be released CGC client application) and get secure access and threat prevention to both the Internet and to their internal corporate assets.

Importing upgrade_export configuration in R81, do it still need to be from empty/fresh install as in r80?

It is “migrate server” command now. If you are talking about migrating between two versions, you do have to use the target migration tool to export file, and then import it to a clearly installed server. From R80.20, you no longer need to manually download the target migration tool. The new mechanism is auto-updatable so as long as you're online, just run the command and specify the target version as the parameter.

Can Smart-1 Cloud logs can be integrated to local SIEM?

Yes. You can configure the Log Exporter functionality with Smart-1 Cloud and specify your SIEM as a target. A couple of tips:

  1. Since we need to send the logs from the cloud to your local environment, you'll need to provide a public facing IP that we can send the logs to. This usually means static NAT or putting some forwarder in your DMZ.
  2. Currently, you need to ask TAC to configure it for you. Very soon, we plan to open up the UI to configure it independently."

Can we do Management High Availability between smart-1 625 and NGSM25 for openserver?

Management High Availability isn't dependent on the hardware. Just make sure that both machines are powerful enough for your environment and have the required licenses to manage your gateways.

Question for SD-WAN, For R81.10 we will see any Load Balancing product included into Infinity Architecture???

Referencing to SDWAN more generally... we continue to value best of breed and partner but also we are adding internal SDWAN capabilities (we started with policy based routing but we will get more serious). Additional functionality will be added in later releases.

7 Replies
JoSec
Collaborator

Will slides be provided. I would like to forward to management and they normally do not have time available to watch a webinar.

0 Kudos
PhoneBoy
Admin
Admin

For roadmap sessions, we usually do not distribute slides.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

     Congratulations to all the other winners
                                    and
all Checkmate users are winners in this community.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Iain_Keir1
Contributor

Are there any guides/information available on getting smart-1 cloud logs into an on-prem SIEM? e.g. Splunk

I understand the additional Log Exporter SKU needs to be purchased and then a case raised with TAC to configure the dst IP where the logs are to be forwarded but there is no info in the admin guides (https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-...) on how to get the (presumably encrypted) log stream into the SIEM.

Pre-requisites? Splunk apps? etc

Any help/ guidance would be greatly appreciated.

Iain
CISSP
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Hi Iain - To start please review sk122323: Log Exporter - Check Point Log Export 

CCSM R77/R80/ELITE
0 Kudos
Iain_Keir1
Contributor

Thanks @Chris_Atkinson - does this sk fully apply to Smart-1 cloud?

I guess I'll need to contact TAC to get the certificates generated for Splunk?

Iain
CISSP
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Correct, currently the configuration of Log Export for Smart-1 Cloud requires a ticket.

Refer: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-... 

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events