Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

What is your Check Point Idea of the Year?

As part of our First Birthday celebration, we are having an awards ceremony.

For awards, you need categories and voting!

Over the course of this week, we will share some of the categories and solicit nominations for said categories.

See the complete list of categories and voting instructions here: https://community.checkpoint.com/community/about-checkmates/blog/2018/05/08/checkmates-first-birthda... 

This category is about ideas that you wish Check Point would develop into a product/service offering, or improvements to existing ones.

I polled some folks inside Check Point that aren't in R&D and got plenty of suggestions.

Here are a few of them:

  • Cloud-based Endpoint Management
  • Automatic performance tuning based on hardware/policy configuration
  • Threat-hunting Platform

Now, it's your turn, CheckMates community: what's your Idea of the Year?

Please leave your suggestions below as comments.

A few disclaimers/notes:

  • There are no guarantees that any idea suggested will be developed, even the "Idea of the Year" Smiley Happy.
  • From the suggestions below, we will choose 3-5 ideas which will be put up for voting during the week of 14th May.
  • Preference will be given to ideas that come from customers and partners, though Employees are welcome to participate as well.
  • "Likes" and "discussion" around specific ideas will influence (but not wholly determine) the final list, so if you like something someone has suggested, let it be known!

Voting

Voting is now open for the above categories.

We will take your votes until 25th May 2018 @ 11:59pm Pacific Daylight Time. 

A vote will enter you into a raffle for a Check Point 1490 Appliance!

77 Replies
Nader_Assi__Old
Contributor

Be able to integrate the IPS blade with a 3rd party Vulnerability Scanner or a new/future "Check Point Vulnerability blade" that would scan the network/devices/servers. Then, it would provide a list a detected vulnerabilities and its associated IPS protections.

Daniel_Taney
Advisor

I was literally saying to a co-worker yesterday that Cisco is doing this now and it would be great if Check Point would adopt this functionality! 

R80 CCSA / CCSE
Moti
Admin
Admin

A nice idea , just thought you should be aware of the below use-case that leveraged the capability you described

Kicking off RSA 2018: Check Point’s integration with CloudPassage | Check Point Blog 

"Individually, Check Point and CloudPassage provide robust protections in their respective domains, but together the solutions do much more. Using RESTful APIs, CloudPassage Halo integrates with Check Point CloudGuard IaaS to share common vulnerability and exposure (CVE) lists about workloads, server configurations and other contextual data. These CVE lists are absorbed by Check Point to fine-tune the protection profiles of CloudGuard IaaS gateways. This tight integration dramatically reduces false positives, increases threat visibility and greatly improves the performance of the gateway, thus helping the cloud environment to perform better as well."

0 Kudos
Vladimir
Champion
Champion

Moti,

Integration with third party du jour is fine and all, but unless it is bought and integrated in CP, I'd be weary of expanding much effort on it.

Presently, CP has a lot of pieces of security puzzle all over the place, but unified solution it is not: choosing between Endpoint protection or Endpoint Sandblast (with later fully managed by older version of server), TE on 77.30, half of controls are in SmartDashboard, management functionality with some things only possible via CLI, WebUI, API, some via DBEDIT, some via SmartConsole and more yet via file edits, does not represent a cohesive product especially since not all logs could be aggregated in SmartEvent. Not to mention periodic browser compatibility issues that we encounter at least once a year.

There are now emerging endpoint, agent-based security solutions that are assisting in microsegmentation, perform vulnerability assessment and mitigation and are used for monitoring and enforcing security that are per-host/container, applications aware, and are centrally managed either via cloud, on-premises with integrated dashboards and are well suited for hybrid environments (i.e. Guardicore).

I'd like to see Check Point offering an end-point client with uniform capabilities across all platforms (licensing could be reflective of desired functionality), logging from everything to SmartEvent and  completely integrated with common management, monitoring and reporting.

Sal_Previtera
Contributor

Vladimir,

you have described it perfectly....

The hope is that we get some kind of cohesiveness and uniformity with some later releases...but time will tell.

0 Kudos
Vladimir
Champion
Champion

Pick any of these:

1. Cloud-based management. Expand on the "Demo Mode" with redundancy and dynamic capacity expansion for logging.

2. Objects only UI export/import functionality (with selector option).

3. Parser library for integration of 3rd party logs into SmartEvent.

4. Integration of 3rd party APIs with SmartEvent actions.

5. Implement all of the binary options (i.e. disabled or enabled) that are presently available only via CLI or DBedit into SmartConsole's object properties.

6. Remove maintenance charges for memory modules from the list, they looks ridiculous to anyone paying attention.

7. Make SmartEvent a basic component of the management server in addition to keeping it available as a separate license. Since removal of SmartReporter calling SmartEvent an "option" is not going over well with SMBs. Additionally, almost every security vendor now offering their "Dashboards" comparable with SmartView as standard.

