Checkpoint vSEC for Amazon Web Services
Extends advanced threat prevention security to protect customer data and services in Amazon’s cloud

Check Point vSEC for Amazon Web Services (AWS) extends advanced threat prevention security to protect customer data and services in Amazon’s cloud while enabling secure connectivity across your cloud and on-premises environments. As an AWS Security Competency partner, vSEC compliments cloud security controls to enable you to easily and seamlessly secure your assets in the cloud with elastic scalability and high availability by integrating with AWS infrastructure services.

Comprehensive threat prevention for your Amazon cloud

• Safeguard data and assets in AWS public cloud
• Securely connect enterprise and mobile users
• Advanced protection against sophisticated malware and zero-day attacks
• Auto-scaling security and high availability

Easily extend security to your Amazon cloud

• Available in the AWS Marketplace with hourly on-demand (PAYG) and Bring Your Own License (BYOL) options
• Rapid, one-click deployment
• Tailor security protections to your specific business needs

Unified management of public cloud and hybrid environments

• Single pane-of-glass management
• Consistent policy and threat visibility across public and private cloud infrastructures
• Security management, logging and reporting leveraging AWS defined objects
• Simplify compliance reporting for on-premise and cloud assets

Features

Advanced Threat Prevention Security

Check Point vSEC for AWS delivers comprehensive security protections to safeguard your cloud applications and data including:

• Firewall, IPS, Antivirus and Anti-Bot protect services in the public cloud from unauthorized access and attacks.
• Application Control prevents application layer denial of service attacks and protects your cloud services.
• IPsec VPN provides secure communication into cloud resources.
• Mobile Access allows mobile users to connect to the cloud using an SSL encrypted connection with two factor authentication and device pairing.
• Data Loss Prevention protects sensitive data from theft or unintentional loss.
• SandBlast Zero-Day Protection provides the most comprehensive protection against malware and zero-day attacks.

Two-Step Deployment Process

Check Point vSEC for AWS is easily deployed by clicking on the AWS Marketplace link and then enabling relevant Software Blade protections in the Amazon cloud for securing your public cloud assets.

Centralized Management for Cloud and On-Premise Infrastructure

Check Point vSEC for AWS is managed using your existing on-premise Check Point Unified Security Management Solutions. A consistent security policy is enforced for corporate assets across both your Amazon cloud and on-premise infrastructures from a single console.

Dynamic and Automated Policy

Check Point vSEC supports dynamic security policies that leverage AWS defined-objects to automatically adjust security to changes in a dynamic cloud environment.

Consolidated Logs and Reporting for Hybrid Cloud Environments

Check Point vSEC for AWS consolidates threat visibility and enforcement across your cloud and on-premise infrastructures. vSEC for AWS improves visibility, logging, forensics and reporting by leveraging AWS-defined objects. Unified logs and reporting simplify compliance and audits.

AWS CloudFormation Template for Easy Virtual Appliance Setup

Check Point vSEC for Amazon Web Services can be quickly deployed and provisioned using the AWS CloudFormation template.

Simply go to the AWS CloudFormation web console, provide this URL template and you are ready to go.

Auto-Scaling Security and AWS High Availability Zones

Check Point vSEC can be deployed for business-critical use cases that demand high availability by leveraging support for multiple Availability Zones and integration with AWS Elastic Load Balancers and CloudWatch. The powerful auto-scaling capability allows security to grow elastically with the changing capacity requirements of a dynamic business environment.

Specifications

Supported Releases	R75, R75.40, R77.10, R77.30
Supported Cloud Platform	Amazon VPC
License Model	Pay As You Go (PAYG), Bring Your Own License (BYOL)

Performance

Compute Instance Type / Test Case	c4.large (2 virtual core)	c4.xlarge (4 virtual core)	c4.2xlarge (8 virtual core)	c4.4xlarge (16 virtual core)	c4.8xlarge (36 virtual core)
Max bandwidth allocated to instance	500 Mbps	750 Mbps	1000 Mbps	2000 Mbps	4000 Mbps
Firewall + IPS	300 Mbps	500 Mbps	1000 Mbps	2000 Mbps	4000** Mbps
NGFW (Firewall + IPS + Application Control)	300 Mbps	500 Mbps	1000 Mbps	2000 Mbps	4000** Mbps
NGTP (Firewall + IPS + Application Control + URL Filter + Anti-Virus + Anti-Bot)	200 Mbps	400 Mbps	600 Mbps	1000 Mbps	1600** Mbps
Notes	** Estimate (conservative) - Performance can be limited by the network bandwidth allocated by AWS to the VM - Test environment uses Check Point real world blend and vSEC for AWS Gateway R77.30

הערות תמחור:

• שימו לב: כל המחירים באתר כוללים מע"מ.
• החיוב יבוצע על פי שער "העברות והמחאות מכירה" של המטבע (דולר אמריקאי) ביום אישור ההזמנה.
• מחירי המוצרים וזמינותם כפופים לשינויים ללא הודעה מוקדמת.
• vSEC VE Gateway is licensed by the number of virtual cores (vcores) assigned to the virtual machine running it
• This license supports vSEC VE Gateways running on VMware´s ESX/ESXi/vCloud Air, Microsoft Azure/Hyper-V, Amazon´s AWS and KVM
• Check Point vSEC VE Gateway license is pool based :
  • You can add additional licenses to the pool
  • The license pool is deployed on Check Point management server and will be automatically assigned to vSEC VE gateways
• Renewal:
  • The license is composed of a perpetual software license and services renewal license
  • The renewal subscription license should match the number of cores in the perpetual license
• Software Blades :
  • Regardless of the numbers of vcores allocated, every VE Gateway provides – local management license for up to 2 gateways – 5 mobile access users – Customer can purchase addition software blades and deploy them on specific vSEC VE Gateways
  • For NGTX license: NGTX cloud inspection quota is 10k files/vcore/month