Unveiling the Power of Compliance Blade: Video, Sl...

CheckMates Fest 2025!
Join the Biggest Event of the Year!

Simplifying Zero Trust Security
with Infinity Identity!

Watch Now

Zero Trust Implementation
Help us with the Short-Term Roadmap

Take the Survey

CheckMates Go:
Recently on CheckMates

LISTEN NOW

Create a Post

Slides are below the Q&A, which is below the session video.

(view in My Videos)

Where are new Compliance Frameworks made available?

In the CheckMates Toolbox in the Compliance section.

Are Inline Layers supported?

Not presently and won't be supported in R82 either. This is in the roadmap.

How about checking if a host object complies with a requirement for a specific network object? Or usage of Zone objects?

We are working on a Policy Advisor that will be included with the Compliance Blade, target release is end of 2024.

How does this relate to Endpoint Compliance or CSPM? Will these be integrated for a "single pane of glass" view?

These offerings are currently separate as they are focused on their specific product(s). The roadmap to merge/unify these offerings has not been finalized. If you have specific requirements in this area, it is best to discuss them with your local Check Point office.

Will you incorporate a way for listing risky rules in a single policy / gateway rather than showing risks by rule on one or multiple gateways/policies? i.e. the viewpoint should be policy-focused on all risks rather than one risk all policies.

Not currently in the roadmap. Recommend discussing this requirement in the context of an RFE with your local Check Point office.

What about Quantum Spark appliances?

R82 will add support for compliance checking on centrally-managed Quantum Spark appliances (with Smart-1). Locally managed Quantum Spark appliances are not supported.

Will Compliance Blade work with the AI assistant that provides us suggestions?

Policy Advisor will be AI-enabled.

Is it possible to create our won best practice and use it at the same time as the "pre defined"/"standard" best practices?

Yes. You can create your one best practive for FW and GAiA. you can also create your own framework using CP Best Practices and the custom best practice that you create.

I cannot see any API references to the Compliance Blade. Can any of the functions be utilized via API today?

Not at present.

Can we make Compliance blade merge the results from hcp and PRO support (both run their own best practice checks)? To have all results in one place? Maybe infinity portal?

Not at present, but we will investigate this.

Can we run BP for all members in a Maestro security group? Or are we limited to the SMO?

Yes absolutely. Compliance will check each Member.

When having both Compliance and SmartEvent enabled on a Management server, is it recommended to e.g. offload the logging to a dedicated server to reduce the pressure on the management server?

Depends on the size of the environment being managed and number of logs ingested. Your Check Point SE should be able to help you size the environment accordingkly.

Is it possible to ignore a best practice to only a security gateway cluster or rule?

Yes absolutely.

2592 KB

0 Replies