8. Reintroduce Web Management portal functionality covering all policies. 

9. Get your marketing in order: that "X generation" and "Don't believe the hype" are awful and do nothing to attract new customers. absence from most of the categories in Gartner and NSS labs reports is detrimental. I am beginning to hear the question "what is Check Point". Take a look at cloud offerings by PAN and Fortinet: they are listed on top of AWS and Azure 3rd party security vendor solutions (AMIs, VMs).

10. Integrate CPUSE with SmartConsole. 

11. SD-WAN options for normal gateways/clusters, as well as a separate, cheaper licensed limited functionality objects and, possibly, cloud-based configurator but with logging and monitoring by both, cloud and SMS.

12. And this is a big one: please figure out upgrade and update mechanisms that do not look like Rube-Goldberg machine. Yes, CPUSE in a small environments is a step in the right direction, however it does not work for upgrades in the cloud, we are still figuring out the cluster upgrade sequences and in MDS environment it is actually not funny. In ideal scenario, your customers should right-click the object in the SmartConsole, irrespective of what it represents: gateway, cluster, VSX, SMS, SmartEvent server, MDS, Endpoint Management or vSEC and select "upgrade" or "update" and be done with it.

13. Integrate ICA management functionality in SmartConsole, as WebUI for it is a pain to even get to.

14. Permit installation of individual layers of the policy by dedicated administrators.

15. "migrate export" capabilities with scheduling configurable in SmartConsole (retention duration and scheduled transfer to remote repositories via SCP, SFTP).

16. Expanded log maintenance capabilities configurable in SmartConsole (retention duration and scheduled transfer to remote repositories via SCP, SFTP).

17. Rule acceleration status indicator in SmartConsole.

18. Add Users, (including those in AD) as a possible choice for source in "Suspicious Activity Rule" in SmartView Monitor.

Xavier_Koenig
Contributor

Any sort of "home lab" license or trial would be nice. I understand the need to protect IP, but a week long license makes it tough to learn new concepts and explore the product in-depth. Maybe even a discounted, somewhat restrictive version for existing customers? Many other vendors do this currently, as it helps grow their customer base and strengthen brand loyalty.

Vladimir
Champion
Champion

Xavier, there is now CheckMates Pro license that gives you a one year license, presumably renewable, so long as you contribute to the CheckMates for total of only 250 points.

Search this forum for "CheckMates Pro" and you'll get to it.

Greg_Dray
Participant

Definitely. Sophos do a free Home User license. Even if CP limited it by spec or number of connection/IPs or something, it would be great.

Emanuele_Baldon
Explorer

Firewall Cluster with different hardware 

Kim_Moberg
Advisor

Dameon Welch Abernathy would this be an issue when R80.20 have a new kernel support which would support more newer hardware specs?

Best Regards
Kim
0 Kudos
PhoneBoy
Admin
Admin

I think it will still be an issue in R80.20, but in the future? Who knows Smiley Happy

0 Kudos
Neil_ZInk
Collaborator

  1. GeoProtection ->  Block or redirect  vs just a blank page

    API for GeoProtection rules

    Export/import for GeoProtection objects

    Self-Help portal to see if port/IP is blocked

    Option on URL/Application blade to make specific rules to apply to  : URL, application, or both

Tal_Ben_Avraham
Employee
Employee

Hi Neil,

Can you elaborate on your last suggestion and the use case for it?

"Option on URL/Application blade to make specific rules to apply to  : URL, application, or both"

Thanks,

Tal

0 Kudos
Neil_ZInk
Collaborator

HTTPS inspection is off

  • I am aware how the application blade uses the Certificate and problems it arises from this.

HTTPS categorization is on

Use Case. Whitelist URL -> https://mypage.box.com

Simplified Rule Set

Any -> Internet -> “My Custom Category” -> Accept

Any -> Internet->outside storage -> Block

Custom URL -> mypage.box.com -> as “My Custom Category”

Custom URL -> mypage.app.box.com -> as “My Custom Category”

Current process.

URL blade will pass mypage.box.com

Application Blade will still block due to outside storage.

With latest revisions of software the process works about 80% of time for the Custom Application.

I would like to see once it hits this rule

Any -> Internet -> “My Custom Category” -> Accept

To bypass the Application Blade and the rest of the rule set

This also could be done by defining in the Category vs the Rule

0 Kudos
PhoneBoy
Admin
Admin

If you define something as a custom application and define your rulebase correctly, it should do what you're after.

If it's failing to detect your custom application (assuming it's just a URL), then we should probably have the TAC investigate.

