Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MtxMan
Contributor

Best Practice Guidelines for Security gateway

Hi Checkmates,

My new customer annually will conduct hardening or best practice configuration for each security product. Just digging to Check Point admin guide and sk related to this guidelines but not found anything.

They give me a some example like palo alto use best practice assessment to help customer hardening or guidelines for the palo firewall.. how about Check Point? Does anyone has some idea or information about my question? Thanks!

0 Kudos
9 Replies
MtxMan
Contributor

how about best practice configuration tools? is there any tools from Check Point to help and enhance customer current configuration such as best practice configuration for IPS, AV, or redundancy policy and NAT?

0 Kudos
Chris_Atkinson
Employee Employee
Employee

There are the CIS benchmarks published by the community also the Compliance Blade might be helpful to you here.

https://community.checkpoint.com/t5/Compliance/CIS-Benchmarks/td-p/134755

Andy has provided some links to previous discussion regarding similar.

CCSM R77/R80/ELITE
0 Kudos
MtxMan
Contributor

yes i already talked with customer to use Compliance Blade but they said some competitor giving them for free like bpa by paloalto. is there any tools from Check Point to help and enhance customer current configuration such as best practice configuration for IPS, AV, or redundancy policy and NAT?

Chris_Atkinson
Employee Employee
Employee

AV & IPS should be tailored to the configuration of the assets that you are protecting, this will be different between environments.

Comparing BPA to Compliance Blade isn't really useful/accurate. In any case if they simply wish to try it (Compliance) there are evaluation licenses. 

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend

Personally, while compliance blade is nice to have, I dont find you get a lot of value out of it. It tells you what 100% of what IT people already know...dont use any for services, use urlf and app layer, anti spoofing prevent, things like that. I have a feeling that if you were to follow everything compliance blade report tells you, your rule base would be locked down to the point where it would be almost not sustainable.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Appreciate the spirit of this feedback but of course you aren't meant to turn on everything Compliance blade has since not all industries conform to the same regulatory & compliance standards etc.

The idea is you enable what is relevant to you and it helps keep you on track or improve.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend

Of course, I get what you are saying. I had one client try it and while they did like the blade, they definitely expected more out of it.

0 Kudos
_Val_
Admin
Admin

Compliance Blade is free for the first year.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events