Monday, October 31, 2011

Check Point to reinforce GRC with a new acquisition

Check Point has just issues a press release about acquiring Dynasec Ltd., provider of Governance, Risk Management and Compliance (GRC) solutions, more known as easy2comply.

Dynasec Ltd is Israeli based privately owned company. Looking on their products' UIs, I could say it is quite close to Check Point vision and user experience.


 It looks like the usual players on this field, Tufin and Algosec will be challenged soon when it comes to Check Point GRC related tasks.

Friday, October 28, 2011

Impressive demo of 61000 in Paris

Tuesday this week I was lucky to attend Check Point road show dedicated to the new 61000 series appliance.



I has been genuinely impressed by the box.

New chassis are designed and manufactured in Israel by a company which name is not disclosed. Chassis includes 2 Security Switch Module (SSM) blades and up to 12 SGM blades - Security Gateway Modules. Each SGM is equivalent to 11000 series appliance.

Chassis has 3 power supplies and two management modules. Two chassis can run in an HA cluster.

It does not matter how many SGMs you have in your system, one or twelve. You define just one gateway object in SmartDashboard for the whole chassis.

If you start with a couple of blades, you do not need to change configuration to add more. Just plug in your new SGM, and it will be automatically populated and added to the system to share the load with others.

Performance ability is just amazing. We have performed live stress tests with for Spirent Avalanche boxes:



We could barely reach around 50% CPU usage with firewall rules, logs and IPS set to recommended protections. Spirent was not powerful enough to push the box further!!!

Load sharing on this chassis is another great thing. SSM shares the load between SGMs by creating flows. Each flow is defined by IP addresses and/or SPIs. Service ports can be added to this logic, if required. There is a new technology, SyncXL to provide redundancy between SGMs in case of failure.

Once more, from management perspective this is not a cluster. Sync and load sharing are all taken care by the appliance internally. Sync communications are performed on chassis backbone, no user intervention is required to configure it.

There are some limitations, like VSX not being supported for the moment. But guys, even considering all downsides, this is most probably the best and most performant security appliance in the world.

Well done, Check Point, really well done!

Thursday, October 27, 2011

CPUG materials are posted online

I am getting regular requests to share my presentations from CPUG conferences.

Thanks to Barry, all the materials from CPUG Europe from 2008 till today are available now online here.



Enjoy, everybody!

Tuesday, October 11, 2011

Hello, Check Point training revolution!

So guys, it's just happened.

With official launch of R75 CCSA course and availability of so-called training blades Check Point has finished reforming the whole training and certification mechanism.

You can get the full details on CP education page, or just see the latest Check Point training newsletter here.

The key points are:


  • Both CCSA and CCSE official training courses are now three, not five, days only.
  • All update courses, both new and old "acceleration" ones are now called Training blades.
  • Core certification (CCSA/E) benefits are valid for two years only.
  • To extend R7x certification benefits for one more year must take two additional training blades.


This scheme may cause some business issues for ATCs, and all training blades for R7x are now directly available from Check Point.

There are only two blades published fro the moment, Application Control and DLP, some others to follow.

Each blade contains 1 hour web-based training, 6 hours of labs and costs $245 only. Web based certification exam is included.

Important: CCSA/E R75 exams are not yet available.

Wednesday, October 5, 2011

CCSA R75 materials are available for ATC partners

Check Point has started distributing R75 CCSA instructor kits and other training materials to ATC partners. This  means CCSA R75 official training will soon be available publicly.

There are no news about CCSA R75 certification exam just yet.