0 Kudos
Neil_ZInk
Collaborator

It finds the Custom Application for URL then Fails on Application blade (two different processes)

TAC has already went thru the scenario. We had a custom HF for R77.30 and code was put into r80.10. unfortunately it only works some of the time

0 Kudos
PhoneBoy
Admin
Admin

I'll contact you privately to get some more details on this.

0 Kudos
Tomer_Sole
Mentor
Mentor

RickLin
Advisor
Advisor

CheckPoint Threat Prevention Policy or Profile have IPS AB AV TE TEX blades.

Able to add another Tag to describe or present which Blade log(s) is in APT Cyber Kill Chain which stage ?

Are able to link today AB log to link with IPS log that trigger before that belong the same one Cyber Kill Chain ?

No matter Management or Gateway Gaia memory management optimization.

Access Control Policy Rule Assistant( Both Order and InLine Layer, both Firewall and APCL/URLF Blade)

Kalyan_Addenki
Contributor

Check Point Threat Hunting Platform

- Enable Threat Hunting capability for both Sandblast Agent, Mobile & Network.
- Use the SmartEvent to provide the hunting capability across the organization network as it correlates & indexes all the logs in the environment.
- Provide a detailed dashboard view for top similar threats and the machines affected. I know there are some available in the security check-up report but no dynamic view.
- Collect & correlate all the sandblast forensic logs from the agents, mobile centrally on the SmartEvent server and present it on dynamic view for detailed investigation.
- Integrate with Cloud IoCs with the internal threat posture to categorize the risk of the organization.
- Provide some level of automation capability to either enable remediation or isolation process to all/selected machines affected with a threat.

Aidan_Luby1
Participant

  1. Geoprotection rules for specific services/destinations/sources, or the ability to add geoprotection to rules in the firewall rulebase as a drop option/inline rule. (ie. Only allow RDP from this country)
  2. Ability for EndPoint Security products to update the rulebase of the perimeter firewall they're behind. (ie. Block a source that's attempting to attack multiple pc's from outside the network)
  3. Ability for EndPoint security products to notify you if certain IPS protections or other changes should be made on the perimeter firewall
  4. Specify a source, destination or service to send via the fast path easily. (ie. VOIP SIP Traffic)
  5. Show hits on NAT rules for optimization
  6. Show hits on https policy rules
  7. A logo that looks more professional, not like someone's kid's drawing
  8. CPMerge for a gateway moving from R77.30 to R80 (Having to manually migrate a policy from a standalone 2200 to a SMS was VERY time consuming even for a small rulebase)
  9. Ability to import Smartdashboard objects from R77.30 to R80.10. I exported 70 .ckp network objects in R77.30 but couldn't actually import them into R80.10
  10. More consistent documentation or a tool for helping optimize the rulebase for SecureXL. After a reboot my fwaccel stats -s is about 60% for securexl connections, a week or two after it's around about 8%. TAC told me to just start disabling IPS inspections until it's better, but couldn't indicate which ones are actually problematic.

It's possible some of these exist already 

AlekseiShelepov
Advisor

7. A logo that looks more professional, not like someone's kid's drawing

Don't know what you mean. It looks like a perfectly normal logo for a serious network security company. Maybe just change blue color to gray, to be more synched with the look of hardware. And maybe just a bit more pink color.

 

XBensemhoun
Employee
Employee

Yep ! Don't touch to the logo nor the color!

And they have already changed from "we secure the internet" to "We secure the future"

Information Security enthusiast, CISSP, CCSP
0 Kudos
Daniel_Taney
Advisor

I was also going to suggest improvements to allow more granularity in the Geo protection policy. I like the idea of it being an element in the rule base. Since it was de-coupled from IPS in R80.10, it seems like this would be a good place for the feature to go. It would allow for greater granularity and control instead of a very binary "block" or "allow" decision. 

R80 CCSA / CCSE
Tal_Ben_Avraham
Employee
Employee

Geo as part of access policy is available as part of R80.20 

Jim_Stergiou
Participant

Add the ability to fetch IOCs (IPs, domains, hashes) directly from the Management Server using a URL and push them to the Security Gateways without the requirement of a policy push, similar to how AV and AB signatures get updated.

Sal_Previtera
Contributor

Move SmartDashboard or (Smart-anything) away from Windows, here is a NON-Windows based security solutions but I need windows to managed it...come on, it is time.

Maybe a simpler solution would be  having all those "Smart-Anything",  running directly from Management servers itself, we need to be able to manage it from anywhere without loading Windows or Java based applications.

Mully
Participant

-Instead of only having a block on specific countries in Geo IP.  Have a permit rule such as I only want US and Canadian ip's to connect via my VPN service, my OWA, or SFTP service.  This would certainly be useful in the next version of Checkpoint.

-Snort rules import in Checkpoint R80.10 or a way to create new threat rules easily in the interface.  Import a packet and write a rule with specific RegEx detection such as User-Agent.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events